Wrapped Ether (WETH) Design Bugs Unveiled by Analyst
In his Format Verification of Wrapped ETH (WETH) research, Stephen Tong verified two parameters crucial for the tokenomical design of Wrapped Ether, an ERC-20 token that mirrors Ether (ETH) in DeFi applications.
Analyst checked accuracy of total WETH supply and its solvency: Results
Today, on Nov. 19, 2022, Tong published a review on two features of Wrapped Ethereum (WETH), a smart contract on the Ethereum (ETH) network designed to streamline ETH usage in DeFi by "wrapping" it into a regular ERC-20 asset.
A bug in WETH:
— cts (@gf_256) November 19, 2022
Wrapped ETH is a smart contract that has been in over 125 MILLION Ethereum transactions. This year, 11.5% of all transactions used Wrapped ETH.
But is it secure? I formally verified two critical safety properties with a SMT solver, Z3.👇🧵https://t.co/KH5vLjxwnm pic.twitter.com/fM7cf3TLAg
He leveraged Constrained Horn Clause (CHC) instruments to model all possible states of Wrapped Ethereum (ETH). Then, he checked whether the "total supply" metric of WETH smart contract actually equals the number of tokens minted.
He also tried to verify whether it was possible to redeem ETH from WETH at any time; Tong called this function "solvency."
Regarding the first point, the analyst unveiled that the total supply is not necessarily equal to the amount of tokens in existence:
Technically speaking, the ERC-20 standard specifies that totalSupply() should equal the..."total supply". Which is kinda vague, but one would assume that it'd be the total tokens in existence
Via the selfdestruct function, which terminates a contract or transfers of any contract funds to a specified address, users would be able to mint WETH tokens without actually sending ETH for wrapping, Tong concluded.
Is this really dangerous for WETH users?
He also demonstrated that the depositor of Ethers (ETH) will not necessarily be able to withdraw their funds from smart contracts at any time.
Unsat! That's the result we want to see! pic.twitter.com/ls7bhPakY1
— cts (@gf_256) November 19, 2022
As such, he provided two hypothetical models to demonstrate the absence of correlation between the WETH contract balance and the actual number of tokens minted, as well as the "solvency flaw" that could affect the withdrawal process.
However, he stressed that both situations are hypothetical and modeled only for the experiment. The bugs in the research are "minor" and "harmless."
Since its launch in 2020, Zellic audited a number of top-tier DeFi protocols, including the likes of 1inch (1INCH), LayerZero and SushiSwap (SUSHI).