Ampleforth has completed upgrades after its second security audit through New York firm Trail of Bits. The full report is available below. Ampleforth is a stablecoin which uses a different method of preserving its dollar-to-unit ration, by transferring “volatility from unit price to unit count.”…
Ampleforth has completed upgrades after its second security audit through New York firm Trail of Bits.
The full report is available below. Ampleforth is a stablecoin which uses a different method of preserving its dollar-to-unit ration, by transferring “volatility from unit price to unit count.” As the market shifts around Ampleforth, formerly Fragments, users balances change to reflect the change in price.
Security is obviously very important in stablecoins and cryptocurrencies generally. Ampleforth hired Chinese firm SlowMist to conduct its first audit. The audits find no major vulnerabilities. The second audit finds some possible improvements. Ampleforth has responded by implementing 75% of the recommended changes in its latest version. Only minor code updates were required.
Ampleforth has determined that the fourth issue spoke in fact to their intentional design. They have committed to “monitoring it closely.”
This issue that Ampleforth decided not to address was related to its oracle services. According to Trail of Bits, a malicious market maker could play with the stability of Ampleforth. They said:
A market source returns a very large value for partialRate and/or partialVolume . This causes a revert in the calculation of volumeWeightedSum and thereby prevents rebasing. Self-stabilization through rebasing will not occur until the offending market source is removed from the whitelist.
CCN asked Ampleforth for clarification on this matter. They responded:
After some discussion, the Ampleforth team decided to take no immediate action. The fundamental issue is that the oracle relies on a whitelist of sources authorized to provide data — fixing an overflow with an input restriction still would not have changed this. Adding a maximum allowable value independent of the number of sources combined in the calculation would have either been arbitrary or overly limiting.
Truly decentralized oracles are the best approach long term, but they’re still highly conceptual and not ready for a high stakes, adversarial environment. We’re keeping a close eye on this space, and are considering migrating to external oracle infrastructure at some point, like Chainlink. It’s worth noting that other prominent projects also use whitelisted sources, including for example MakerDAO and Compound.
Ampleforth CTO Brandon Iles said of the audit:
The completion of this security audit on the Ampleforth protocol marks a major milestone for us. By identifying risks and vulnerabilities early, we can work toward improving the codebase and reducing the potential of future hacks, which may result in losses of millions of dollars overnight.
As CCN previously reported, Ampleforth is a rebrand of Fragments. From a recent phone conversation with the Ampleforth team:
Ampleforth is kind of more like a natural resource than a national bank. This thing is designed very simply. It’s meant to maintain a stable unit of account. The rest of it is very similar to a normal floating price token. But the key here is that we don’t want to be a central bank. We want to be a different type of natural resource.
Ampleforth’s website says:
Our goal with uFragments is to create the least greedy system capable of supporting all three functions of money.
The bottom line is that security audits are especially important in smart contracts. Vulnerabilities vanquish millions of dollars, after all.
Featured image from Shutterstock.