># Protocol Due Diligence: Euler (EUL)
[ToC]
## Euler Overview
- [Site](https://www.euler.finance/)
- [Team](https://www.eulerlabs.com/) - Euler Labs
- [Gov](https://docs.euler.finance/euler-governance/getting-started)
- [Docs](https://docs.euler.finance/)
- [Audits and due diligence disclosures](https://docs.euler.finance/security/audits)
Euler is a permissionless lending protocol like Aave and Compound.
Start by reading: https://docs.euler.finance/getting-started/white-paper.
It is important to notice that the price oracle has been switched from Uniswap TWAP to Chainlink: https://forum.euler.finance/t/eip-18-move-all-asset-price-oracles-to-chainlink-where-available-ahead-of-the-merge/349/1.
Not all tokens use Chainlink oracle, but all main tokens do.
## Rug-ability
**Multi-sig:** Yes
- [Treasury](https://docs.euler.finance/euler-governance/treasury) is controlled by a MultiSig 4/9, signers come from a pool of 6 different organisations. The identity of the signers is not revealed.
**Upgradable Contracts:** Yes
- [Modules](https://docs.euler.finance/developers/getting-started/architecture#module-system) can be upgraded, which can immediately upgrade all ETokens. Modules cannot be called directly. Instead, they must be invoked through a [proxy](https://docs.euler.finance/developers/getting-started/architecture#proxies) which are not upgradeable.
- There is an [InstallerInstallModule](https://github.com/euler-xyz/euler-contracts/blob/dfaa7788b17ac7c2a826a3ed242d7181998a778f/contracts/Events.sol#L51) event generated by the main contract on each update.
- Currently the functions are gated so that the [upgradeAdmin address](https://app.safe.global/home?safe=eth:0x25Aa4a183800EcaB962d84ccC7ada58d4e126992) is the only address that can upgrade modules. The upgrade admin is actually the **4/9 multisig**, which can upgrade any modules. The identity of the signers is known for 5 of the 9. It is split between the 3 founders, an advisor, 2 investors, an auditor and 2 directors of the Euler foundation (probably these [2](https://www.moneyhouse.ch/en/company/euler-foundation-in-liquidation-14563167491/management)).
- There is currently no time-lock on any of the contracts.
- you can use https://proposal.euler.finance/ to decode hex encoded tx data to see what is about to be approved in the multisig.
- governorAdmin is another address of special interest and can be set by upgradeAdmin
- governorAdmin can do following actions:
- set given asset configuration (tier, collateral factor, borrow factor, TWAP window)
- set an interest rate model for given asset
- set pricing configuration (oracle used - uniswap TWAP/chainlink, uniswap pool used)
- set reserve fee for a given market
- withdraw reserves for a given market (i.e. in order to convert them to other asset at DAOs discretion)
- governorAdmin soon will be able to do following additional actions:
- set supply/borrow caps
- emergency pause given market (granular setting, each action can be paused individually - deposit, withdraw, borrow, repay, mint, burn)
- activate market with chainlink oracle even if uniswap pool doesn’t exist
**Decentralization:**
- Governance is decentralized using EUL token. The model is similar to the one Compound uses, where delegates vote on active proposals to make changes to the EulerDAO and Euler protocol. EulerDAO will kick off in [three phases](https://docs.euler.finance/euler-governance/getting-started/governance-launch-phases) for a guarded launch towards full decentralisation of the Euler protocol.
## Audit Reports
Audits are listed here: https://docs.euler.finance/security/audits
### Omniscia
#### Chainlink Support Security Audit - June 2022
* https://omniscia.io/reports/euler-finance-chainlink-support
* The audit was done for Chainlink integration. It shows Major risk finding for improper integration of Chainlink oracles which is nullified: https://omniscia.io/reports/euler-finance-chainlink-support/manual-review/RiskManager-RMR#span-idrmr-02mrmr-02m-improper-integration-of-chainlink-oraclesspan
#### Merkle Mining Staking Security Audit - March 2022
* https://omniscia.io/euler-merkle-mining-staking/
* Cover EUL distribution and staking. Only minor and informational findings, some alleviated, some acknowledged.
### Sherlock - December 2021
* https://raw.githubusercontent.com/euler-xyz/euler-audits/master/smart_contract_audits/Euler_-_Sherlock_Report.pdf
* Most of the findings are related to TWAP oracle, which partially changed after switching to Chainlink.
### Certora - September 2021
* https://raw.githubusercontent.com/euler-xyz/euler-audits/master/smart_contract_audits/Formal_Verification_Report_for_Euler.pdf
* Most concerns are on Uniswap swapping, which won't be used for this strategy.
### Halbron - May 2021
* https://raw.githubusercontent.com/euler-xyz/euler-audits/master/smart_contract_audits/Euler_Smart_Contract_Security_Audit_Halborn_v_1_1.pdf
* Only minor and informational findings.
### Solidified and ZK Labs - May 2021
* https://github.com/euler-xyz/euler-audits/blob/master/smart_contract_audits/Audit%20Report%20-%20Euler%20-%20[07.05.2021].pdf
* Only minor findings which are acknowledged.
### Unaudited Contracts
#### Staking Contracts
Staking contracts are found here: [https://github.com/euler-xyz/euler-staking](https://github.com/euler-xyz/euler-staking)
They are based on the staking smart contracts from [Synthetix](https://github.com/Synthetixio/synthetix).
Deployed example on [Etherscan](https://etherscan.io/address/0xE5aFE81e63f0A52a3a03B922b30f73B8ce74D570#code).
Euler Team stated that they felt the modifications did not warrant another audit for these contracts.
**Contract modifications to original from Synthetix:**
1. Solidity compiler set to ^0.8.0 which required some syntactic changes
2. Got rid of `SafeMath` and `SafeDecimalMath` libraries throughout the smart contracts
3. In `RewardsDistribution.sol` got rid of `RewardEscrow` and `FeePoolProxy` references along with related functionalities. Modified contract to enforce success on every `notifyRewardAmount()` call (it means that each staking contract must implement `RewardsDistributionRecipient.sol`)
4. In `StakingRewards.sol` used own safe transfer functions instead of keeping OpenZeppelin dependencies. `rewardsToken` and `stakingToken` variables have been changed to immutables. `notifyRewardAmount()` has been modified so that it's not possible to to add more rewards before current staking period is over (prevents from calling the function multiple times and draining `RewardsDistribution` contract)
5. In `IRewardsDistribution.sol` and `IStakingRewards.sol` removed unnecessary view functions for public variables
6. Added Euler sub-accounts support. For that functions `stake()`, `withdraw()` and `exit()` functions of `StakingRewards.sol` were overloaded
## Strategy Details
### Summary
The `GenericEulerLender` plugin will be part of the Generic Lender strategy: https://github.com/spalen0/Yearn-V2-Generic-Lender. It will earn rewards by lending want token and receive eToken, which accrued interest with a static balance, like Compound cToken. Additional EUL rewards are earned for staking lender token (eToken).
### Strategy current APR
The APR will change based on borrowing demand for want token. Also, reward EUL token from staking will be accounted into APR, which will depend on the EUL token price and the amount that is currently staked.
#### Supply Rewards
Supply rewards are compounded in the supplied token. What differs Euler from Aave and Compound is `Reactive Interest Rates`: https://docs.euler.finance/getting-started/white-paper#reactive-interest-rates. It uses a PID controller to change the interest rates.
[Supply APY](https://app.euler.finance/staking) on date 17.01.2023:
- WETH: 1.69%
- USDC: 1.87%
- USDT: 2.26%
- LUSD: 2.26%
- RAI: 10.51%
- YFI: 3.07%
#### Staking Rewards
Euler started to reward staking lender eToken. Currently, only for eETH, eUSDC and eUSDT. Staking on Euler is based on Synthetix’s staking contracts. Staked eTokens cannot be used as collateral which is fine because the strategy is only lending want tokens to protocol. There is no lockup period for rewards. Staking can be disabled if it is not available for the respective vault token.
More info: https://docs.euler.finance/eul/staking
For staking rewards see: https://app.euler.finance/staking.
EUL token is listed on Uniswap V3.
[Stake APR](https://app.euler.finance/staking) for rewards on date 17.01.2023:
- WETH: 1.79% (incl. lending: 3.48%)
- USDC: 3.81% (incl. lending: 5.68%)
- USDT: 2.63% (incl. lending: 4.89%)
### Vault/Strategy Pitfalls
Since Euler allows arbitrary tokens to be activated, threat model is larger than on Compound/AAVE. They use asset tiers (collateral, cross-tier, isolated) to account for different risk profiles, but riskier assets might be voted into higher tiers via governance vote.
**Isolation-tier** assets are available for ordinary lending and borrowing, but they cannot be used as collateral to borrow other assets, and they can only be borrowed in isolation. What this means is that they cannot be borrowed alongside other assets using the same pool of collateral. For example, if a user has USDC and DAI as collateral, and they want to borrow isolation-tier asset ABC, then they can only borrow ABC. If they later want to borrow another token, XYZ, then they can only do so using a separate account on Euler.
**Cross-tier** assets are available for ordinary lending and borrowing, and cannot be used as collateral to borrow other assets, but they can be borrowed alongside other assets. For example, if a user has USDC and DAI as collateral, and they want to borrow cross-tier assets ABC and XYZ, then they can do so from a single account on Euler.
**Collateral-tier** assets are available for ordinary lending and borrowing, cross-borrowing, and they can be used as collateral. For example, a user can deposit collateral assets DAI and USDC, and use them to borrow collateral assets UNI and LINK, all from a single account.
## Path-to-Prod
* **Does Strategy delegate assets?** No.
* **Target Prod Vault** Vaults that have Generic Lender strategy deployed and Euler provides staking rewards: yvUSDC, yvUSDT, yvWETH.
* **BaseStrategy Version:** 0.4.3
* **Target Prod Vault Version:** 0.4.3
### Testing Plan
Deploy Euler plugin and add it to Generic Lender strategy for USDC vault.
#### Ape.tax
* **Will Ape.tax be used?** Yes, USDC version deployed to: https://ape.tax/santa-bills ?
* **Will Ape.tax vault be same version # as prod vault?** Yes
* **What conditions are needed to graduate? (e.g. number of harvest cycles, min funds, etc)** Be profitable.
#### Prod Deployment Plan
* **Suggested position in withdrawQueue?** ?
* **Does strategy have any deposit/withdraw fees?** No.
* **Suggested debtRatio?** ?
* **Suggested max debtRatio to scale to?** ?
#### Emergency Plan
- **Shutdown Plan:** Unstake eToken, burn eToken and get lended want token.
- **Things to know:** If liquidity in the lending pool is too low for withdrawal (because everything is borrowed out), withdrawal is not possible. A potential way to still get most of the collateral out could be to force a liquidation.
- **Scripts / steps needed:**
- **Is it safe to...**
- call EmergencyShutdown
- remove from withdrawQueue
- call revoke and then harvest
Google Drive
Gist
Clipboard
Sign in with Wallet
