Author

Topic: Thoughts about / risks of WBTC? (Read 77 times)

sr. member
Activity: 938
Merit: 452
Check your coin privilege
January 22, 2021, 07:07:59 AM
#1
What do you guys think about WBTC? I understand it's a proprietary smart contract under a multisig by multiple entities.

https://wbtc.network/

There are "merchants" that can request access to mint and burn requests, and for each of these requests they need a tx that backs the mint with real bitcoins.

Bunch of examples in the page here :

https://wbtc.network/dashboard/order-book

I want to start using WBTC more because the ethereum network allows for things like liquidity pools, yield farming, lending/borrowing trustlessly with margin etc.. But what are the potential attack vectors here?

You have txes like these :

https://etherscan.io/tx/0xe6f95c38659c5ec6a6886771de2fed8fe4d4876eb8e8fc6a180ad63bf93f400b



So the mint request has an amount, btc address, and txid to trigger the mint. This seems to happen manually, since after the tx above, a few hours later this tx approving the mint is exercised :

https://etherscan.io/tx/0x45efef8f065a365dc1259ea2ff3efc158cde397ae8d45a90115646665555c29f

The question remains in the trustworthiness of these custodians. Taken from their press release :

Quote
T​he WBTC DAO members initially consist of AirSwap, BitGo, Blockfolio, Compound,DDEX / Hydro, Dharma, Gnosis, GOPAX, Kyber Network, Loopring Protocol,MakerDAO, OmiseGO, Prycto, Ren, Set Protocol, and TheOcean. Any critical changesto the WBTC structure must be approved by the DAO.

I understand that more projects makes this more secure as multisig becomes harder to compromise but many of these projects are not worth a lot in market cap and thus makes many of them weak links in this group.

Also, can anyone explain why the number of circulating tokens on etherscan is different from the tokens displayed in the "audit" link?

https://etherscan.io/token/0x2260fac5e5542a773aa44fbcfedf7c193bc2c599

https://wbtc.network/dashboard/audit

On a different note, since all of this is done manually I'm guessing WBTC is somewhat immune to smart contract flaws or bugs, as the contract itself is fairly simple and since all mint txes are done by the same individuals there is lesser chance of that sort of issues happening. But like I said above this also makes it prone to different kinds of issues like social engineering or conflict of interest.

What do you guys think about all this? Do you guys use WBTC? Do you have any other ideas or potential black swans for it?
Jump to: