Size audit details

• Total Prize Pool: $200,000 in USDC
  • HM awards: $168,000 in USDC
  • QA awards: $6,500 in USDC
  • Judge awards: $15,000 in USDC
  • Validator awards: $10,000 in USDC
  • Scout awards: $500 in USDC
• Join C4 Discord to register
• Submit findings using the C4 form
• Read our guidelines for more details
• Starts June 10, 2024 20:00 UTC
• Ends July 2, 2024 20:00 UTC

Publicly Known Issues

Note for C4 wardens: Anything included in this Publicly Known Issues section is considered a publicly known issue and is ineligible for awards.

• The protocol currently supports only a single market (USDC/ETH for borrow/collateral tokens)
• The protocol does not support rebasing/fee-on-transfer tokens
• The protocol does not support tokens with different decimals than the current market
• The protocol only supports tokens compliant with the IERC20Metadata interface
• The protocol only supports pre-vetted tokens
• The protocol owner, KEEPER_ROLE, PAUSER_ROLE, and BORROW_RATE_UPDATER_ROLE are trusted
• The protocol does not have any fallback oracles.
• Price feeds must be redeployed and updated in case any Chainlink configuration changes (stale price timeouts, decimals, etc)
• In case Chainlink reports a wrong price, the protocol state cannot be guaranteed. This may cause incorrect liquidations, among other issues
• In case the protocol is paused, the price of the collateral may change during the unpause event. This may cause unforeseen liquidations, among other issues
• It is not possible to pause individual functions. Nevertheless, BORROW_RATE_UPDATER_ROLE and admin functions are enabled even if the protocol is paused
• Users blacklisted by underlying tokens (e.g. USDC) may be unable to withdraw
• If the Variable Pool (Aave v3) fails to supply or withdraw for any reason, such as supply caps, Size's deposit and withdraw may be prevented
• Centralization risk related to integrations (USDC, Aave v3, Chainlink) are out of scope
• The Variable Pool Borrow Rate feed is trusted and users of rate hook adopt oracle risk of buying/selling credit at unsatisfactory prices
• The insurance fund (out of scope for this project) may not be able to make all lenders whole, may be unfair, and may be manipulated
• LiquidateWithReplacement might not be available for big enough debt positions
• All issues acknowledged on previous audits and automated findings

Overview

Size is a credit marketplace with unified liquidity across maturities.

Supported pair:

• (W)ETH/USDC: Collateral/Borrow token

Target networks:

• Ethereum mainnet
• Base

Documentation

Overview, Accounting, and Protocol Design

• Whitepaper

Technical overview

Architecture

The architecture of Size v2 was inspired by dYdX v2, with the following design goals:

• Upgradeability
• Modularity
• Overcome EIP-170's contract code size limit of 24kb
• Maintaining the protocol invariants after each user interaction ("FREI-PI" pattern)

For that purpose, the contract is deployed behind an UUPS-Upgradeable proxy, and contains a single entrypoint, Size.sol. External libraries are used, and a single State storage variable is passed to them via delegatecalls. All user-facing functions have the same pattern:

state.validateFunction(params);
state.executeFunction(params);
state.validateInvariant(params);

The Multicall pattern is also available to allow users to perform a sequence of multiple actions, such as depositing borrow tokens, liquidating an underwater borrower, and withdrawing all liquidated collateral. Note: in order to accept ether deposits through multicalls, all user-facing functions have the payable modifier, and deposit always uses address(this).balance to wrap ether. This means leftover amounts, if sent forcibly, are always credited to the depositor.

Additional safety features were employed, such as different levels of Access Control (ADMIN, PAUSER_ROLE, KEEPER_ROLE, BORROW_RATE_UPDATER_ROLE), and Pause.

Tokens

In order to address donation and reentrancy attacks, the following measures were adopted:

• No withdraws of native ether, only wrapped ether (WETH)
• Underlying borrow and collateral tokens, such as USDC and WETH, are converted 1:1 into deposit tokens via deposit, which mints szaUSDC and szWETH, and received back via withdraw, which burns deposit tokens 1:1 in exchange for the underlying tokens.

Maths

All mathematical operations are implemented with explicit rounding (mulDivUp or mulDivDown) using Solady's FixedPointMathLib. Whenever a taker-maker operation occurs, all rounding tries to favor the maker, who is the passive party. In some generic situations, such as in yield curve calculations, the rounding is always in one direction.

Decimal amounts are preserved until a conversion is necessary:

• USDC/szaUSDC: 6 decimals
• WETH/szETH: 18 decimals
• szDebt: same as borrow token
• Price feeds: 18 decimals

All percentages are expressed in 18 decimals. For example, a 150% liquidation collateral ratio is represented as 1500000000000000000.

Oracles

Price Feed

A contract that provides the price of ETH in terms of USDC in 18 decimals. For example, a price of 3327.39 ETH/USDC is represented as 3327390000000000000000.

Variable Pool Borrow Rate Feed

In order to set the current market average value of USDC variable borrow rates, we perform an off-chain calculation on Aave's rate, convert it to 18 decimals, and store it in the Size contract. For example, a rate of 2.49% on Aave v3 is represented as 24900000000000000. The admin can disable this feature by setting the stale interval to zero. If the oracle information is stale, orders relying on the variable rate feed cannot be matched.

Links

• Previous audits:
  • https://github.com/code-423n4/2024-06-size/blob/main/audits/2024-03-19-LightChaserV3.md
  • https://github.com/code-423n4/2024-06-size/blob/main/audits/2024-03-26-Solidified.pdf
  • https://github.com/code-423n4/2024-06-size/blob/main/audits/2024-05-30-Spearbit-draft.pdf
• Documentation: https://docs.size.cash/
• Website: https://size.credit/
• X/Twitter: https://x.com/SizeCredit

Scope

See scope.txt

Files in scope

Files out of scope

See out_of_scope.txt

Scoping Q & A

General questions

External integrations (e.g., Uniswap) behavior in scope

EIP compliance checklist

N/A

Additional context

Main invariants

• DEPOSIT_01: Deposit credits the sender

• DEPOSIT_02: Deposit transfers tokens to the protocol

• WITHDRAW_01: Withdraw deducts from the sender

• WITHDRAW_02: Withdraw removes tokens from the protocol

• BORROW_01: Borrow increases the borrower's cash

• BORROW_02: Borrow increases the number of loans

• CLAIM_01: Claim does not decrease the sender's cash

• CLAIM_02: Claim is only valid for CreditPositions

• LIQUIDATE_01: Liquidate increases the sender collateral

• LIQUIDATE_02: Liquidate decreases the sender's cash if the loan is not overdue

• LIQUIDATE_03: Liquidate only succeeds if the borrower is liquidatable

• LIQUIDATE_04: Liquidate decreases the borrower's debt

• LIQUIDATE_05: Liquidate clears the loan's debt

• SELF_LIQUIDATE_01: Self-Liquidate increases the sender collateral

• SELF_LIQUIDATE_02: Self-Liquidate decreases the borrower's debt

• SELF_LIQUIDATE_03: Self-Liquidate does not change the borrower's CR (up to a precision)

• REPAY_01: Repay transfers cash from the sender to the protocol

• REPAY_02: Repay decreases the borrower's debt

• REPAY_02: Repay clears the loan's debt

• LOAN_01: loan.credit >= minimumCreditBorrowAToken

• LOAN_02: minTenor <= loan.tenor <= maxTenor

• LOAN_03: COUNT(credit positions) >= COUNT(debt positions)

• LOAN_04: loan.liquidityIndexAtRepayment > 0 => loan.loanStatus == REPAID

• LOAN_05: A CreditPosition's debtPositionId is never updated

• TOKENS_01: The sum of collateral deposit tokens is equal to the underlying collateral

• TOKENS_02: The sum of borrow deposit tokens is equal to the sum of borrow deposit tokens for each user

• UNDERWATER_01: A user cannot make an operation that leaves any user underwater

• UNDERWATER_02: Underwater users cannot borrow

• COMPENSATE_01: Compensate does not change the borrower's debt if minting new credit

• COMPENSATE_02: Compensate reduces the borrower's debt if using an existing credit

• SOLVENCY_01: SUM(outstanding credit) == SUM(outstanding debt)

• SOLVENCY_02: SUM(credit) <= SUM(debt)

• SOLVENCY_03: SUM(positions debt) == user total debt, for each user

• SOLVENCY_04: SUM(positions debt) == SUM(debt)

• FEES_01: Fragmentation fees are applied whenever there is a credit fractionalization

• FEES_02: Cash swap operations increase the fee recipient balance

• DOS: Functions should not revert if preconditions are met (Denial of Service)

• REVERTS: Actions behave as expected under dependency reverts

Attack ideas (where to focus for bugs)

After our last security audit, we implemented numerous fixes and added new features to the protocol. However, these changes were not reviewed by the auditors. We believe these are the most significant untested and potentially vulnerable areas of the protocol.

1. Swap fee: During Spearbit's security review, a critical-severity vulnerability (5.1.1) was discovered that allowed any borrower to avoid paying fees. Consequently, we redesigned our fee mechanism, transitioning from a repayment fee to a swap fee. Rather than charging fees upon loan repayment, we introduced a fee for every cash-for-credit operation.

2. Fragmentation fee: While refactoring our fee structure, we noticed that our previous "early exit fee" was being charged incorrectly in all exits, since the purpose of this fee was to enable us to subsidize claim operations after loan repayments. Because of that, we renamed it to fragmentationFee so that it better reflects the intended behavior of this fee, which is to be charged only when there is a credit fractionalization/split.

3. Liquidations: In Spearbit's security review, several High and Medium-severity vulnerabilities (5.2.1, 5.3.1, 5.3.3) were identified concerning liquidation and self-liquidation incentives. Consequently, we overhauled our incentives mechanism, moving away from a fixed overdue liquidation reward and a variable liquidation reward based on collateral ratio to a variable liquidation reward based on the loan's future value.

4. Create Debt/Credit pair: Following our last audit, we conducted a major refactor to consolidate similar functions into a single function. Additionally, we added optional input parameters to existing functions to enhance their functionality. Specifically:

   • BorrowAsMarketOrder was renamed to SellCreditMarket. Instead of receiving an array of receivable credit positions, it now accepts a creditPositionId parameter. If set to RESERVED_ID, it can create a DebtPosition/CreditPosition pair for a "simple borrow". Passing an existing credit position ID allows for a "lender exit".
   • LendAsMarketOrder was merged with BuyMarketCredit into a single BuyCreditMarket function. Like SellCreditMarket, it accepts a creditPositionId parameter. Setting it to RESERVED_ID enables the creation of a DebtPosition/CreditPosition pair for a "simple lend". Passing an existing credit position ID enables a credit buy operation.
   • BorrowerExit was eliminated in favor of a BuyCreditMarket + Compensate flow.
   • Compensate now accepts a creditPositionToCompensateId that can be set to RESERVED_ID, which can create a DebtPosition/CreditPosition pair, allowing for debt reduction on an existing loan while creating a new debt. This facilitates partial repayments.

5. Tenor vs Due Date: as part of a refector, market orders now accept a tenor parameter instead of a dueDate, and the due date is calculated on-chain based on the block.timestamp

All trusted roles in the protocol

Describe any novel or unique curve logic or mathematical models implemented in the contracts

N/A

Running tests

Setup

git clone --recurse https://github.com/code-423n4/2024-06-size.git
cd 2024-06-size

Build

forge build

Tests

forge test

Invariant tests

yarn echidna-property
yarn echidna-assertion

Property-based tests

for i in {0..5}; do halmos --loop $i; done

Note: We're not sure why Halmos outputs the following warning: Skipped SizeViewData.json due to parsing failure: KeyError: 'metadata'.

Miscellaneous

Employees of Size and employees' family members are ineligible to participate in this audit.