Protocol Due Diligence: [Granary Finance]

# Protocol Due Diligence: [Granary Finance] Granary Finance is Aave V2 fork on Optimism, Arbitrum, Ethereum, Fantom, Avalanche, Metis and Binance. As a lending protocol, it offers yield on lending in a given token. Some markets have additional rewards for lending and borrowing in the form of protocol GRAIN. Also, few markets have rewards in OP, OATH. Granary Finance also offers flashloans as Aave v2. Total TVL on 1st of July: $33.26M, on OP $13.66M. ## Overview + Links - **Website**: [https://granary.finance/](https://granary.finance/markets) - **Governance**: [None](https://docs.granary.finance/grain/tokenomics#governance), all controlled by Timelock owned by multisig. - **Team**: [https://docs.granary.finance/resources/our-team](https://docs.granary.finance/resources/our-team) - **Social**: [https://twitter.com/GranaryFinance](https://twitter.com/GranaryFinance) - **Docs**: [https://docs.granary.finance/](https://docs.granary.finance/) - **Others**: [Github](https://github.com/The-Granary), [DefiLlama](https://defillama.com/protocol/granary-finance) ## Audits and Due Diligence Disclosures ### Links to the reports Only one report from Certik: [https://docs.granary.finance/resources/audit](https://docs.granary.finance/resources/audit) ### Summarize high/critical/medium issues and fixes - No critical findings. - Both high finding CKP-01 and CKP-02 are related to centralizetion risk. The first one is related to Rewarder contract, the owner is set to Timelock controller with 48h delay. The owner of the Timelock controller is Gnosis multisig 3/6. The second is related to ATokensAndRatesHelper contract, [LendingRateOracle](https://optimistic.etherscan.io/address/0x7c8e7536c5044e1b3693eb564c6de3a3ce58bbda#readContract#F4) ownership is transferred to Timelock. - Medium findings, LPC-01 the team states they don't offer flashloan with stable rate position. Granary Finance disabled stable rates. ### Does the hash code in the audit/s report/s match in the GitHub repository vs. deployed smart contract? If it doesn’t, why? Commit specified in the audit is not in the public repo. The team said there were no additional changes. [Latest commit](https://github.com/The-Granary/Granary-Protocol-v1/tree/bab30a81ebd7e23422e1ae9b5f6b62654cbcf693) in the repo matches deployed contracts. For verification run [diffyscan with defined contracts](https://github.com/spalen0/diffyscan/tree/granary). Granary deployed code is the same as [aave-v2 latest commit](https://github.com/aave/protocol-v2/tree/ce53c4a8c8620125063168620eba0a8a92854eb8). The team specified commit from aave-v2: https://github.com/aave/protocol-v2/commit/e558db406f4efdd0d076d72a7174c6d49ef21da3 ### Did the team include new changes that have yet to be audited? Team said no, but cannot verify because the commit hash from audit is not public. There are no differences to deployed Aave v2 code. ### Difference with deployed Aave v2 Using deployment of Aave v2 on Avalanche because it's the latest code deployed from Aave v2 repository. The code is the same with Granary deployed code. Only 2 files have insignificant differences: - [IChainlinkAggregator](https://www.diffchecker.com/1iov0Nzx/) - granary use interface with additional function `decimals()` - [UiPoolDataProvider](https://www.diffchecker.com/YqUSeeWH/) - granary removed todo comments Run diffyscan to confirm differences: https://github.com/spalen0/diffyscan/tree/granary-aave-on-avax ## Funds Management - Is the protocol delegating the funds to another protocol/s? **No** ## Rug-ability **Multi-sig:** Optimism: [0xf6fD4c5cb0D2a92fbF8E08E6C2A27Ca7fe39FDCc](https://app.safe.global/apps/open?safe=oeth%3A0xf6fD4c5cb0D2a92fbF8E08E6C2A27Ca7fe39FDCc) For other networks: https://docs.granary.finance/resources/protocol-security **Number of Multi-sig signers/threshold:** 3/6 - [Fantom Menace (Granary Finance)](https://twitter.com/0xFantomMenace) - [Flu (Granary Finance)](https://twitter.com/DeFinalFantasy) - [Justin Bebis (Byte Masons)](https://twitter.com/0xBebis_) - [Samson (Byte Masons)](https://twitter.com/bitSAMSoN) - Goober (Byte Masons) - Lord Dove (Byte Masons) **Upgradable Contracts:** Yes There are upgradeable proxies: - [Lending Pool](https://optimistic.etherscan.io/address/0x8fd4af47e4e63d1d2d45582c3286b4bd9bb95dfe#code) is upgradeable proxy. [Address provider](https://optimistic.etherscan.io/address/0x8fd4af47e4e63d1d2d45582c3286b4bd9bb95dfe#readProxyContract#F5) of the proxy contract has [Timelock set as owner](https://optimistic.etherscan.io/address/0xdde5dc81e40799750b92079723da2acaf9e1c6d6#readContract#F10). - [Lending Pool Configurator](https://optimistic.etherscan.io/address/0x494bf60b3b58664d5a674e692c718d33687e663a#code) is also proxy with the same address provider, which has Timelock as owner. - Ownership transactions are available in the docs: https://docs.granary.finance/resources/protocol-security The owner of upgradeable contracts is [Timelock contract](https://optimistic.etherscan.io/address/0x7c8e7536c5044e1b3693eb564c6de3a3ce58bbda#code) with timelock [delay set to 48h](https://optimistic.etherscan.io/address/0x7c8e7536c5044e1b3693eb564c6de3a3ce58bbda#readContract#F5). Constant [minimum delay is 48h](https://optimistic.etherscan.io/address/0x7c8e7536c5044e1b3693eb564c6de3a3ce58bbda#readContract#F3). Admin of Timelock contract is above defined [multisig](https://optimistic.etherscan.io/address/0x7c8e7536c5044e1b3693eb564c6de3a3ce58bbda#readContract#F4). Emergency admin can pause protocol. The value is set to [multisig 2/3](https://optimistic.etherscan.io/address/0xdDE5dC81e40799750B92079723Da2acAF9e1C6D6#readContract#F2). ## Misc Risks [List any risks related to how yield is being generated, governance, multisig, etc. If the yield is generated via token emission, how long will it last? Is the strategy fully liquid?] ### Bug Bounty program No. The team said they don't have it because the code is the same Aave v2 codebase. ### Liquidity risk The strategy is usually liquid. Only if the utilization ratio is at the maximum, the strategy will not be fully liquid. At high utilization, increased borrowing APR will lead to faster repayments or eventually to liquidation to make the strategy liquid again. ### Bad debt The protocol can accrue bad debt. Alerting will be set up to track these values. Granary market configuration is defined to be similar to Aave. Only SNX market has a higher collateral factor than the other protocols. Important to notice, any incentivised market has Reserve Factor set to 50%. | TOKEN | Granary Collateral Factor | Aave v2 Collateral Factor | Aave v3 Optimism Collateral Factor |Sonne Collateral Factor | Granary Reserve Factor | Aave v2 Reserve Factor | Aave v3 Optimism Reserve Factor | Sonne Collateral Factor | | ------ | ----------------------- | ------------------------- | ---------------------------------- |----------------------- | -------------------- | ---------------------- | ------------------------------- | ----------------------- | | OP | 65% | | 30.00% |65% | 15% | | | 65% | | USDC | 80% | 80.00% | 80.00% |90% | 50% | 10.00% | 10.00% | 90% | | USDT | 80% | 0.00% | 75.00% |90% | 15% | 10.00% | 10.00% | 90% | | DAI | 80% | 75.00% | 78.00% |90% | 15% | 10.00% | 10.00% | 90% | | sUSD | 80% | 0.00% | 60.00% |60% | 15% | 20.00% | | 60% | | wETH | 80% | 82.50% | 80.00% |75% | 50% | 15.00% | 15.00% | 75% | | SNX | 65% | 46.00% | |45% | 15% | 35.00% | | 45% | | wBTC | 80% | 72.00% | 73.00% |70% | 50% | 20.00% | 20.00% | 70% | | wstETH | 70% | 72.00% | 70.00% |60% | 50% | | 15.00% | 60% | List of all deployed contracts is [in the docs here](https://docs.granary.finance/resources/deployments). ### Interest Rates ==todo== add values and compare them to aave ### $GRAIN Liquidity Granary reward token $GRAIN has low liquidity. Highest liquidity is on [beethoven x (Balancer)](https://op.beets.fi/pool/0x1cc3e990b23a09fc9715aaf7ccf21c212a9cbc160001000000000000000000bd). Even smaller amounts, like selling $2k of GRAIN token have slippage of 4.64%. ![](https://hackmd.io/_uploads/ry1A8MxFh.png) Other reward assets also have small liquidity. Compared with GenLev Sonne, which is leveraged strategy, selling GRAIN rewards only for additional APY won't be huge impact. ![](https://hackmd.io/_uploads/SkToG7lth.png) ### Anything else Granary offers a simple lending opportunity on Optimism for OP and other tokens. Currently, only one strategy, Sonne GenLev, is available for OP. OP Vault has $887k but only 20% DR, 2.01% APR. Adding simple lender for OP without any rewards for improve vault APR. Granary team is open to directing more incentives to specific markets: "For your context we constantly are adjusting emissions to ensure we aren't over-spending but if you/yearn become comfortable we'll be able to direct incentives to the markets that need extra yields, happy to as long as they get diluted effectively" # Path to Prod ## Strategy Details - **Description:** Lend asset and earn yield. Sell additional GRAIN rewards. - **Strategy current APR:** OP: 7.10% (without rewards), USDC 3.48% (0.76% GRAIN), ETH 1.61% (0.42% GRAIN), WBTC 0.08% (0.23% GRAIN) - **Does Strategy delegate assets?:** No - **Target Prod Vault:** 0.4.5 - **BaseStrategy Version #:** 0.4.5 - **Target Prod Vault Version #:** 0.4.5 ## Monitoring and Alerting ==todo== Add monitoring on Tenderly for Timelock contract so we cover all upgradeable contracts. ==todo== Set up monitoring for bad debt on RiskDAO (PR: https://github.com/Risk-DAO/bad-debt-leaderboard/pull/42/files) and Telegram alert bot (add after RiskDAO is ready). ## Testing Plan ### Ape.tax - **Will Ape.tax be used?:** - **Will Ape.tax vault be same version # as prod vault?:** - **What conditions are needed to graduate? (e.g. number of harvest cycles, min funds, etc):** ## Prod Deployment Plan - **Suggested position in withdrawQueue?:** Front - **Does strategy have any deposit/withdraw fees?:** No - **Suggested debtRatio?:** - **Suggested max debtRatio to scale to?:** - **Protocol and strategy experts:** ==todo== - **Proposed lead:** Spalen ## Emergency Plan - **Shutdown Plan:** Withdraw asset from Granary - **Things to know:** There is a possibility that the strategy cannot withdraw if the utilization rate is too high. - **Scripts / steps needed:** - **Is it safe to...** - call EmergencyShutdown: ==todo== - remove from withdrawQueue: ==todo== - call revoke and then harvest: ==todo== ## Additional ### Difference with deployed Aave v2 on mainnet - [IAToken](https://www.diffchecker.com/ONaYrpOc/) - Granary adds IInitializableAToken. - [IStableDebt](https://www.diffchecker.com/rqrMjMRl/) - Granary extends additional IInitializableDebtToken. - [IVariableDebt](https://www.diffchecker.com/Lx4G48Wu/) - Granary extends additional IInitializableDebtToken. - [LendingPoolStorage](https://www.diffchecker.com/Db5Lf3VH/) - Granary adds 3 additional private variables. - [ReserveLogic](https://www.diffchecker.com/IiKPUyvp/) - small optimisation - [IReserveInterestRateStrategy](https://www.diffchecker.com/ls9kMyl7/) - change function params. - [AaveOracle](https://www.diffchecker.com/Ntv1Mi7T/) - change to generic implementation instead of WETH as base currency. - [IChainlinkAggregator](https://www.diffchecker.com/wYCennmW/) - add function decimals() - [UIPoolDataProvider](https://www.diffchecker.com/QZTp0WY7/) - add incentive controller and oracle - [DefaultReserveInterestRateStrategy](https://www.diffchecker.com/JMgdriWS/) - add function to calculate interest rates - [DelegationAwareAToken](https://www.diffchecker.com/zaXWRmtN/) - remove constructor. - [AToken](https://www.diffchecker.com/RP3SVPXU/) - move constants to IncentivizedERC20. Change function initalize to use more params. Add functions to return constants. Override function handleRepayment to empty impl. - [IncentivizedERC20](https://www.diffchecker.com/tEtGoBT7/) - set contract as abstract, remove incentivesController variable, implementation moved to child. - [LendingPool](https://www.diffchecker.com/dvKoEHCY/) - move constants to initalize function because they are moved to LendingPoolStorage, add public function to return these values. Call IAToken.handleRepayment() which has empty implementation. - [WETHGateway](https://www.diffchecker.com/j4TRGxDm/) - move seting pool variable from constructor to function protected by onlyOwner. Remove pool param form deposit and withdraw functino. - [LendingPoolConfigurator](https://www.diffchecker.com/EaMo32Bi/) - TODO - [VariableDebtToken](https://www.diffchecker.com/voT6g7I6/) - add variables pool, underlyingAsset and incentivesController and function to return these values. - [DebtTokenBase](https://www.diffchecker.com/c3UTG4pL/) - use new implementation of IncentivizedERC20. - [StableDebtToken](https://www.diffchecker.com/Iqh6GoiI/) - add variables pool, underlyingAsset and incentivesController and function to return these values. - [StableAndVariableTokensHelper](https://www.diffchecker.com/sHqp5S03/) - simplify by removing variables. - [ATokensAndRatesHelper](https://www.diffchecker.com/X1weRcwI/) - use struct to wrap all function input params.