-- https://etherscan.io/token/0xae7ab96520de3a18e5e111b5eaab095312d7fe84 # Compound Asset Listing - Checklist ## Info that needs to be submitted by the proposer *\* Indicates a required field* ### General - [x] Token Asset Name* stETH - [x] A description of the project and the token* stETH is the most liquid and most well known liquid staking derivative for ETH. stETH alows anyone to have exposure to staked ether without the need to stake in multiples of 32 ETH, without having their capital locked until redemptions are enabled and all while being able to use it productively across DeFi. - [x] Benefits to Compound Community* Having stETH as listed as collateral on Compound would have multiple and very large benefits to the Compound Community 1. Allowing interested users to use stETH instead of ETH as collateral, gaining exposure to beacon chain staking yield on their ETH exposure. 2. Allowing for leveraged staking strategies which have become very popular in DeFi, thereby increasing ETH borrow demand and therefore both ETH deposit APR and fees for the DAO. 3. Empirically, stETH (or its wrapped version) has brought great amounts of TVL and usage to every protocol that has onboarded it as collateral. Notable examples are from Aave ([data](https://dune.com/LidoAnalytical/Integration-Lido-Aave)) and Maker ([data1](https://dune.com/LidoAnalytical/Lido-MakerDAO-Integration), [data2](https://dune.com/LidoAnalytical/Integration-Lido-MakerDAO-(wstETH-B))) - [x] Resources (Website, Social Media Links and docs)* - [Lido's Website](https://lido.fi/) - [Lido's Docs](https://docs.lido.fi/) - [Lido's Twitter](https://twitter.com/lidofinance) - [Lido's Telegram](https://t.me/lidofinance) - [Lido's Discord](https://discord.com/invite/lido) - [x] The proposal author their contact info* Justin, Jacob, (wtv you prefer here) - [x] The relationship between the author of the new market proposal and the token* Contributors to the Lido DAO. - [x] Social channels Metrics (Size, activity and growth). | Social Channel | Size | | ------------------------------------------------- | ---------------- | | [Lido's Twitter](https://twitter.com/lidofinance) | 100k followers | | [Lido's Telegram](https://t.me/lidofinance) | 12k members | | [Lido's Discord](https://discord.com/invite/lido) | 40k members | ### Market Risk Assessment - [x] Market Cap of the token* $8.3B (on the 14th of August) (source: [Coingecko](https://www.coingecko.com/en/coins/lido-staked-ether)) - [x] The largest exchanges where the token is listed and its respective liquidity* The largest DEXes and CEXes for stETH are the following: | DEX | TVL | | ----------- | ----------- | | Curve | $1.4B | | Balancer | $150M | | CEX | Volume | | ----------- | ----------- | | Huobi | $900k/day | | FTX | $400k/day | - [ ] Indicate the volatility of the token, defined as the Standard Deviation of log-returns for specific time frames by [Gauntlet](https://maker-report.gauntlet.network/int_vol). - [x] Total supply* stETH's supply (on the 14th of Aug): 4,277,514 (source: [Coingecko](https://www.coingecko.com/en/coins/lido-staked-ether)) - [x] Emission schedule. stETH is minted by users depositing ETH that is then staked with Lido's node operators network. There is no "schedule", the supply will grow as more ETH is staked via Lido. ([stETH's contract](https://etherscan.io/token/0xae7ab96520de3a18e5e111b5eaab095312d7fe84)) Note: Gauntlet will also pull live data to conduct their [market risk assessment](https://gauntlet.notion.site/gauntlet/Gauntlet-Market-Risk-Framework-for-Asset-Listings-on-Compound-de5a852131514f14a560be56b6e51419) after the Checklist is submitted. ### Decentralization - [x] How is this asset distributed amongst token holders? List the top 10 holders, the percentage of each holder, and tag any of them if they are known.*  (extra tag: the first "holder" in the list is the Aave deposit contract for stETH) - [x] List all of the privileged roles in the token contract. This can include whitelisted EOAs, Multi-sigs or DAOs.* Any roles on StETH contract belong to Lido DAO, so using those require on-chain Aragon vote. List of all the roles can be checked out on Aragon UI https://mainnet.lido.fi/#/lido-dao/permissions/app/0xae7ab96520de3a18e5e111b5eaab095312d7fe84 The roles concerning StETH token are `PAUSE_ROLE` & `RESUME_ROLE`, `STAKING_PAUSE_ROLE`, `STAKING_CONTROL_ROLE`, `BURN_ROLE` + DAO-vetted roles for implementation updates & role management (https://mainnet.lido.fi/#/lido-dao/permissions/). `STAKING_PAUSE_ROLE` allows the entity to stop stETH minting, and owner of `STAKING_CONTROL_ROLE` can resume it. Note that `BURN_ROLE` is assigned to StETHBurner contract (https://etherscan.io/address/0xB280E33812c0B09353180e92e27b8AD399B07f26), where only Voting contract can request stETH shares to get burned, and only on the DAO Treasury address. One of the main things the Lido team should note though is: the StETH implementation is upgradable, so the DAO can change the role model or any detail of implementation in the future. Any such change must undergo the DAO vote & successfully reach the quorum to be executable. - [x] Is it pausable?* StETH contract can be paused by the DAO vote. - [x] Does it have a blacklist?* StETH doesn't have blacklist. ### Smart contract risks #### Codebase & On-chain Activity: - [x] Provide a Github repository for the underlying token contracts* https://github.com/lidofinance/ - [x] Provide Etherscan links with verified contracts* https://etherscan.io/token/0xae7ab96520de3a18e5e111b5eaab095312d7fe84 - [x] Give the age of the token in days* 600 days (as of 14th of august) - [x] Given the number of transactions in the contract to date* 368,964 transactions (as of 14th of august) #### Security Posture: - [x] What audits, if any, were performed? Provide links to the reports if they exist.* https://github.com/lidofinance/audits - [x] Does the project have an active bug bounty program?* Yes. More details at https://immunefi.com/bounty/lido/. - [ ] Provide emergency contacts with their responsiveness levels and response availabilities* (TO RESOLVE -- depends on who we want to indicate for this) - [x] List additional security and formal verification tools used in development The current version of StETH & Lido contracts has been audited by MixBytes https://github.com/lidofinance/audits#05-2022-mixbytes-lido-protocol-security-audit-report (earlier versions were audited by Sigma Prime & Quantstamp). Another StETH & Lido contracts audit by ChainSecurity is expected to be published in the next week or so. #### Smart contract Behavoir: - [x] Does the token have more than one address[^1]?* No, stETH's token address is 0xae7ab96520de3a18e5e111b5eaab095312d7fe84 - [x] Does the token use a compiler version greater than 0.8.0 or the SafeMath? If not, explain how the protocol deals with possible overflows and underflows* It does use SafeMath - (https://etherscan.io/address/0x47ebab13b806773ec2a2d16873e2df770d130b50#code) - [x] During the execution of the token's functions, does the token execute external code chosen by the caller or receiver?[^2] If so, please explain the reasoning behind this decision* No, StETH token functions are self-contained and don't call to external code. - [x] How much does the token contract deviate from a standard implementation of ERC20? Any additional features that the Compound DAO should know about?* The main one is upgradability which is more extensively described in the other topics here. - [x] Is it burneable?* Yes, `BURN_ROLE` is assigned to StETHBurner contract (https://etherscan.io/address/0xB280E33812c0B09353180e92e27b8AD399B07f26), where only Voting contract can request stETH shares to get burned, and only on the DAO Treasury address. - [x] Does it have a fixed supply? If no, who can mint?* It does not have a fixed supply. Users who deposit and stake additional ETH via lido receive new stETH. - [x] Is it a rebasing token?* Yes. stETH rebases daily to account for ETH staking rewards in the beacon chain - [x] Does the token charge fees on transfers?* No, stETH doesn't charge fees on trasnfers. - [ ] Is the contract performing arbitrary `delegatecall`s?* If the answer is yes, indicate who can make these calls and to what contracts. - [x] Is it flash mintable? If yes, please provide more information on this feature* No, StETH doesn't provide flash minting. - [x] Is it flash loanable? If yes, please indicate who offers the service.* stETH can be flosh-loaned from AAVE V2 market on Ethereum mainnet: https://app.aave.com/reserve-overview/?underlyingAsset=0xae7ab96520de3a18e5e111b5eaab095312d7fe84&marketName=proto_mainnet #### Upgradability: - [x] Is it upgradeable?* Yes, the StETH implementation is upgradable. If yes, answer the following questions: - [x] Who is authorized to make an upgrade? Any change must undergo the DAO vote & successfully reach the quorum to be executable. - [x] Can an upgrade happen instantaneously or is there a time-lock delay? Token implementation upgrade requires DAO vote. There's no classic timelock, but the vote is two-phase: 48h to vote both "for" and "against" + 24h to vote only "against"; the last part acts as a timelock, during which the change can get stopped. - [x] Which components are upgradable? Any implementation detail. - [ ] How does the upgradeability design work? Who manages it and are how upgrades performed? - [ ] Does it emit an event when the implementation is updated? ## Initial Requirements - [ ] Set collateral factor to 0. - [ ] Set established borrow limit if necessary (Usually it is set if large loans of this asset are associated with potential governance attacks related to the asset itself). - [ ] Set reserve Factor to 25% (any other convenient value can be set in other proposals depending on the asset's volatility and category). ## Considerations - [ ] Proposals must be first posted in the Compound forum *New Markets* category. - [ ] The on-chain proposal must contain a link to the corresponding thread in the forum. - [ ] One proposal per asset. - [ ] All actions in the proposal must be related to the listing of the token. - [ ] Do not deploy contracts without first submitting the proposal to the forum. - [ ] Use markdown in the description of the proposal in the transaction, add links and start the title with # Add market: NAME. ## Community Check The community should review the following items before approving a new asset. - [ ] Veracity or the info provided. - [ ] Correct configuration of the contracts (cToken, oracle, etc.). - [ ] Documentation quality. - [ ] Favorable results in the execution of the token test suite or integration simulations. [^1]: [Double entry point vulnerability TUSD](https://blog.openzeppelin.com/compound-tusd-integration-issue-retrospective/). [^2]: [C.R.E.A.M. Finance Post Mortem: AMP Exploit](https://medium.com/cream-finance/c-r-e-a-m-finance-post-mortem-amp-exploit-6ceb20a630c5).