Description

The Lorenzo Bitcoin staking module allows users to stake their Bitcoin in return for stBTC coins, minted by the Lorenzo protocol. For this, the module implements two messages:

1. CreateBTCStaking - This takes in a raw BTC transaction provided by the user. The transaction hash is verified against the existing headers in the Bitcoin light client module. It checks that the transaction output is sent to an address specified by the Lorenzo node's configuration. It then proceeds to mint the same amount of stBTC to the user.

2. Burn - This transfers stBTC coins from the user to the module and burns them. A burn event is emitted, which can be used to verify the burning of stBTC from the user. The receiving Bitcoin address is an arbitrary wallet that is assigned when the Lorenzo protocol is initialized. The Lorenzo team has ensured that this wallet will only be accessible through a multi-sig with the Lorenzo validators as the signers. Moreover, there is an off-chain service that is responsible for returning the Bitcoin to users upon burning stBTC. This service was not a part of the audit.

Impact

We must note that this presents an important centralization risk. This is because Lorenzo protocol is not programatically bound to return the Bitcoin to users. The module itself only manages the burning/minting of stBTC. This means users are not programatically guaranteed to receive their funds back upon burning stBTC. The users are required to entrust the wallet owner with the deposited funds.

Recommendations

The users should be aware of these centralization risks. We recommend that these centralization risks be clearly documented for users so that they are aware of the extent of the owner's control over the platform. This can help users make informed decisions about their participation in the project. Additionally, clear communication about the circumstances in which the owner may exercise these powers can help build trust and transparency with users. Therefore, it is recommended to implement additional measures to mitigate these risks. This can be achieved by maintaining strong and transparent multi-signature requirements for the staking BTC wallet, and explicit documentation to enhance user awareness and engagement.

Remediation

Lorenzo provided the following response regarding their actions to mitigate the centralization risk:

Lorenzo utilizes the Cobo digital asset custody solution, where users' staked BTC is stored in Cobo's MPC wallet. Neither Lorenzo nor Cobo can unilaterally transfer user assets. Furthermore, Lorenzo employs the TSS Node Callback Mechanism, which ensures that during user withdrawals, an open-source withdraw verifier callback is used to validate and verify the correspondence between on-chain events and user withdrawals.

Lorenzo will also integrate Cubist's secure hardware, using well-defined Lorenzo safety policies within the key manager to sign transactions and verify messages. This dual verification process further enhances the security of users' custodial assets.

Currently, there is no fully decentralized Bitcoin LSD protocol in the industry. Lorenzo aims to gradually achieve a decentralized LSD solution by leveraging flexible Bitcoin scripts and implementing anchoring mechanisms between the Lorenzo chain state and the Bitcoin chain.