Asset Risk Assessment - RAMP (rUSD)

A risk assessment on the RAMP rUSD stablecoin for Curve veCRV holders

The article was first published on Github. This is a later publication with very minimal edits.

Useful links

1. RAMP-Defi Homepage

2. RAMP-DEFI Docs

3. RAMP-DEFI Github

4. Most recent Public audits

5. RAMP Smart Contracts: the first commit was 14 hours before the start of this review process.

6. rUSD-BUSD PancakeSwap v2 pool (Binance Smart Chain) pair explorer

7. rUSD-USDC Quickswap pool (Polygon) pair explorer

8. RAMP-DEFI's plans on participating in the Curve Wars

---

rUSD as an asset

1. RAMP that issues rUSD is a multichain lending platform where one can deposit yield-bearing collateral and mint rUSD on Binance Smart Chain and Polygon. Currently, no rUSD is minted off collateral deposited on smart contracts on Ethereum. More chains are expected in the future.

2. The goal of rUSD is to be a cross-chain transit currency, which is why the RAMP-DEFI team wishes to acquire gauges on curve pools: curve pools offer rUSD a sturdy peg against more established dollar-stablecoins (3crv, am3crv, etc.).

3. The amount a user may mint is capped by the maximum collateral ratio: rUSD is said to be over-collateralized (cannot check this since contracts are not public) with minimum collateralization of 135% and liquidation at 130%.

4. The assets used as collateral:

   • Binance Smart Chain: single assets such as RAMP, CAKE, wBNB, ETH, BTCB, or LP tokens (on Pancakeswap) for RAMP/BUSD, INJ/BNB, CAKE/BNB, CAKE/BUSD, CAKE/USDT, BNB/BUSD, BNB/USDT, ETH/BNB, LINK/BNB, BTCB/BNB, LINK/BNB, DOT/BNB, DOGE/BNB, and more ...

   • Polygon: single assets such as RAMP, wMATIC, or LP tokens (on Quickswap) for RAMP/ETH and MATIC/ETH, and more ...

5. In the context of oracles, RAMP-DEFI has a RAMP/USD oracle provided by Chainlink, with several good sources of information. For single asset collateral, RAMP aims to use Chainlink Price Feeds. It is not clear what oracles are used currently for other assets.

6. the rUSD peg has currently been maintained by frequent buybacks from protocol revenues.

7. The RAMP DAO has a voting Quorum is set at 5% and it seems that the votes are more symbolic than binding.

---

Reviewer's concerns

1. The contracts used for minting rUSD are upgradeable:

   • rUSD mint transaction on Binance Smart Chain.

   • rUSD mint transaction on Polygon.

2. There is no transparency (on-chain) on collateral ratios. The only source of platform analytics is RAMP-DEFI's, Analytics Page.

3. The price oracle is settable, and the oracle is upgradeable by a controller contract:

4. There are no Chainlink Oracles for RAMP on Polygon, so it is not clear where the oracle for a CDP on RAMP as a collateral come from. - It is not clear who can set the oracle as well - this information is not available in the docs.

5. Not enough documentation - the documentation does not detail liquidations, offer verified on-chain contracts, offer information on multisigs involved, or offer explanations on who is responsible for the oracles.

6. The RAMP DAO is a symbolic DAO and seems to have no real say over what happens this means that the core DEV team can just make changes and change ratio or oracles. It seems there are now plans to add more decentralization in the technical roadmap https://docs.rampdefi.com/ramp-defi/ramp-v2-roadmap

---

RAMP Token Infinite Mint possibility

The RAMP token minted on BSC: https://bscscan.com/address/0x8519ea49c997f50ceffa444d240fb655e89248aa The following function is used to call the mint the token:

Only a permissioned address can mint, and if you look closer the permissioned address can only mint if the following conditions are satisfied:

The one who calls the contract needs to satisfy hasMintPermission, and canMint. If those conditions are satisfied, then RAMP token (which can be used as collateral on RAMP-DEFI) can be minted to whatever amount the address with hasMintPermission sets. The modifier canMint checks for the variable mintingFinished, which is only called after the function finishMinting is called. This function needs to be called separately in order to CAP the total supply of RAMP tokens on BSC:

Upon checking for the most recent value of this, one observes that this method was never called, (on BSCScan):

So, there exists the possibility of infinitely minting the RAMP token (which can also be used as collateral to mint rUSD).

---

Does the asset meet minimum requirements for a gauge?

1. Is it possible for a single entity to rug its users?

   • The contracts securing rUSD are upgradeable. It is very possible for a malicious actor to upgrade the contract.

   • The oracles are upgradeable.

   • There seems to be no realistic fixed cap on the BSC RAMP token, which can be used to mint rUSD. Hence, there exists a possibility of minting rUSD infinitely.

2. If the team vanishes, can the project continue?

   • Currently, the rUSD peg is maintained by frequent buybacks. The absence of these buybacks may devalue the asset.

   • Currently, the project is in the process of launching on several chains, considering that they are building a cross-chain transit asset. There's a lot of work to be done, and the project will have a tough time surviving if there is nobody behind it.

   • The team is doxxed: Linkedin Profile.

   • It seems there is no clear path towards decentralization.

3. Do audits reveal any concerning signs?

   • There have been audits conducted on RAMP contracts by BEOSIN and Hacken. The audits seem to raise no concerns.

   • RAMP-DEFI has not announced a bug bounty program in the history of the platform.

---

Summary:

1. RAMP-DEFI contracts are unverified and most important of all Upgradeable: this is a strict no-no because it is centralized finance with no transparency at all. The contracts they published on Github (yesterday only, by the way) may not be what is implemented on-chain. There are too many places where an exploit can happen, which makes rUSD a very vulnerable asset.

2. Coingecko is not an oracle. Using Coingecko as an oracle involves some sort of a centralized service that constantly updates the prices in their homegrown oracle contracts. This has several points of failures and ruggability, and well: Coingecko is not an oracle of 'truth' on the price of an asset. This makes the collateralization unreliable.

3. The audits currently on their contracts are not of the highest quality: the auditors could be more credible.

4. The documentation around their code and platform leaves much to be desired. For an example of good documentation, refer to Reflexer Labs.

5. Because contracts are unverified, it is impossible to verify on-chain whether their system is solvent.

6. RAMP on Binance Smart Chain can be infinitely minted: this is purposefully done as the token exists as a bridge token between other chains and BSC. However, this is highly centralized. Since RAMP on BSC is also used as collateral, this makes rUSD infinite minting from a bad actor a possibility.

7. rUSD can only be minted on polygon and Binance smart chain right now.

8. RAMP says it has a DAO but that is so far just symbolic and it seems there are no plans on the roadmap to go towards more decentralization.

Recommendation

The rUSD asset currently does not meet the requirements for receiving CRV emissions.

As an olive branch, we know that the RAMP team is busy solving these issues. Based on the latest available knowledge, our recommendation is to do the following first and then reapply for a rUSD/3CRV gauge:

1. Change oracles to Chainlink for collateral used to mint rUSD.

2. Verify contracts for full transparency: security by obscurity is unacceptable.

3. Get audits from reputable firms such as OpenZepplin, Trail of Bits, maybe even ChainSecurity if that's even a possibility. Set up an immunifi bug bounty.

4. Decentralize/use other bridges for the RAMP token.

5. Make a clear roadmap towards decentralization.