Summary
This proposal introduces a set of security upgrades designed as preventative measures to further protect the protocol. All changes have undergone multiple formal audits.
The following contracts have been deployed and will be introduced into the Resupply deployment flow to enhance security safeguards.
New Pair Deployer
0x5555555558B7309ecB0FbB23e609ec3c6f74C2Ea- Enforce collateral share burning and other safety checks during pair deployment.
- Support on-chain ability to verifiy the protocol ID for a given pair address, as well as whether or not it was deployed from a trusted deployer.
New Pair Implementation & Oracle
0xa346BA5E838D6Ee40204A69549c81AB982644150- Enforce integrated collateral price threshold checks.
Borrow Limit Controller Operator
0x0950000465476F4470e74AeD93E7dd414012BB7D- Allows borrow limit increases to take effect gradually over a time period rather than all at once.
Pair Adder Operator
0x09500002956877b910ACEc25C4b4dd57950e1D27- Facilitates an extra layer of checks to ensure any pair deployment is from a trusted factory prior to its successful add to the registry.
Specification & Execution Plan
All relevant contracts have been deployed. The following steps are required to formally integrate them into the protocol.
- Clear pair implementation bytecode on old deployer
- Add new pair implementation bytecode on new deployer
- Set Basic Vault Oracle V2 as the new oracle on all active pairs, while setting empty oracle for the defunct crvUSD/wstUSR pair
- Grant Operator permission to Borrow Limit Controller to modify pair borrow limits
- Grant Operator permission to Pair Adder to add pairs to registry