Main navigation

Wrapped Ether (WETH) Design Bugs Unveiled by Analyst

Sat, 11/19/2022 - 17:20
article image
Vladislav Sopov
Stephen Tong, co-founder of blockchain security firm Zellic, found bugs in most popular smart contract ever
Wrapped Ether (WETH) Design Bugs Unveiled by Analyst
Cover image via
Read U.TODAY on
Google News

In his Format Verification of Wrapped ETH (WETH) research, Stephen Tong verified two parameters crucial for the tokenomical design of Wrapped Ether, an ERC-20 token that mirrors Ether (ETH) in DeFi applications.

Analyst checked accuracy of total WETH supply and its solvency: Results

Today, on Nov. 19, 2022, Tong published a review on two features of Wrapped Ethereum (WETH), a smart contract on the Ethereum (ETH) network designed to streamline ETH usage in DeFi by "wrapping" it into a regular ERC-20 asset.

He leveraged Constrained Horn Clause (CHC) instruments to model all possible states of Wrapped Ethereum (ETH). Then, he checked whether the "total supply" metric of WETH smart contract actually equals the number of tokens minted. 

He also tried to verify whether it was possible to redeem ETH from WETH at any time; Tong called this function "solvency."

Regarding the first point, the analyst unveiled that the total supply is not necessarily equal to the amount of tokens in existence:

Technically speaking, the ERC-20 standard specifies that totalSupply() should equal the..."total supply". Which is kinda vague, but one would assume that it'd be the total tokens in existence

Via the selfdestruct function, which terminates a contract or transfers of any contract funds to a specified address, users would be able to mint WETH tokens without actually sending ETH for wrapping, Tong concluded.

Is this really dangerous for WETH users?

He also demonstrated that the depositor of Ethers (ETH) will not necessarily be able to withdraw their funds from smart contracts at any time.

As such, he provided two hypothetical models to demonstrate the absence of correlation between the WETH contract balance and the actual number of tokens minted, as well as the "solvency flaw" that could affect the withdrawal process.

However, he stressed that both situations are hypothetical and modeled only for the experiment. The bugs in the research are "minor" and "harmless."

Since its launch in 2020, Zellic audited a number of top-tier DeFi protocols, including the likes of 1inch (1INCH), LayerZero and SushiSwap (SUSHI).

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (, Monoreto, Attic Lab etc.)