PumpBTC
Summary
PumpBTC enables users to stake wrapped Bitcoin tokens on Ethereum (e.g. WBTC) and Binance Smart Chain (e.g. BTCB) networks and receive PumpBTC tokens in return. These tokens represent the underlying wrapped Bitcoin and accrue rewards based on the duration of ownership. The PumpBTC team manually exchanges wrapped BTC for BTC daily and deposits it into Babylon. The assets are either held in custody in the EVM contract `PumpStaking` (as wrapped BTC) or in Babylon (as native BTC). While PumpBTC allows staking permissionlessly on-chain, the unstaking and reward mechanisms are managed by the PumpBTC team. This centralization requires users to trust the team to provide sufficient liquidity when unstaking because the funds are split between Babylon and the EVM contracts. Additionally, the Babylon reward distribution and point distribution in PumpBTC are off-chain processes managed by the PumpBTC team. Therefore, users need to rely on the team to accurately calculate points and distribute rewards correctly. The audit uncovered 2 findings and 7 auditor suggestions for code improvement. Our primary concern with the protocol is the security risks associated with the depegging of staked assets (PUMP-1). Users receive PumpBTC by staking underlying assets (e.g., WBTC) into the `PumpStaking`, and can unstake at a 1:1 conversion rate for other wrapped BTC supported by the protocol. Since this is a design decision, we recommend that the client closely monitor the staked assets and respond promptly to any depeg events of the underlying assets, pausing the affected contracts or updating the fee configurations accordingly (PUMP-2). **Fix Review**: The PumpBTC team has fixed or acknowledged all issues and suggestions in this report.
Issues (2)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 2 | - | - | - | 2 |
Fixed | - | - | - | - | 0 |
| Total | 2 | 0 | 0 | 0 | 2 |