MakerDAO – G-UNI LP Oracle Security Audit

Download Audit Report
Summary

GUniLPOracle is a specialized oracle in the Maker ecosystem that provides prices for the LP (liquidity provider) shares of GUNI pools. It determines the price of a GUni token based on the underlying tokens held in the UniswapV3 position at the current market rate of these tokens as returned by Maker oracle. GUNI works on top of Uniswap and serves as a generic wrapper of Uniswap V3 positions into ERC20 tokens with the goal to provide more flexibility to end-users that deposit or withdraw liquidity into Uniswap V3 pools.

 On a high level, Uniswap V3 aims to utilize more efficiently the pool liquidity by allowing the LPs to choose the price range (lowerTick and upperTick) where their liquidity is made available. The rewards for an LP depend mostly on the trade volume on the price range that the liquidity has been allocated. This makes Uniswap V3 positions non-fungible. On the other side, GUNI is a module managed by Gelato Networks that tries to abstract the internals of the Uniswap V3 to end-users (LPs) and maximize their profits by allocating the liquidity continuously into optimal price ranges and investing the earned fees. In this setup, the LPs provide the liquidity into the GUNI pools, which deposit the liquidity into the Uniswap V3 and then mints the respective wrapped ERC20 tokens for the LP. Note that, the minted tokens (shares) by GUNI represent a position in the Uniswap V3 pool, however, such tokens are typical ERC20 tokens, hence fungible (while Uniswap V3 positions are non-fungible).

The goal of GUniLPOracle is to price the LP shares of GUNI pools according to the value of the position they represent in the Uniswap V3 pool. To achieve this goal the GUniLPOracle interacts with other oracles in the Maker ecosystem that provide price information for the related tokens and the respective GUNI pool. For this to work, the GUNI should provide a function getUnderlyingBalancesAtPrice(uint160 sqrtPriceX96), which forwards the call to the function LiquidityAmounts.getAmountsForLiquidity(). The core logic of the price calculation in GUniLPOracle is implemented in the function seek(). Similarly to other oracles of Maker, GUniLPOracle operates with two Feed variables cur and nxt which store the current price and the queued price respectively. The prices propagate through the system with 1 hour delay, therefore allowing wards to take measures in case the queued price nxt is set to an incorrect value.

About MakerDAO – G-UNI LP Oracle

“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”

(Source: https://awesome.makerdao.com/#beginner-guides)

It was a pleasure working alongside ChainSecurity throughout the audit of our smart contracts and oracles. They maintained clear and direct dialogue with us, and an attention to detail that covered all bases. We look forward to working with them on future solutions to help grow the adoption of DAI.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)