Ethereum Reserve Dollar (ERD)
Summary
**Initial report**: Quantstamp performed an audit for the contracts behind Ethereum Reserve Dollar (ERD) based on the code present in the linked repository. The contracts within this repository form the basis for a protocol that issues a stablecoin (USD-pegged asset) called USDE. Users issue USDE by opening and adjusting troves, where they must deposit a certain quantity of collateral in ETH and/or liquid staking derivatives (LSDs). Holders of USDE may choose to redeem the stablecoin for the backing collateral, paying a redemption fee in the process. There is also a liquidation mechanism present which aims to ensure that there is always enough collateral backing the USDE. A trove sorting mechanism has been implemented in an attempt to increase the efficiency of liquidations and redemptions. Notably, ERD is a fork of Liquity, and has added a number of distinct features. The most noticeable new features include compounding variable interest rate on loans and multiple collateral type support. We were able to identify numerous areas of focus, including: 1. Correct variable interest rate accrual; 1. Verification of trove sorting mechanism and its impact on redemptions and liquidations; 1. Tokenization of collateral and the impacts of transferring the token; 1. Economic considerations; and many more. During the course of the audit, we were able to identify six high severity issues. Among them, perhaps the most concerning from the perspective of likelihood and impact is ERD-6, wherein MEV is generated by liquidations, leading to a flash loan attack. ERD-5 is also very concerning as borrowers will have to essentially forego stETH rebasing rewards in order to participate in ERD. Writing further tests is also warranted—the test suite should especially contain more tests concerning the variable interest rate accrual mechanism. Integration testing is also well-warranted for a protocol of this size. We recommend that the client address and/or consider all the findings included in this report. **Update 1**: All the issues have been addressed. However, we disagree with the client on a number of issues. Most notably, these are ERD-4 and ERD-7. We are also concerned with the testing situation, as most tests appear not to be working. **Update 2**: The available tests are no longer failing.
Issues (33)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 10 | 9 | 5 | - | 24 |
Fixed | 5 | 2 | 2 | - | 9 |
| Total | 15 | 11 | 7 | 0 | 33 |