Protocol Due Diligence: [Velodrome V2]

# Protocol Due Diligence: Velodrome V2 Velodrome, originally forked from Solidity, is an Automated Market Maker (AMM) protocol operating on the Optimism network. As of the end of June 2023, Velodrome had a combined [Total Value Locked (TVL) of 185M](https://defillama.com/protocol/velodrome). The protocol has undergone a significant upgrade with the introduction of Velodrome V2, which brings forth several new features, including concentrated liquidity support, dynamic fees, dynamic emissions rates, and relay. In V2, the upgraded contracts interact with the V1 version to add new functionalities while ensuring immutability. A V1 token converter pool enables a seamless conversion of V1 tokens to V2 tokens, facilitating a smooth transition for users. Additionally, the SinkManager contract captures and locks V1 tokens, ensuring continuous emissions. The emission schedule for V2 follows the same pattern as V1, with a slight increase in emissions during the first week. ## Overview + Links - **Website**: https://velodrome.finance - **Governance**: [veVELO](https://optimistic.etherscan.io/address/0x46f21fda29f1339e0ab543763ff683d399e393ec) is used for governance - **Team:** The team is anon. Members have previously launched veDAO, an initiative incubated by Information Token. - **Social**: [Twitter](https://twitter.com/VelodromeFi) | [Discord](https://discord.com/invite/velodrome) | [Medium](https://medium.com/@VelodromeFi) - **Docs**: https://velodrome.finance/docs - **Others**: [Velodrome V1 due diligence](https://github.com/yearn/yearn-strategies/blob/master/dd/velodrome.md) | [V2 explainer](https://paragraph.xyz/@velodrome/v2) | [V2 article](https://medium.com/@VelodromeFi/velodrome-v2-a-new-era-1bd84509fa23) ## Audits and Due Diligence Disclosures At the time of writing this report. Velodrome had yet to publish the V2 code on GitHub. Spearbit conducted an audit on June 19th, 2023, and will be made public in July after other Solidly forks have been informed of the findings. - **Links to the reports:** https://velodrome.finance/security - **Summarize high/critical/medium issues and fixes**: Audit is not available at the moment. - **Does the hash code in the audit/s report/s match in the GitHub repository vs. deployed smart contract? If it doesn’t, why?** Waiting for audit to be public. - **Did the team include new changes yet to be audited?** V2 contracts were deployed after the Spearbit audit was completed. ### Yearn internal review A review of the v2 codebase has been done by Yearn's contributors based on deployed verified contracts. **List of deployed contracts**: https://velodrome.finance/security#contracts Here are the main changes from V1 and our findings: #### General - Custom Pool Fees - Zapping into LPs - Streamlined Voting Rewards: V2 gauges and rewards contracts were rewritten and simplified. Fees will now accumulate and be delivered similarly to bribes. - A liquidity pool factory registry, which allows adding new liquidity pool types (e.g. concentrated, multi-tokens, custom pools) - Updatable rewards/bribes factory - New VELO Token. Velodrome V2 issued a new $VELO token, convertible 1-to-1 with the V1 token via `SinkManager`. - dynamic fees - dynamic emissions rate - router zap functions and swap supporting fee on transfer tokens - gauge now has a similar implementation to SNX staking contract #### [`Pool.sol`](https://github.com/spalen0/velov2/blob/review/contracts/Pool.sol) ([link to diff](https://www.diffchecker.com/BZztXVWf/)) - replaces `Pair.sol` - uint256 instead of uint - ReentrancyGuard instead of lock modifier - revert instead of require - [additional check for creating stable pool](https://github.com/spalen0/velov2/blob/review/contracts/Pool.sol#L299) - **changed function [`_f()`](https://www.diffchecker.com/qzyTGg7C/) (link to [new code](https://github.com/spalen0/velov2/blob/review/contracts/Pool.sol#L385)) which in fuzz testing doesn't produces the same value as the in old impl. Value is sometimes -1 from impl. in v1.** The function is used only inside a function `_get_y()`, see below. - **changed function [`_get_y()`](https://www.diffchecker.com/WcruhDfj/) fuzz failed, not producing the same results as the old version; in some cases, the return value is +1 (one more) compared to the old version. [Explanied in function impl](https://github.com/spalen0/velov2/blob/review/contracts/Pool.sol#L395) that some cases will produce +1 result.** - claim fees [before transferring pool tokens](https://github.com/spalen0/velov2/blob/review/contracts/Pool.sol#L488). #### [`PoolFactory.sol`](https://github.com/spalen0/velov2/blob/review/contracts/factories/PoolFactory.sol) - new contract used to create/clone Pools - [enable setting custom fees](https://github.com/spalen0/velov2/blob/5f4c98b3b9672dce7ca5a09094b2ee02f52d7521/contracts/factories/PoolFactory.sol#L142) - [enable changing stable and volatile fees](https://github.com/spalen0/velov2/blob/5f4c98b3b9672dce7ca5a09094b2ee02f52d7521/contracts/factories/PoolFactory.sol#L130) - [use Clones.cloneDeterministic to create new pools](https://github.com/spalen0/velov2/blob/5f4c98b3b9672dce7ca5a09094b2ee02f52d7521/contracts/factories/PoolFactory.sol#L165) - Max fee can be increased from 0.5% to [1%](https://github.com/spalen0/velov2/blob/5f4c98b3b9672dce7ca5a09094b2ee02f52d7521/contracts/factories/PoolFactory.sol#L16). This applies for both volatile and stable pools. #### [`Router.sol`](https://github.com/spalen0/velov2/blob/review/contracts/Router.sol) ([link to diff](https://www.diffchecker.com/kIxrj7l5/)) - Router supports swaps for both v1 and v2, while adding liquidity is enabled for v2 only (migration). - use ERC2771Context for trusted forwarding. Use `_msgSender()` instead of `msg.sender` - use revert instead of require - pass [param factory address](https://github.com/spalen0/velov2/blob/review/contracts/Router.sol#L84). This enables compatibility with v1. - v2 removed `withPermit` function for removing liquidity - v2 removed function `swapExactTokensForTokensSimple` - v2 added [zap functions](https://github.com/spalen0/velov2/blob/review/contracts/Router.sol#L547): zapSwap, zapInLiquidity and zapOutLiquidity #### [`Gauge.sol`](https://github.com/spalen0/velov2/blob/review/contracts/gauges/Gauge.sol) ([link to diff](https://www.diffchecker.com/r8pWueBL/)) - holds LP tokens. - v2 implementation is similar to [SNX staking contract implementation](https://github.com/Synthetixio/synthetix/blob/develop/contracts/StakingRewards.sol) - use ERC2771Context for trusted forwarding. Use `_msgSender()` instead of `msg.sender`. - Updatable gauges factory, to allow us to support maintenance for these new pool type gauges and reward contracts #### [`RewardsDistributor.sol`](https://github.com/spalen0/velov2/blob/review/contracts/RewardsDistributor.sol) ([link to diff](https://www.diffchecker.com/X139AJws/)) - use Curve fi implementation - missing nonreentrant on [claim](https://github.com/spalen0/velov2/blob/review/contracts/RewardsDistributor.sol#L131) and [claimMany](https://github.com/spalen0/velov2/blob/review/contracts/RewardsDistributor.sol#L152) but is used only for [Velo2 token](https://github.com/spalen0/velov2/blob/review/contracts/RewardsDistributor.sol#L37-L38). #### Contracts configuration: - FactoryRegistry [has multisig as owner](https://optimistic.etherscan.io/address/0xF4c67CdEAaB8360370F41514d06e32CcD8aA1d7B#readContract#F5): https://app.safe.global/balances?safe=oeth%3A0xBA4BB89f4d1E66AA86B60696534892aE0cCf91F5 - PoolFactory has multisig as [feeManager](https://optimistic.etherscan.io/address/0xF1046053aa5682b4F9a81b5481394DA16BE5FF5a#readContract#F6) and [pauser](https://optimistic.etherscan.io/address/0xF1046053aa5682b4F9a81b5481394DA16BE5FF5a#readContract#F15). SinkConverter and Voter addresses are set - Router has correct [factoryRegistry](https://optimistic.etherscan.io/address/0xa062aE8A9c5e11aaA026fc2670B0D65cCc8B2858#readContract#F3) and [defaultFactory](https://optimistic.etherscan.io/address/0xa062aE8A9c5e11aaA026fc2670B0D65cCc8B2858#readContract#F2). Also, [v1Factory](https://optimistic.etherscan.io/address/0xa062aE8A9c5e11aaA026fc2670B0D65cCc8B2858#readContract#F15) and [voter](https://optimistic.etherscan.io/address/0xa062aE8A9c5e11aaA026fc2670B0D65cCc8B2858#readContract#F16) for zapping to gauge. - Voter [emergecy cuncil](https://optimistic.etherscan.io/address/0x41c914ee0c7e1a5edcd0295623e6dc557b5abf3c#readContract#F2) is set to a different multisig. [Governor](https://optimistic.etherscan.io/address/0x41c914ee0c7e1a5edcd0295623e6dc557b5abf3c#readContract#F13) and [epochGovernor](https://optimistic.etherscan.io/address/0x41c914ee0c7e1a5edcd0295623e6dc557b5abf3c#readContract#F3) are also standard multisig used as admin. - Minter has correct [voter](https://optimistic.etherscan.io/address/0x6dc9E1C04eE59ed3531d73a72256C0da46D10982#readContract#F15) set. - RewardsDistribut has the correct [minter](https://optimistic.etherscan.io/address/0x9D4736EC60715e71aFe72973f7885DCBC21EA99b#readContract#F3). #### Contract architecture ![](https://hackmd.io/_uploads/SJ1kt0r_n.png) ## Funds Management **Is the protocol delegating the funds to another protocol/s?** No ## Rug-ability **Multi-sig:** https://app.safe.global/settings/setup?safe=oeth%3A0xBA4BB89f4d1E66AA86B60696534892aE0cCf91F5 **Number of Multi-sig signers/threshold:** 3/7 **Signers**: * 0x9939578305136e255151F3cc1c0996368F7221ba * 0x3e4ee5e1FCc58aCbAEf449A7f2fE52BA7ba71d4c * 0xfed334C7b708483D44Ba8ae427f374de9cA08920 * 0xc6E5084b11eE98da7bDBc4F9cabf5E17bb209652 * 0x7764512D344Db08dA3aDBAe115a550e58d359428 * 0x3c15f0Ac6c0DC75906A4977f8b7b25cab667Afe2 * 0x1f46482B27469aBbDD683e13a40792eC0f150626 **Upgradable Contracts:** No ## Misc Risks The main profit for the pool token will be generated by selling the reward $VELO tokens. Liquidity providers receive $VELO emissions as rewards for staking their liquidity positions to Gauge. These rewards are streamed and available for claiming as they accrue. Weekly emissions started at 15M $VELO (3.75% of the initial supply) on June 4th, 2022 and decay at 1% per week (epoch). The weekly rebase amount is calculated with the following formula: > (veVELO.totalSupply ÷ VELO.totalsupply)³ × 0.5 × Emissions Emissions for V2 gauges will begin on June 29th. Early movers may find attractive opportunities for providing liquidity as VELO V2 emissions flow to the new pools. More info in docs: https://velodrome.finance/docs#emissions ![Emission Schedule](https://hackmd.io/_uploads/HJAeK5OO3.png) The strategy will use LP tokens, so it's not subject to impermanent loss. Overview by Tokenomics DAO: https://twitter.com/tokenomicsdao/status/1673770882811170824 ### Audit Reports / Key Findings / Security Disclosures See PR with comments on some parts of the code: https://github.com/spalen0/velov2/pull/1/files ### Bug Bounty program Bug bounty should be on Immunefi $200k: https://velodrome.finance/security#bug-bounty "Velodrome Finance launched a bug bounty program on the 22nd of June in collaboration with Immunefi." In [timeline](https://velodrome.finance/docs#launch) it's stated that ImmuneFi bug bounty program begins from the period: July 6 - July 12 ### Anything else The V2 will go live on 29th June with high rewards emissions at the start. https://velodrome.finance/docs#emissions # Path to Prod ## Strategy Details - **Description:** Factory for Velodrome V2 LP strategies. Sell earned VELO for more underlying LP via Velodrome's router. - **Strategy current APR:** TBD - **Does Strategy delegate assets?:** No - **Target Prod Vault:** 0.4.5 - **BaseStrategy Version #:** 0.4.5 - **Target Prod Vault Version #:** 0.4.5 ## Monitoring and Alerting No upgradeable contracts. ## Testing Plan ### Ape.tax - **Will Ape.tax be used?:** No - **Will Ape.tax vault be same version # as prod vault?:** n/a - **What conditions are needed to graduate? (e.g. number of harvest cycles, min funds, etc):** n/a ## Prod Deployment Plan - **Suggested position in withdrawQueue?:** standalone strategies - **Does strategy have any deposit/withdraw fees?:** No - **Suggested debtRatio?:** 100% (standalone) - **Suggested max debtRatio to scale to?:** 100% (standalone) - **Protocol and strategy experts:** Dudesahn, Mil0x, Spalen, Val - **Proposed lead:** Dudesahn ## Emergency Plan - **Shutdown Plan:** Set DR to 0, which will withdraw all from Gauge. - **Things to know:** Part of Velo rewards could be kept in voter. - **Scripts/steps needed:** - **Is it safe to...** - call EmergencyShutdown: Yes - remove from withdrawQueue: Yes - call revoke and then harvest: Yes