Bahurum - UXD is pegged to USDC, not to USD

[github-actions[bot]]

Bahurum

medium

UXD is pegged to USDC, not to USD

Summary

The depositories do not de-risk UXD value from the de-pegging of USDC. They work in a way that if USDC depegs from USD, then UXD will follow it. This somehow defeats the purpose of UXD.

Vulnerability Detail

There are two depositories for now in the protocol:

• RageDnDepository on Arbitrum: it allows depositing USDC for an equal amount of UXD or redeeming UXD for an equal amount of USDC (neglecting yield accrued).
• PerpDepository on Optimism: it allows to deposit ETH to receive UXD and vice-versa. The exposure to ETH held by the Depository is hedged by holding an opposite position on ETH/USDC on Perp protocol.

If USDC depegs, say USDC = 0.98 USD, then

• Value of UXD on free market is initially 1 USD

• Arbitrageurs will:

  • deposit 1 USDC on RageDnDepository in exchange for 1 UXD
  • Sell 1 UXD for 1 USD (or a non affected stablecoin, say DAI) on market
  • Buy around 1.02 USDC with 1 USD (or DAI) and profit 0.02 USDC
  • Repeat Until Market price of UXD is 0.98 USD and no more profits

• Arbitrageurs will also, at the same time (let's say ETH = 980 USD = 1000 USDC)

  • deposit 1 ETH into PerpDepository for 1000 UXD (ClearingHouse will return quoteAmount = 1000*1e18)
  • Sell 1000 UXD for 1000 USD (or a non affected stablecoin, say DAI) on market
  • Buy 1 ETH with 980 USD (or DAI) and profit 20 USD
  • Repeat Until Market price of UXD is 0.98 USD and no more profits

• Final market value of UXD is 0.98 USD

So both RageDnDepository and PerpDepository offer arbitrage mechanisms that will keep UXD pegged to USDC.

This is because of the implicit assumption in both contracts that 1 UXD = 1 USDC, which is good when USDC is pegged since it makes UXD stable but is false when USDC depegs. This is why arbitrageurs can make profits since when USDC is depegged the Depositories are making losing trades exchanging 1 UXD for 1 USDC and are taking losses.

See this assumption in RageDnDepository._assetsToRedeemable(), RageDnDepository._redeemableToAssets() for exemple

Impact

While it is an unlikely scenario that USDC will depeg, UXD wants to be a decentralized stablecoin but it is, in the current implementation of the protocol, tightly pegged to USDC, which is centralized.

Code Snippet

https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/rage-trade/RageDnDepository.sol#L172-L194

Tool used

Manual Review

Recommendation

Note that the cause of this issue is what keeps UXD stable: the fact that it is pegged to USDC. The proposed solution is to deploy other depositories which peg UXD also to other stablecoins independent from USDC. This way even if one stablecoin depegs, UXD will maintain its peg thanks to the arbitrage with the other stablecoins.

[WarTech9]

This is a design choice so technically USDC is the price floor for UXD and this is by design

[WarTech9]

Possible long term solution is to use oracle pricing of assets to determine amount of UXD to mint and redeem. Not high priority for the moment but something we plan to address in the future.

[hrishibhat]

Considering the risk related to the de-pegging of USDC. Considering the issue as low due to the likeliness of this happening would be extremely low & that it is a design choice with known risks.