-1.png?width=300&height=47&name=OZ_logo_color%20(3)-1.png "OpenZeppelin"){kind=logo}
The audit report prepared by OpenZeppelin on May 2, 2023 provides an overview of the BTG-USD stablecoin developed by BTG Pactual. The stablecoin is designed to be pegged to the US Dollar and deployed on the Polygon network, allowing for trading on exchanges and DeFi applications.
Advisory Services
A dedicated security architect collaborated with the BTG Pactual team to offer expert guidance and suggest best practices for using Defender (a leading security, monitoring and automation platform for smart contract management), access management, and securely integrating with external systems such as Fireblocks. This provided the BTG Pactual developer team with comprehensive support throughout all stages of the development lifecycle.
Trust Assumptions Overview
The security model of the BTG-USD stablecoin relies on the following trust assumptions:
- Users must trust that the token is fully collateralized with assets equal to or exceeding the value of 1 USD - this is crucial to any asset-backed stablecoin.
- If BTG ensures transparency for third-party audits of the reserves, this will promote confidence in the system.
- Compliance with regulations, such as anti-money laundering (AML) and know-your-customer (KYC) policies, should be in place and result in blocklisting non-compliant users.
Upgradeability Considerations
The stablecoin smart contract features an upgradability mechanism, allowing BTG Pactual to update the implementation, changing the code of the BTG-USD token. Smart contract upgradeability introduces security considerations related to the control of privileged roles, including the DEFAULT_ADMIN_ROLE and the UPGRADER_ROLE. Unauthorized access to these roles could lead to the introduction of malicious code or vulnerabilities in the stablecoin. Furthermore, updates made to the stablecoin smart contract via upgradeability should undergo an immediate audit to ensure security.
Security Audit Findings
The audit report highlights security issues of varying severity. BTG Pactual has taken action and addressed each of these issues.
A high-severity issue, which allowed users with the DENY_ROLE to bypass the blocklist mechanism, has been resolved. BTG Pactual implemented an update by introducing the _deniedAddress mapping and related functions, ensuring that users cannot renounce their roles and evade blocklisting. By addressing this issue, BTG Pactual can exercise the ability to operate a secure and trusted blocklist, further ensuring only authorized users have the ability to transact with the stablecoin.
A medium-severity issue regarding the burn functionality has also been addressed. BTG Pactual restricted the burn and burnFrom functions to privileged users with the BURNER_ROLE permission. This ensures that only the users with this role can mint or burn tokens, preventing unauthorized burning and maintaining accurate total supply calculations.
BTG Pactual has also resolved a medium-severity issue that allowed anyone to burn their tokens. They added access control to this feature. This is now aimed at allowing the burning of funds within the accounts of malicious users.
Lastly, a medium-severity issue concerning the proxy deployment has been resolved. BTG Pactual now specifies the Universal Upgradeable Proxy Standard (UUPS) as the proxy type in the deployment script. This ensures that only authorized users can perform upgrade operations and mitigates the risk of unauthorized upgrades.
Summary
The OpenZeppelin Secure Audit has provided BTG Pactual with proactive measures to enhance the security and trustworthiness of the BTG-USD stablecoin. By addressing the identified issues and implementing the recommended measures, BTG Pactual has strengthened the stability and integrity of the stablecoin, providing a more secure and reliable digital asset for users on the Polygon network.
