Advertisement
AD

Main navigation

Advertisement
AD

Wrapped Ether (WETH) Design Bugs Unveiled by Analyst

Advertisement
Sat, 19/11/2022 - 17:20
Wrapped Ether (WETH) Design Bugs Unveiled by Analyst
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Advertisement

In his Format Verification of Wrapped ETH (WETH) research, Stephen Tong verified two parameters crucial for the tokenomical design of Wrapped Ether, an ERC-20 token that mirrors Ether (ETH) in DeFi applications.

Analyst checked accuracy of total WETH supply and its solvency: Results

Today, on Nov. 19, 2022, Tong published a review on two features of Wrapped Ethereum (WETH), a smart contract on the Ethereum (ETH) network designed to streamline ETH usage in DeFi by "wrapping" it into a regular ERC-20 asset.

He leveraged Constrained Horn Clause (CHC) instruments to model all possible states of Wrapped Ethereum (ETH). Then, he checked whether the "total supply" metric of WETH smart contract actually equals the number of tokens minted. 

Advertisement

He also tried to verify whether it was possible to redeem ETH from WETH at any time; Tong called this function "solvency."

Regarding the first point, the analyst unveiled that the total supply is not necessarily equal to the amount of tokens in existence:

Technically speaking, the ERC-20 standard specifies that totalSupply() should equal the..."total supply". Which is kinda vague, but one would assume that it'd be the total tokens in existence

Via the selfdestruct function, which terminates a contract or transfers of any contract funds to a specified address, users would be able to mint WETH tokens without actually sending ETH for wrapping, Tong concluded.

Is this really dangerous for WETH users?

He also demonstrated that the depositor of Ethers (ETH) will not necessarily be able to withdraw their funds from smart contracts at any time.

As such, he provided two hypothetical models to demonstrate the absence of correlation between the WETH contract balance and the actual number of tokens minted, as well as the "solvency flaw" that could affect the withdrawal process.

However, he stressed that both situations are hypothetical and modeled only for the experiment. The bugs in the research are "minor" and "harmless."

Since its launch in 2020, Zellic audited a number of top-tier DeFi protocols, including the likes of 1inch (1INCH), LayerZero and SushiSwap (SUSHI).

A
A
A

Related articles

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement
Advertisement

Recommended articles

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD