# iTRY Contracts Audit Scope Overview ## Introduction This document provides an overview of the audit scope for the iTRY tokenization protocol. The protocol enables the minting and redemption of iTRY tokens (and their staked counterpart wiTRY), which are backed by Digital Liquidity Fund (DLF) tokens representing shares of a traditional fund investing in Turkish Money Market Funds (MMF). The protocol includes cross-chain functionality via LayerZero integration. ## Project Overview ### System Overview The iTRY protocol creates a Turkish Lira stablecoin ecosystem backed by real-world money market fund assets. The system consists of three interconnected tokens: **DLF (Digital Liquidity Fund)**: Tokenized shares of a fund that invests in TRY (Turkish Lira)-denominated Money Market funds. **The DLF token implementation is audited separately and out of scope for the current audit.** **iTRY**: A Turkish Lira stablecoin backed 1:1 by the NAV (Net Asset Value) of DLF tokens. Users supply DLF to mint iTRY based on the current Net Asset Value of the underlying money market fund. **wiTRY**: The yield-bearing "staked" version of iTRY. By staking iTRY into wiTRY, holders receive yield generated by the underlying money market funds. ### Core Mechanics **Minting Flow**: Users deposit DLF tokens to mint iTRY at the current NAV rate. The deposited DLF is routed through a Fast Access Vault (acting as a liquidity buffer pool) before being sent to a custodian. The minted iTRY can then be staked to receive wiTRY. **Yield Distribution**: At the end of each market day, the NAV price is updated to reflect the money market fund's earnings. Since this value increase affects all DLF tokens equally, the issuer mints new iTRY corresponding to the DLF tokens under custody—ensuring the circulating iTRY supply always matches the custodied DLF value. The newly minted iTRY is distributed to the staking contract and selected partners according to holding percentages and business agreements. This process will be manual initially and automated in future iterations. **Redemption Flow**: When redeeming iTRY for DLF, the Fast Access Vault provides immediate liquidity when available. If vault liquidity is insufficient, the system emits an event for custodian-managed redemption. **Unstaking**: Redeeming wiTRY for iTRY requires a 3-day cooldown period. Users can bypass this cooldown using a "fastWithdraw" option that charges an additional fee. **Cross-chain Architecture**: Both iTRY and wiTRY are multichain tokens, initially deployed on Mainnet and MegaETH. On Mainnet (hub chain), the system uses OFT Adapters to wrap the native tokens. On spoke chains, standard OFT token implementations mirror the compliance features of the hub chain. A Composer contract manages cross-chain deposits and withdrawals into/from the vault. ## Forks from Audited Codebases The smart contracts are based on previously audited and battle-tested implementations: - **iTRY Token**: Forked from Ethena's USDtb contract - **wiTRY Token**: Forked from Ethena's StakedUSDeV2 ERC4626 vault - **LayerZero Integration**: Based on LayerZero's official OFT implementation, including Composer contracts These contracts have been adapted primarily through naming/comment changes and Solidity version updates, along with selective feature additions to meet specific protocol requirements. This approach leverages the security assurances of the original audited codebases while customizing functionality for this use case. Diff analyses can be found below. ## Protocol Architecture Overview The iTRY protocol consists of three main components: **Token Layer**: iTRY (ERC20) and wiTRY (ERC4626 staked vault) **Cross-chain Layer**: LayerZero integration for hub and spoke chain deployments **Core Protocol Layer**: Issuance, redemption, and liquidity management contracts ## Component Purposes and Functionality ### Token Contracts **iTRY Token Contract**: An ERC20 token with comprehensive access controls, forked from Ethena's USDtb. The contract implements blacklisting and whitelisting capabilities through configurable transfer states. It includes role-based minting and burning functions. **wiTRY Token Contract**: An ERC4626-compliant staking vault for iTRY tokens, forked from Ethena's StakedUSDeV2. It implements a cooldown period on unstake, under which a "fast-track" unstaking is possible for a fee. It also includes functions specifically implemented to allow for cross-chain deposits and withdrawals. ## LayerZero Integration ### Hub Chain (Mainnet): **iTRY OFT Adapter**: Wraps the iTRY token for cross-chain transfers using LayerZero's OFT adapter pattern. **wiTRY OFT Adapter**: Wraps the wiTRY token for cross-chain transfers using LayerZero's OFT adapter pattern. ### Spoke Chains (MegaETH and future chains): **iTRY OFT**: Standard OFT token implementation that mirrors mainnet iTRY compliance features (whitelist/blacklist) **wiTRY OFT**: Standard OFT token implementation that mirrors mainnet wiTRY compliance features (whitelist/blacklist) **UnstakeMessenger:** Utility contract to handle the crosschain unstaking of assets that have already finished cooldown. **Composer Contract**: Forked from LayerZero's official Composer implementation with modified withdrawal mechanism. Instead of immediate withdrawal on _redeemAndSend, it triggers the start of a cooldown, requiring users to manually withdraw after the cooldown period. Also allows calling the fastWithdrawal() functions. It modifies the standard handleCompose() function to make it virtual. ### Core Protocol Contracts **iTRY Issuer Contract**: Manages the minting and redemption of iTRY tokens in exchange for DLF tokens. Queries oracle for exchange rates, mints corresponding iTRY amounts, and routes DLF to the FastAccessVault. On redemption, attempts to withdraw from FastAccessVault; if insufficient liquidity, emits an event for custodian-managed redemption. Implements whitelist-only minting and redemptions. Also responsible for minting new iTRY during daily yield distribution to maintain parity between circulating iTRY and custodied DLF value. **FastAccessVault Contract**: Holds DLF tokens to service redemption requests. Maintains a target percentage of total DLF under custody (with configurable minimum). Includes rebalance function that transfers excess funds to custodian wallet or requests top-up when below target threshold. Acts as a liquidity buffer to speed up redemptions without requiring direct custodian interaction. ### Periphery Contracts **Oracle Contract (Out of scope / Still under development)**: Implements price feed integration for NAV (Net Asset Value) pricing. Exposes a price() function queryable by the iTRY Issuer for exchange rate determination. **YieldForwarder Contract**: Receives yield generated by the protocol and forwards it to a designated treasury address on request. ### Key Features - Role-based access control with emergency functions - Blacklist/whitelist enforcement for compliance - Cross-chain token bridging via LayerZero OFT standard - Oracle-based dynamic pricing for minting/redemption (updated daily at market close) - Liquidity management with automatic rebalancing - 3-day cooldown mechanism for unstaking with fast withdrawal option - Support for multiple collateral types - ERC4626-compliant staking vault ## Audit Scope Details ### Contracts in Scope #### Core Token Contracts - iTry.sol (iTRY Token) - File: src/token/iTRY/iTry.sol - StakediTry.sol (wiTRY Staking - Base) - File: src/token/wiTRY/StakediTry.sol - StakediTryCooldown.sol (exapnd wiTRY with Cooldown) - File: src/token/wiTRY/StakediTryCooldown.sol - - StakediTryFastRedeem.sol (enable wiTRY Fast Redemption) - File: src/token/wiTRY/StakediTryFastRedeem.sol - StakediTryCrosschain.sol (crosschain-specific functions) - File: src/token/wiTRY/StakediTryCrosschain.sol - iTrySilo.sol (Asset Holding) - File: src/token/wiTRY/iTrySilo.sol #### Core Protocol Contracts - iTryIssuer.sol - File: src/protocol/iTryIssuer.sol - FastAccessVault.sol - File: src/protocol/FastAccessVault.sol #### LayerZero Integration ##### Spoke Chains - iTryTokenOFT.sol - File: src/token/iTRY/crosschain/iTryTokenOFT.sol - wiTryOFT.sol - File: src/token/wiTRY/crosschain/wiTryOFT.sol ##### Hub Chain - wiTryVaultComposer.sol - File: src/token/wiTRY/crosschain/wiTryVaultComposer.sol - iTryTokenOFTAdapter.sol - File: src/token/iTRY/crosschain/iTryTokenOFTAdapter.sol - wiTryOFTAdapter.sol - File: src/token/wiTRY/crosschain/wiTryOFTAdapter.sol ### Periphery Contracts - YieldForwarder.sol - File: src/protocol/YieldForwarder.sol - RedstoneNAVFeed.sol (**OUT OF SCOPE**) - File: src/protocol/RedstoneNAVFeed.sol #### Modifications from Original Codebases ##### iTRY Token Modifications (based on diff against Ethena's USDtb): - **Solidity Version**: Updated from 0.8.26 to 0.8.20 - **Naming Changes**: Rebranded from USDtb to iTRY throughout contract - **Variable Naming**: Updated variable names to reflect iTRY terminology ##### wiTRY Token Modifications (based on diff against Ethena's stakedUSDE): - **Solidity Version**: Updated from 0.8.19 to 0.8.20 - **Naming Changes**: Rebranded from stakedUSDE to wiTRY throughout contract - **Variable Naming**: Updated variable names to reflect wiTRY terminology - **Modfiable Reward Vesting Period**: Added functions to make the rewards vesting period mutable. ##### LayerZero Integration Modifications: **OFT Adapters**: Standard LayerZero OFT adapter implementation with no additional modifications beyond configuration **Spoke Chain OFTs**: Implemented compliance features (whitelist/blacklist) mirroring hub chain token contracts - **Composer Contract**: - **Modified Withdrawal**: Overridden _redeemAndSend functionality to trigger cooldown instead of immediate withdrawal - **Cooldown System**: Added 3-day cooldown period requiring manual withdrawal after delay - **Fast Withdrawal**: Added the option to call the new fast withdrawal functions (with fee)