Summary
We support the onboarding of USDS and sUSDS on the Aave platform. Being a day-1 partner marks a new epoch in the collaboration between Aave and Maker. The verifiable information available and Maker’s track record are sufficient to establish conservative parameters that could be quickly expanded upon as these markets evolve. We published an initial brief of this transition.
Here are the highlights of our assessment:
- Maker ecosystem transitioning from DAI to USDS as part of the Endgame plan, while DAI remains immutable.
- USDS obtainable by upgrading DAI or converting USDC (1:1), with holders earning SKY token rewards (600M annually) and benefiting from Savings Rate.
- SKY: new governance token, upgradeable from MKR (24,000 SKY per MKR).
- Sky.money: primary gateway to Sky Ecosystem, launching on September 18, 2024, with Skybase International managing legal, technical, and marketing aspects.
- USDS mintable on Spark.fi with various crypto collaterals, 700M SPK rewards allocated; Spark Star plays a significant role in the Sky Ecosystem.
- Activation campaign (August 20 - September 18, 2024) subject to legal terms, excludes US, UK, and prohibited jurisdictions, prohibits VPNs and anonymization; rewards claimable until December 30, 2024.
- Expected PSM migration: 1.4B USDC liquidity, 6% estimated yield.
- Smart Contracts:
- DAI USDS Converter: 1:1 swaps between DAI and USDS with zero fees, no mutable fee mechanisms.
- sUSDS: yield-bearing USDS deposits, guided by flexible Savings USDS Rate (SSR), ERC-20, ERC-4626, and ERC-2612 compliant, upgradeable, no external oracle, future freeze function for global scalability over a multi-month to multi-year timeline.
- Bug bounty program via ImmuneFi, rewards from $1,000 to $10 million based on vulnerability severity.
- ChainSecurity audit: no major vulnerabilities found, one low-severity issue resolved.
We have reviewed the parameters proposed by @ChaosLabs and support their implementation, especially considering the detailed rationale provided in light of the lack of historical data for these new assets. Key decisions include setting a higher liquidation bonus and temporarily utilizing the existing DAI/USD market feed and exchange rate oracle for sUSDS. We will monitor these new assets closely and provide update as needed.
Supplement to our initial brief
Smart Contract Risk
USDS
Contract: 0x1923DfeE706A8E78157416C29cBCCFDe7cdF4102
The contract uses the UUPS (Universal Upgradeable Proxy Standard) pattern to enable upgradeability. Only authorized admins (wards[address] == 1
) can:
- Grant or revoke admin rights (
rely
,deny
) - Authorize upgrades (
_authorizeUpgrade
) - Update contract parameters, e.g., Savings Rate (
file
)
getImplementation
allows anyone to check the current implementation.
The contract implements key standards:
- ERC-20: Standard token functionality (
totalSupply
,balanceOf
,transfer
,transferFrom
) - ERC-4626: Tokenized shares of an underlying asset (USDS) that accrues yield over time (
deposit
,mint
,withdraw
,redeem
,convertToShares
,convertToAsset
) - ERC-2612: Permit functionality for approvals via signatures (EIP-712), saving gas
The drip
function updates the rate accumulator (chi) based on the USDS Savings Rate (ssr), determining the savings balance growth over time. It ensures chi only updates when time has passed since the last update (rho).
DAI USDS Converter
Contract: 0x3225737a9Bbb6473CB4a45b7244ACa2BeFdB276A
DAI USDS Converter allows for 1:1 swaps between DAI and USDS through two main functions (daiToUsds
and usdsToDai
).
It relies on external Join
contracts for DAI and USDS, which handle deposits and withdrawals of tokens.
Only the user who initiates a transaction (e.g., calling daiToUsds
or usdsToDai
) needs to approve token transfers. The Converter ensures that only the specified user (usr
) receives the tokens after the swap.
The conversion is performed without any deductions or fees. Since fees are not implemented, and there are no mutable state variables related to fees, no one can further set or change the fees.
Savings USDS
Contract: 0xa3931d71877C0E7a3148CB7Eb4463524FEc27fbD
sUSDS represents a savings version of the USDS stablecoin, where users can deposit USDS tokens to earn yield based on the Savings USDS Rate (SSR). The contract is designed to handle deposits, withdrawals, and savings interest accrual leveraging VatLike
, UsdsJoinLike
, and UsdsLike
for core interactions with the USDS system.
ERC-20 and ERC-4626 standards are followed, with additional upgradability implementation through inheritance from OpenZeppelin’s UUPSUpgradeable. This ensures that the contract can be upgraded without disrupting the existing state.
SSR rate determines the yield for depositors. It can be changed by authorized users (admins) through the file
function, which sets a new SSR. While the contract imposes no explicit fee for deposits or withdrawals, the yield earned by users is directly influenced by the SSR, which is adjustable by the admins.
Bug Bounty Program
The program follows the rules prescribed by MakerDAO and is available on ImmuneFi Bug Bounty Portal. Rewards start from $1,000 for low-level bugs and grade up to $10,000,000, calculated as 10% of the funds directly affected, with a minimum reward of $150,000 for critical bugs reported.
Smart Contract Audits
ChainSecurity has assessed USDS codebase. The audit identified one low-severity finding related to a specification change. No critical, high, or medium-severity findings were reported.
The only finding resolved was a low-severity issue regarding outdated information in the README about wards of USDS. There is a note that the DaiNst converter can be paused if DaiJoin is paused, though this does not apply to the current deployment.
Access Control Risk
sUSDS contract uses wards
mapping for access control. Admins (addresses in wards with a value of 1) have special privileges:
• Adding or removing other admins (rely
and deny
).
• Setting contract parameters, like the USDS Savings Rate (SSR) via file
.
• Upgrading the contract (_authorizeUpgrade
).
Disclaimer
This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the Sky protocol and did not receive any compensation from Sky for this assessment.
The information provided should not be construed as legal, financial, tax, or professional advice.