Intro
Setting the context for the audit. Mainly intended for internal use among the auditor team to facilitate the review process. Skip to the next section for audit overview.
Rivera Money is an active liquidity management protocol (ALM) for Uniswap v3 positions. The project aims to create ERC20 tokens from the liquidity positions on decentralized exchanges (DEXs) using ERC4626 vaults offering more efficiency and flexibility for investors than its competitors.
The protocol involves depositing liquidity in a pool using, for example, USDC and receiving investor shares of an ERC4626 vault in return. These shares can be used to create market-neutral strategies, interest rate swaps, options products, and more. The shares can also be used for lending and borrowing purposes.
Scalability for Rivera
There are two aspects of scalability for Rivera.
The first aspect is scaling to different decentralized exchanges (DEXes) and different chains. The project is EVM compatible, which allows it to scale to other EVM chains. The project targets two types of DEXes: Uniswap V3 and Algebra.
The second aspect of scalability involves making other strategies on top of the project’s infrastructure. The project acts as an infralayer in the middle, allowing users to directly use its strategies to generate returns or create their own complex structured products.
Going Multichain
There's a possibility of going multi-chain but it is not a priority at the moment.
Rivera doesn’t have a native architecture for cross-chain currently. They have partnered with a router protocol for cross-chain interactions and are exploring LayerZero. Since they are not on two chains on mainnet right now, that’s not a high priority for them.
Rivera will not be making something native for cross-chain, only some integrations. They are using router protocol for the current use cases. It will be possible to borrow on one chain, supply liquidity on one chain, and borrow on some other chain.
Product-Market Fit
There is a general product market fit (PMF) in the market for liquidity management protocols, although Rivera's product approach is different from their biggest competitors. It is believed there is a consensus in the market that investors cannot be expected to manage their own positions, and that Rivera is on lines with the general PMF. So, if the product is there, it will most likely get adoption.
Concerns
There are multiple efficiency issues and other things that that will come to light as Rivera goes ahead with the mainnet launch. Some mainnet transaction data is available, which will help improve the protocol’s efficiency and returns and minimize some of the risks. The base level product is ready, but they are waiting to see some actual data before deciding what needs to be improved. They have more than 30,000 transactions on testnet, and everything seems fine, but they are expecting to know more when they go live on mainnet.
The product is currenctly on Mantle testnet.
There are some testing contracts on mainnet, but no real contracts.
Rivera is targeting all Ethereum L2s right now, starting with Mantle and planning to go on mainnet on Mantle itself.
The next chains in the pipeline are Base, Linear, and Polygon zkEVM, all of which are L2s.
Rivera wants to have a solid base on all the L2s before catering to institutions as well.
Rivera will eventually move to L1s because that’s where the liquidity is.
Demo Walkthrough
The protocol involves vaults that deploy capital into concentrated liquidity positions.
The example case involves MNT FSX, where MNT is the native token of Mantle chain and FSX is a DEX called Fusion X.
The protocol has a vault architecture similar to BP finance or YARN finance.
The actively managed mining vault aims to maximize profitability and minimize impermanent loss.
Users can only do deposit and withdraw events, and single-side deposit has been added to simplify the process.
Adding liquidity using two tokens is not supported because it is considered bad UX in DeFi.
The codebase has factory contracts for vault and strategy.
There are three types of vaults: private, white listed, and public.
Private vaults are for single users who don’t want to be in a pool with others due to KYC regulations or other security apprehensions.
White listed vaults are for asset managers, fund managers, family office managers, etc., who have a certain set of premium users they want to cater to.
Public vaults are open for everyone.
The strategy contract converts a single token into WMNT and FSX, depending on some ratio calculations for deploying liquidity in a Uniswap V3 position or a concentrated liquidity position.
Once the vault has swapped, the entire deposit is deposited into the new position, which earns some swap fee and rewards.
The strategy has a couple of important functions, including the harvest function that harvests rewards at a frequent interval.
Automation of the protocol is done using Gelato, which does the computations.
Other protocols use their own Web2 servers for these kinds of automations, but Rivera went with the decentralized option.
The range is periodically adjusted to keep impermanent loss to a minimum and ensure that users are enjoying yields from the position.
The yield tokens are given back to the users, and this ERC-20 token can be further used in the other ecosystem.
This token can be used to borrow against a position at a lending protocol, and the liquidity is not locked in the sense that there can still be some sort of liquid capital that could further deploy and use in different strategies.
The overall financial efficiency increases for everyone in the ecosystem.
QA Section
Why Gelato?
Gelato Relay is automating harvesting procedures and aggregating the profits. They are using Gelato because the functions are already there, and they can wake up any day and use the fund manager wallet to do all sorts of harvesting.
Rivera is well aware that Gelato or any other automation tool can bring some sort of centralization, but there is no tool in the market right now that can solve it.
How is on-chain data being shown on the frontend?
For the frontend and the data which they have to show on the frontend like APRs and portfolio value, they are using sub graphs because querying blockchain data is very tedious and it takes a lot of time, and the website becomes slow.
Sub graphs are used for feeding data on the front end of the website.
Is IPFS or any decentralized storage used at any point?
There is no decentralized storage used in the project.
Is the product stress-tested in a production environment? Any issues noticed?
The product is not stress tested in the real world environment yet. They faced some issues initially with the percentage of the assets utilized or the percentage utilization, where not all of the assets deposited in the pool were completely deployed in the strategy and 1-2% of the assets were remaining. However, they figured out ways to make sure that is not the case anymore and ran some unit tests on their pool. Now it seems that they are getting a good percentage utilization.
Rivera uses only the standard libraries and hasn't reinvented the wheel at any point. They are using Uniswap libraries on the liquidity side of things and standard 4626 libraries on the vault side of things. They also have a line by line code documentation, which is private and only to be shared with auditors.
What does the control structure look like? What does Rivera team own versus customers?
All factory contracts are controlled by Rivera. Vault creation, retiring the vault, and a couple of functions in case of some exploits in the partner protocols like pausing the strategy. There is a panic function which basically withdraws all the funds from all the different protocols and keep them in the strategy contract, if there is an exploit in some of the partner protocol. They cannot withdraw funds from the vaults. For investors who want to have complete secrecy or complete privacy over their pools or over their vaults, there are private and white listed factories. The public factories are open to all, anyone can deposit, do whatever they want.
The investors can request Rivera to give them white listed vaults and only their money or whatever wallets they choose, that these are the white listed wallets, and only these wallets can deposit or withdraw. On the strategy side of things, the Fund Manager has all the control.
The architecture is such that there is a vault owner, which is Rivera and their team. The vault owner has the power to create new vaults or do something in case there is an exploit or something somewhere else. But there is another role called a Fund Manager, and that Fund Manager role is for the person or the entity who is actively running or managing the strategy. So they are the ones who have the power to use the harvest function, use the change function, or if they want to change allocation from A pool to B pool etc. This wallet is initially assigned when the vault is being deployed from the vault factory, and then if needed, there is a renounce function so they can change ownership at a later point in time as well.
Essentially, Rivera is a B2B2C model. They are inviting Fund Managers to create strategies on their platform, and then they are inviting investors as well to invest in the strategies created by the Fund Manager.
Are oracles being used for off-chain computations?
Rivera does not use any oracles, so there's no danger of oracle exploits. The only thing which it does off-chain is the automation part, and that is being done using Gelato right now. There are other ways to do it as well, but all of them will be off-chain. The only part where they need off-chain computation is the automation.
Last updated