Stephen Tong, co-founder of blockchain security firm Zellic, found bugs in most popular smart contract ever
in his Wrapped ETH (WETH) format verification Research, Stephen Tong confirms two parameters critical to the token design of Wrapped Ether, an ERC-20 token that mirrors ether (ETH) in DeFi applications.
Analyst checked accuracy of total WETH supply and its solvency: Results
Today, on Nov. 19, 2022, Tong published a review on two features of Wrapped Ethereum (WETH), a smart contract on the Ethereum (ETH) network designed to streamline ETH usage in DeFi by “wrapping” it into a regular ERC-20 asset.
They took advantage of Constrained Horn Clause (CHC) tools to model all possible states of the wrapped Ethereum (ETH). Then, they checked whether the “total supply” metric of the WETH smart contract actually equated to the number of tokens.
He also tried to verify whether it was possible to redeem ETH from WETH at any time; Tong called this function “solvency.”
Regarding the first point, the analyst revealed that the total supply is not equal to the amount of tokens in existence:
Technically speaking, the ERC-20 standard specifies that totalSupply() should equal the…”total supply”. Which is kinda vague, but one would assume that it’d be the total tokens in existence
Through the self-destruct function, which destroys a contract or moves any contract funds to a specified address, users will be able to mine WETH tokens without actually sending ETH for wrapping, Tong concluded.
Is this really dangerous for WETH users?
He also demonstrated that the depositor of Ethers (ETH) will not necessarily be able to withdraw their funds from smart contracts at any time.
Thus, they provided two hypothetical models to demonstrate the absence of a correlation between WETH contract balances and the actual number of tokens, as well as “solvency defects” affecting the withdrawal process.
However, he stressed that both situations are hypothetical and modeled only for the experiment. The bugs in the research are “minor” and “harmless.”
Since launching in 2020, Zelic has audited a number of top-tier DeFi protocols, including the likes of 1inch (1INCH), LayerZero and SushiSwap (SUSHI).