Sperax - USDs
Summary
USDs is a stablecoin that automatically generates yield for end-users, eliminating the need for them to stake their tokens or actively claim their yield. Users can mint USDs by supplying whitelisted collateral. Later, they have the option to use their USDs to redeem their chosen collateral. Users can choose to opt out of the auto-yield rebasing mechanism. To generate yield, the collateral is invested in liquidity pools across various protocols, including Aave, Compound, and Stargate. Half of the yield is allocated to pay auto-yield to USDs holders, while the other half funds SPA buybacks. The Sperax team maintains a clean, well-structured, and documented codebase. The overall quality of the code meets industry standards. During this security assessment, we identified three high-severity and three medium-severity findings. All high-severity findings were related to Oracle integrations. The medium-severity findings were primarily discovered in edge cases of the protocol design, which could impact the protocol under specific circumstances. However, the risk posed by these medium-severity findings is still high. During the fix phase, the Sperax team also identified one high-severity (SPE-4) and one informational-severity (SPE-29) findings. The USDs token follows the ERC20 interface, but its underlying logic is complex and non-standard. Our review of the USDs rebasing mechanisms revealed no major security concerns. However, it's important to recognize that changes in any of the components USDs relies on could alter the current security model, potentially introducing new vulnerabilities. Additionally, we identified 20 low-severity findings that warrant attention. Addressing these would strengthen the protocol and help mitigate future security risks.
Issues (32)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 13 | 2 | 1 | - | 16 |
Fixed | 12 | 1 | 3 | - | 16 |
| Total | 25 | 3 | 4 | 0 | 32 |