syrupUSDC (cross-chain) technical analysis

Summary

Following the proposal for listing syrupUSDC on Base, we examined the Maple Team’s implementation of the cross-chain asset.

This is a technical analysis of all the smart contracts of the syrupUSDC on Base and main bridge dependencies.

Disclosure: This is not an exhaustive security review of the asset like the ones done by the Maple team, but an analysis from an Aave technical service provider on different aspects we consider critical to review before a new type of listing.

Analysis

The extensive SyrupUSDC evaluation on Ethereum is available here. On Base, SyrupUSDC is a cross-chain asset bridged from Ethereum via Chainlink’s CCIP infrastructure, which shares the same architecture as the cross-chain syrupUSDT on Plasma, already listed on Aave.

syrupusdc-analysis1816×677 63.7 KB

General points

• The syrupUSDC contract uses the standard Chainlink’s CCIP contracts for lock/release on Ethereum and mint/burn on Base.
• It relies on two non-upgradable contracts controlled by the Maple’s timelock and Chainlink’s RBACTimelock.
• For access control, it uses OZ role-based.

Contracts

The following is a non-exhaustive overview of the main smart contracts involved with syrupUSDC on Base:

syrupusdc-contracts2312×244 62.8 KB

SyrupUSDC

It represents the cross-chain syrupUSDC token, which extends standard minting and burning functionality through role-based access control.

Permission Owner	functions	Criticality	Risk
ADMIN_ROLE: 3-day Timelock	setCCIPAdmin, grantRole	HIGH
MINTER_ROLE: TokenPool	mint	HIGH
BURNER_ROLE: TokenPool	burn, burnFrom	HIGH

• Access Control
  • The ADMIN_ROLE can set the s_ccipAdmin via the setCCIPAdmin(address) method. It’s important to mention that the s_ccipAdmin doesn’t have any special access control within the system.
• Minting and Burning
  • The TokenPool controls the minting and burning of syrupUSDC through the mint(to, amount) , burn(amount), burnFrom(from, amount) functions.

TokenPool

The TokenPool contract manages cross-chain token activities through CCIP’s router contract, enabling the minting and burning of syrupUSDC. It manages token decimals across various chains, enforces rate limiting, and employs role-based access control.

Base: TokenPool

Permission Owner	functions	Criticality	Risk
owner: RBACTimelock	setRouter, addRemotePool, removeRemotePool, applyChainUpdates, setRateLimitAdmin, applyAllowListUpdates	HIGH

Mainnet: TokenPool

Permission Owner	functions	Criticality	Risk
owner: RBACTimelock	setRouter, addRemotePool, removeRemotePool, applyChainUpdates, setRateLimitAdmin, applyAllowListUpdates, transferLiquidity	HIGH

• Access Control

  • The RBACTimelock can configure the cross-chain between new chains through the addRemotePool(), removeRemotePool(), and applyChainUpdates() functions. It can also configure the allowlist via the applyAllowListUpdates() and set a rate limiter contract by calling the setRateLimitAdmin() method.

  • The liquidity locked in a previous TokenPool can be migrated to the new (current) TokenPool via the transferLiquidity(amount) function.

• Bridging

  • For cross-chain syrupUSDC from Mainnet to Base, the call is initiated through the router.ccipSend(destChain, message) function. The syrupUSDC is locked in the TokenPool contract and then forwarded via the evmOnRap.forwardFromRouter(destChain, message) method.

  • To send it back to the mainnet, it uses the same process via the router by calling the ccipSend(destChain, message) function. The token amount is burned on Base by the TokenPool, and the message is forwarded to the mainnet via the offRamp. executeSingleMessage(msg), where the TokenPool contract receives a releaseOrMint(releaseOrMintIn) call and transfers the syrupUSDC to the user.

Pricing strategy

We recommend pricing syrupUSDC with a CAPO Adapter using the syrupUSDC/USDC exchange rate along with the Capped USDC/USD Price feed.

Miscellaneous

• The security reviews of the CCIP contracts’ infrastructure used in syrupUSDC are available here.

Conclusion

We believe syrupUSDC has no issues with Aave integration and no major blockers for listing.