Skip to main content
EbisuEbisu ~ weETH/sUSDai Oracles Integration - Oct 23, 2025

Ebisu ~ weETH/sUSDai Oracles Integration

Smart Contract Security Assessment

October 23, 2025

Ebisu

SUMMARY

ID
DESCRIPTION
STATUS
PROTOCOL-LEVEL CONSIDERATIONS
P1
Pricing scheme may allow for micro-arbitrage opportunities to occur
info
P2
eETH and ETH are implicitly priced at a 1:1 ratio
info
P3
Shutdown branches might end up creating arbitrage opportunities
info
OTHER / ADVISORY ISSUES
A1
Unused immutable field
info
A2
Unused internal function
info
A3
Redundant check on price feed’s decimals
info
A4
Compiler bugs
info

ABSTRACT

Dedaub was commissioned to perform a security audit of Ebisu’s price feeds for the weETH and sUSDai assets that will be supported upon the project’s deployment on the Plasma network.


SETTING & CAVEATS

This audit report mainly covers the changes introduced to the at-the-time private repository https://github.com/ebisufinance/ebisu-money-plasma/ , in branch staging at commit 8b48868ec411f6010a2fe05eeff496cf7952e43f

2 auditors worked on the codebase for 1 day.

The audit’s main target is security threats, i.e., what the community understanding would likely call "hacking", rather than the regular use of the protocol. Functional correctness (i.e. issues in "regular use") is a secondary consideration. Typically it can only be covered if we are provided with unambiguous (i.e. full-detail) specifications of what is the expected, correct behavior. In terms of functional correctness, we often trusted the code’s calculations and interactions, in the absence of any other specification. Functional correctness relative to low-level calculations (including units, scaling and quantities returned from external protocols) is generally most effectively done through thorough testing rather than human auditing.

While the set of changes introduced in the PR does not affect a large number of lines in the codebase, the auditors spent considerable time examining potential risks stemming from the assets’ economics, as well as the pricing methodology used in the new oracles. Lastly, the auditors checked for potential incompatibilities arising from the code of the ERC20 tokens to be supported. This was a main point of consideration, since the assets were not deployed natively on Plasma normal ERC20 contracts but instead by using LayerZero’s OFT standard.


VULNERABILITIES & FUNCTIONAL ISSUES

This section details issues affecting the functionality of the contract. Dedaub generally categorizes issues according to the following severities, but may also take other considerations into account such as impact or difficulty in exploitation:

CATEGORY
DESCRIPTION
CRITICAL
Can be profitably exploited by any knowledgeable third-party attacker to drain a portion of the system’s or users’ funds OR the contract does not function as intended and severe loss of funds may result.
HIGH
Third-party attackers or faulty functionality may block the system or cause the system or users to lose funds. Important system invariants can be violated.
MEDIUM
Examples:
  • User or system funds can be lost when third-party systems misbehave
  • DoS, under specific conditions
  • Part of the functionality becomes unusable due to a programming error
LOW
Examples:
  • Breaking important system invariants but without apparent consequences
  • Buggy functionality for trusted users where a workaround exists
  • Security issues which may manifest when the system evolves

Issue resolution includes “dismissed” or “acknowledged” but no action taken, by the client, or “resolved”, per the auditors.


PROTOCOL-LEVEL CONSIDERATIONS

P1

Pricing scheme may allow for micro-arbitrage opportunities to occur

PROTOCOL-LEVEL-CONSIDERATION
info

Both weETH and sUSDai represent shares of staked tokens, having the native deployments of the assets serving as ERC-4626-like vaults.

This inherently means that typically:

  • Both of the assets have an on-chain exchange rate with the underlying staked token which is retrievable from the weETH/sUSDai contracts respectively.
  • Both assets can be instantly redeemed for the underlying asset at any time.

While Liquity (and by extension Ebisu) operate based on Chainlink-provided prices, the protocol wishes to guard against scenarios where the off-chain price information on instantly redeemable assets lags behind the current on-chain exchange rate. In such scenarios, parties could treat the protocol as a seller of the instantly redeemable asset and:

  • “Buy” the asset at a cheaper price (because the Chainlink price is lagging) using Liquity/Ebisu’s redemption mechanism
  • Redeem the asset to the native vault-like contract at a higher price

Typically the protocol guards against this scenario by comparing the on-chain exchange rate against the price obtained by Chainlink:

RETHPriceFeed::_fetchPricePrimary:69
...
// If it's a redemption and canonical is within 2% of market, use the max to mitigate unwanted redemption oracle arb
if (
    _isRedemption
        && _withinDeviationThreshold(rEthUsdMarketPrice, rEthUsdCanonicalPrice, RETH_ETH_DEVIATION_THRESHOLD)
) {
    rEthUsdPrice = LiquityMath._max(rEthUsdMarketPrice, rEthUsdCanonicalPrice);
...

If the on-chain exchange rate deviates from the off-chain price by a small amount, this is considered to occur due to oracle lagging; therefore, the price oracle yields the worst of the two prices for redemption.

Because weETH, sUSDe, and sUSDai are all bridged to Plasma using LayerZero’s OFT standard, there is no way to obtain the current on-chain exchange rate of those redeemable assets from their corresponding contracts. Instead, these exchange rates can only be supplied externally via Chainlink oracles:

sUSDePriceFeed::_fetchPricePrimary:57
...
        // Get USDe/USD price (returns in 18 decimals from _getOracleAnswer)
        (uint256 usdeUsdPrice, bool usdeUsdOracleDown) = _getOracleAnswer(ethUsdOracle);
...

        // Get sUSDe/USD price (returns in 18 decimals from _getOracleAnswer)
        (uint256 sUsdeUsdPrice, bool sUsdeUsdOracleDown) = _getOracleAnswer(sUSDeUsdOracle);
...

        // Get sUSDe/USDe rate from oracle (returns in 18 decimals from _getOracleAnswer)
        (uint256 sUsdeUsdeRate, bool sUsdeUsdeRateOracleDown) = _getOracleAnswer(sUSDeUsdeRateOracle);
...

In the event that Chainlink prices fall behind the true on-chain exchange rate, deviation checks can consequently lag behind the on-chain state. This is a fundamental limitation of the cross-chain deployment of these assets and lies outside the protocol’s control. However, it could give rise to small arbitrage opportunities—especially when arbitrageurs can use LayerZero’s bridging primitives to transfer assets to the host chain within seconds and complete the arbitrage cycle.

Under normal Chainlink oracle operation, this is not expected to be a likely scenario. Even if such deviations occur, they should exist only momentarily without posing any significant risk to the protocol’s ability to operate healthily.

P2

eETH and ETH are implicitly priced at a 1:1 ratio

PROTOCOL-LEVEL-CONSIDERATION
info

In the following snippet:

WEETHPriceFeed::_fetchPricePrimary:71
...
// Get weETH/eETH rate from oracle (returns in 18 decimals from _getOracleAnswer)
// Since eETH ≈ ETH (1:1), this effectively gives us weETH/ETH rate
(uint256 weEthEthRate, bool weEthEthRateOracleDown) = _getOracleAnswer(weETHEthRateOracle);
if (weEthEthRateOracleDown) {
    return (_shutDownAndSwitchToLastGoodPrice(address(weETHEthRateOracle.aggregator)), true);
}
...

There exists the implicit assumption that eETH and ETH are priced at a 1:1 ratio. While this is approximately correct, it can be the case that the market prices of those assets (even within Chainlink oracles) experience slight deviations:

Ebisu

Under normal circumstances, this is not expected to pose significant security risks to the protocol. When such deviations occur, micro-arbitrage opportunities like the ones described in P1 can momentarily arise.

P3

Shutdown branches might end up creating arbitrage opportunities

PROTOCOL-LEVEL-CONSIDERATION
info

When a branch shuts down because of an oracle failure, the fallback price that is used for instantly redeemable assets like eUSDe, weETH and sUSDai is providing the last good price:

WEETHPriceFeed::_fetchPricePrimary:71
...
if (usdeUsdOracleDown) {
    return (_shutDownAndSwitchToLastGoodPrice(address(ethUsdOracle.aggregator)), true);
}
...
if (sUsdeUsdOracleDown) {
    return (_shutDownAndSwitchToLastGoodPrice(address(sUSDeUsdOracle.aggregator)), true);
}
...
if (sUsdeUsdeRateOracleDown) {
   return (_shutDownAndSwitchToLastGoodPrice(address(sUSDeUsdeRateOracle.aggregator)), true);
}
...

The fallback price after a shut down can no longer be updated, and given the fact that the above-mentioned assets have a potentially constantly-changing on-chain exchange rate there could exist scenarios when shutdown branches create arbitrage incentives during Liquidations and urgent Redemptions.

That being said, even if profitable opportunities for arbitrage arise because of a deviation of the stored price compared to the on-chain exchange rate, it’s expected that a lot of users would be urged to burn debt because of the incentives during shutdown. In the end, such opportunities are both highly unlikely (a Chainlink oracle failure would mean systemic risk) and short-lived.



CRITICAL SEVERITY

[No critical severity issues]


HIGH SEVERITY

[No high severity issues]


MEDIUM SEVERITY

[No medium severity issues]


LOW SEVERITY

[No low severity issues]


CENTRALIZATION CONSIDERATIONS

There have been no changes that affect the degree of centralization previously noted at: Ebisu smart contract audit report | Dedaub Audit Reports


OTHER / ADVISORY ISSUES

This section details issues that are not thought to directly affect the functionality of the project, but we recommend considering them.

A1

Unused immutable field

ADVISORY
info

Stemming from P1 , the following immutable field is unused:

sUSDaiPriceFeed:12
contract sUSDaiPriceFeed is MainnetPriceFeedBase {
    uint256 public constant SUSDAI_USD_DEVIATION_THRESHOLD = 2e16; // 2%
...

A2

Unused internal function

ADVISORY
info

Stemming from P1 and the lack of a sUSDai/USD Chainlink price feed on Plasma, the following internal function is unused:

sUSDaiPriceFeed::_withinDeviationThreshold:74
function _withinDeviationThreshold(uint256 _priceToCheck, uint256 _referencePrice, uint256 _deviationThreshold)
    internal
    pure
    returns (bool)
{
    uint256 max = _referencePrice * (DECIMAL_PRECISION + _deviationThreshold) / DECIMAL_PRECISION;
    uint256 min = _referencePrice * (DECIMAL_PRECISION - _deviationThreshold) / DECIMAL_PRECISION;
    return _priceToCheck >= min && _priceToCheck <= max;
}

A3

Redundant check on price feed’s decimals

ADVISORY
info

During the construction of sUSDaiPriceFeed:

sUSDaiPriceFeed::constructor:32
constructor(
    address _usdaiUsdOracleAddress, // USDai/USD oracle
    address _sUsdaiUsdaiRateOracleAddress, // sUSDai/USDai rate oracle
    uint256 _usdaiUsdStalenessThreshold,
    uint256 _sUsdaiUsdaiRateStalenessThreshold,
    address _borrowerOperationsAddress
) MainnetPriceFeedBase(_usdaiUsdOracleAddress, _usdaiUsdStalenessThreshold, _borrowerOperationsAddress) {
    usdaiUsdOracle.aggregator = AggregatorV3Interface(_usdaiUsdOracleAddress);
...
    usdaiUsdOracle.decimals = usdaiUsdOracle.aggregator.decimals();
...
    require(usdaiUsdOracle.decimals == 8, "USDai/USD oracle must have 8 decimals");
...

The decimals of the USDai/USD oracle are first asserted to be 8 inside the constructor of MainnetPriceFeedBase:

sUSDaiPriceFeed::constructor:32
constructor(address _ethUsdOracleAddress, uint256 _ethUsdStalenessThreshold, address _borrowOperationsAddress) {
    ethUsdOracle.aggregator = AggregatorV3Interface(_ethUsdOracleAddress);
...
    ethUsdOracle.decimals = ethUsdOracle.aggregator.decimals();
...
    assert(ethUsdOracle.decimals == 8);
}

A4

Compiler bugs

ADVISORY
info

The code is compiled with Solidity 0.8.24. Version 0.8.24 has no known bugs.



DISCLAIMER

The audited contracts have been analyzed using automated techniques and extensive human inspection in accordance with state-of-the-art practices as of the date of this report. The audit makes no statements or warranties on the security of the code. On its own, it cannot be considered a sufficient assessment of the correctness of the contract. While we have conducted an analysis to the best of our ability, it is our recommendation for high-value contracts to commission several independent audits, a public bug bounty program, as well as continuous security auditing and monitoring through Dedaub Security Suite.


ABOUT DEDAUB

Dedaub offers significant security expertise combined with cutting-edge program analysis technology to secure some of the most prominent protocols in DeFi. The founders, as well as many of Dedaub's auditors, have a strong academic research background together with a real-world hacker mentality to secure code. Protocol blockchain developers hire us for our foundational analysis tools and deep expertise in program analysis, reverse engineering, DeFi exploits, cryptography and financial mathematics.