Protocol Decentralization
Risk Areas
Summary
Maverick is a DEX supporting concentrated liquidity positions for LPs and the automation thereof with the goal of increasing capital efficiency and market liquidity. This results in better prices for traders and more fees for liquidity providers. This built-in feature also helps LPs to eliminate the high gas fees that come from adjusting positions around price themselves.
Liquidity providers can also now choose to follow the price of an asset in a single direction, effectively making a bet on the price trajectory of a specific token. These directional bets are similar to single-sided liquidity strategies, in that the liquidity provider will be mostly or entirely exposed to a single asset in a given pool.
Together, these technological innovations represent a paradigm shift in the way smart contracts manage liquidity. Maverick is the first Dynamic Distribution AMM, capable of automating liquidity strategies that before now have required daily maintenance or the use of metaprotocols.
Ratings
Chain
Maverick v2 is deployed on Ethereum mainnet.
Chain score: Low
Upgradeability
Permissions on most contracts in the Maverick V2 protocol (e.g. MaverickV2IncentiveMatcher, MaverickV2PoolLens) have been revoked.
On other contracts permissions still exist and are not protected with adequate restrictions. In particular, the MaverickToken (MAV token) integrates with the LayerZero protocol for cross-chain compatibility and exposes a number of permissioned functions. For example the setTrustedRemote allows the permission owner to add arbitrary MAV token implementations on other chains which, if flawed or malicious, can result in the arbitrary minting of MAV tokens. Similarly, the setConfig function enables designating custom cross-chain transaction data validators (DVNs) which, if flawed or malicious, can result in the operator sending arbitrary transaction data that is wrongly validated and executed.
As a result, these existing permissions potentially result in the arbitrary minting of new MAV tokens that dillute the overall supply and thus lead to the theft or loss of user funds (in particular unclaimed rewards that are distributed in the MAV token).
Upgradeability score: High
Autonomy
Maverick's protocol token (MAV) relies on the LayerZero protocol for cross-chain compatibility. The LayerZero protocol relies on permissioned validators (DVN). These validators are responsible for the validation of cross-chain transaction data created by users who want to bridge MAV tokens. Currently, Maverick has configured the "default" validator service which is Google Cloud.
A failure of these validators requires manual intervention by the Maverick Multisig and can result in the temporary censoring of users and the freezing of their funds. In the current stage of the Maverick Protocol, this mostly affects users unclaimed (or claimed) rewards which are paid in MAV tokens on the various chains.
Autonomy score: Medium
Exit Window
The only two contracts in Maverick protocol that expose permissions are MaverickToken (MAV) and MaverickV2Factory. The permissions found on the first are not protected with an exit window for users.
Further, since MaverickV2Factory is not publicly verified, it remains unclear whether an exit window protects the permissions found in this contract.
Exit Window score: High
Accessibility
Liquidity on the Maverick-v2 DEX is available to traders through various aggregators including Odos, paraswap, 1Inch, 0x Protocol and Cow Swap.
However, LPs are able to access Maverick-v2, and their positions therein, only through a single user interface, app.mav.xyz. A backup solution, in case the interface is shutdown or users are censored, does not exist.
Accessibility score: High
Conclusion
The Maverick V2 Protocol falls into the others category and not Stage 0 due to the unverified contracts which are not verified on public block explorers.
Despite this classification, our analysis shows that the Maverick V2 Protocol on Ethereum Mainnet receives High centralization risk scores for Upgradeability, Exit Window, and Accessibility dimensions and Medium score for Autonomy.
Overall score: Others
Reviewer Notes
⚠️ MaverickV2Factory is NOT verified on a public block explorer. For the MaverickV2Factory we currently rely on the technical documentation provided by the Maverick Team. As a consequence the full scope of permissions and their definitive impact cannot be assessed.
Protocol Analysis
Dependencies
Maverick Protocol relies on LayerZero for cross-chain communication and transaction validation.
LayerZero Protocol itself is immutable and fully permissionless. The protocol will exist indefinitely even if Layer0 Labs, the company that developed the LayerZero Protocol, ceases to exist. Layer0 Labs' role in the LayerZero protocol is reduced to deploying immutable Endpoints on new chains. These endpoints reference each other and thereby enable the cross-chain communication network. If Layer0 Labs ceases to exist, no new chains are added to the cross-chain network, but the existing network is not affected.
The LayerZero Protocol further relies on a Decentralized Validator Network (DVN), these are validators of transaction data that needs to move cross-chain. These validators are configured by the protocol, the Maverick Multisig in this case, with their security settings. If the configured DVNs fail, the Maverick Multisig needs to update its security settings and configure new DVNs. The DVNs themselves have a reputation and earn fees for the validating cross-chain transaction data and are thus incentivised to behave correctly and maintain an appropriate uptime. Maverick uses the "default" DVNs which is run by Google Cloud. Their DVN is deployed at the address: 0xD56e4eAb23cb81f43168F9F45211Eb027b9aC7cc (deterministically deployed across all chains).
Any protocol that relies on LayerZero could choose to run their own DVN. A flawed or unstable DVN can result in downtimes and the temporary freezing of funds. A malicious DVN can run a malicious verifier algorithm allowing the operator to steal user funds.
Finally, the LayerZero Protocol relies on Executors which trigger queued transactions on destination chains. The set of executors can be customised by the respective protocol, in this case maverick. However, it’s also fully permissionless, even if the designated executors do not execute the transaction on the destination chain, any user can step in and execute the transaction. Users' transactions can thus not be censored through the Executor set.
According to their docs the MAV token is currently deployed on the following chains through the LayerZero protocol:
- Arbitrum
- Base
- Mainnet
- zkSync Era
- Scroll
- BNB Chain
Governance
External Permission Owners and Security Council
| Name | Account | Type | ≥ 7 signers | ≥ 51% threshold | ≥ 50% non-insider | Signers public |
|---|---|---|---|---|---|---|
| Undeclared Multisig 1 | 0xcAf836A03D8ADcDfF48F6d0354061F468ae8b2A3 | Multisig 3/6 | ❌ | ❌ | ❌ | ❌ |
| Undeclared Multisig 2 | 0xA2206fe97eE8d2E689EFB96aE03be5F50BFAD027 | Multisig 3/6 | ❌ | ❌ | ❌ | ❌ |
No information on the multisigs was found in the docs.
Exit Window
The only two contracts that have some upgrade/change potential are the MaverickV2Factory and the MaverickToken.
MaverickV2Factory: Since the full source code of MaverickV2Factory is not publicly verified, it’s not clear if fee switches are enforced immediately or not.
MaverickToken: Token has no timelock for changes/upgrades. The OFT token when ownership is not renounced allows owners to switch destination addresses and security settings. Users do not have the option to opt-out with a waiting period before the change is applied.
Contracts & Permissions
Contracts
All Permission Owners
| Name | Account | Type |
|---|---|---|
| Undeclared Multisig 1 | 0xcAf836A03D8ADcDfF48F6d0354061F468ae8b2A3 | Multisig 3/6 |
| Undeclared Multisig 2 | 0xA2206fe97eE8d2E689EFB96aE03be5F50BFAD027 | Multisig 3/6 |
Permissions
| Contract | Function | Impact | Owner |
|---|---|---|---|
| MaverickV2Factory | setProtocolFeeRatio | This function allows the owner of the permission to set the protocol fee. Fees are applied to every trade in the AMM. | Undeclared Multisig 2 |
| MaverickV2Factory | setProtocolLendingFeeRate | Set the protocol lending fee rate. | Undeclared Multisig 2 |
| MaverickV2Factory | setProtocolFeeReceiver | Set the protocol fee receiver address. If protocol fee is non-zero, user will be able to permissionlessly push protocol fee from a given pool to this address. | Undeclared Multisig 2 |
| MaverickV2Factory | transferOwnership | This function allows the owner of the permissions to transfer the ownership of all of the contract’s permission to a new owner. | Undeclared Multisig 2 |
| MaverickV2Factory | renounceOwnership | This function allows the owner of the permission to disable the access to permissioned functions for everybody for ever. Parameters that were set with this functions are frozen to the respective values. | Undeclared Multisig 2 |
| MaverickV2IncentiveMatcher | permissionedAddIncentives | permissionedAddIncentives allows users to commit additional incentives for an already boosted position on Maverick. The function can only be called through MaverickV2IncentiveMatcherCaller contract 0x1e83a61839839EAdBB5C639fbf581E2C59d645dE ( The permission is immutable ) | 0x1e83a61839839EAdBB5C639fbf581E2C59d645dE (Immutable permission) |
| Maverick Token (OFT) | setUseCustomAdapterParams | The owner is allowed to set a flag (bool) whether or not to use a custom DVN adapter, if true, adapterParams need to be submitted when doing cross-chain transfers. | Undeclared Multisig 1 |
| Maverick Token (OFT) | setConfig | This function allows the owner to set the security stack settings inside LayerZero protocol. Security stack settings include designated DVNs, how many block confirmations | Undeclared Multisig 1 |
| Maverick Token (OFT) | setSendVersion | This function allows the owner to set the messaging library version on origin chain. | Undeclared Multisig 1 |
| Maverick Token (OFT) | setReceiveVersion | This function allows the owner to set the messaging library version any of the receiving chains. | Undeclared Multisig 1 |
| Maverick Token (OFT) | forceResumeReceive | This function allows the owner to resume the message flow in blocking mode and clear the stored payload. | Undeclared Multisig 1 |
| Maverick Token (OFT) | setTrustedRemote | This function allows the owner to set the trusted path for the cross-chain communication, from origin address to destination address. This could be mis-used to point to a malicious implementation on the destination chain. | Undeclared Multisig 1 |
| Maverick Token (OFT) | setTrustedRemoteAddress | This function is similar to setTrustedRemote, but it allows the owner only to set the destination address. | Undeclared Multisig 1 |
| Maverick Token (OFT) | setPrecrime | The owner is allowed to set an address for precrime . It’s unclear for what precrime is used. | Undeclared Multisig 1 |
| Maverick Token (OFT) | setMinDstGas | The owner is allowed to set a minimal gas amount for a destination chain. The destination chain is specified with the chainId. | Undeclared Multisig 1 |
| Maverick Token (OFT) | setPayloadSizeLimit | The owner is allowed to set a limit to the payload size, again for each destination chain individually. | Undeclared Multisig 1 |
| Maverick Token (OFT) | renounceOwnership | The owner can renounce ownership, making the contract immutable regarding the aforementioned settings, otherwise the contract continues to work as-is. Note: Technically the owner is now the 0-address. | Undeclared Multisig 1 |
| Maverick Token (OFT) | transferOwnership | The owner can transfer the ownership to another address, which then receives the permissions to call the aforementioned functions and change settings of the OFT token. | Undeclared Multisig 1 |