[PROPOSAL] Omnibus Protocol Upgrades For Launch

anvil · November 27, 2024, 4:30pm

Proposal Date

2024-11-30

Relevant Contracts

CollateralVault: 0x5d2725fdE4d7Aa3388DA4519ac0449Cc031d675f
LetterOfCredit v0: 0x1A3251d83B4ed97d8E1d8451613D7DD9B4f42961
LetterOfCredit v1: 0x750ab78b4fe51292d1f0053845aace3ea959d5ad
LetterOfCreditProxy: 0x14db9a91933aD9433E1A0dB04D08e5D9EF7c4808
TimeBasedCollateralPoolSingleton v0: 0xd042C267758eDDf34B481E1F539d637e41db3e5a
TimeBasedCollateralPoolSingleton v1: 0xCc437a7Bb14f07de09B0F4438df007c8F64Cf29f
TimeBasedCollateralPoolBeacon: 0x1f00D6f7C18a8edf4f8Bb4Ead8a898aBDd9c9E14

Background

Overview

While it has been roughly 100 days since Anvil’s core smart contracts were first deployed, the code was written long before. Having been audited three times (twice by OpenZeppelin and once by Trail Of Bits, results here) and all known issues addressed, it is clear the core logic is sound and production ready. However, the benefit of having well audited code exists for as long as it stays in the same state. It is for this reason that Anvil has collected all upgrades, optimizations, naming clarifications, and integrator feedback over the past months and aims to implement these changes through newly deployed LetterOfCredit and TimeBasedCollateralPool related contracts labeled v1 ahead of launch (legacy contracts are marked v0). In addition, for launch, the protocol’s withdrawal fee should be properly re-initialized to zero for ease of integration and adoption. Governance can adjust this value at any time moving forward.

Audit Competitions

While the core logic of v0 remains largely untouched, Anvil engaged security researchers through Immunefi to perform two different “audit competitions” on the new contracts (and their CollateralVault interactions) consistent with our ongoing commitment to proactive security. Both of these competitions yielded fruit in the form of reported potential vulnerabilities as well as code insights. All valid reported issues, regardless of how unlikely they are to occur, are treated seriously and their remedies have been reflected in the deployed v1 contracts.

Proxy Patterns In Anvil

One of the main benefits of using smart contract proxy patterns is for ease of upgrades. In v0, Anvil uses a Beacon Proxy pattern with regard to Time Based Collateral Pools. By separating out contract state from logic, this is how v1 is able to easily upgrade the logic of the TimeBasedCollateralPoolSingleton without losing any state data for existing pool implementations. In v1, Anvil aims to leverage these same benefits for LetterOfCredit via moving it to a Transparent Proxy pattern.

v1 Changes

While this proposal executes the necessary changes for the protocol to leverage these new contracts, there are many changes that should be called out, including those that exist within the code itself. Even though there is no substitute for reading the contracts thoroughly, below are some notable changes ahead of launch:

Protocol withdrawal fee is set to 0
LetterOfCredit v0 is no longer approved as a Collateralizable Contract
LetterOfCreditProxy is added as an approved Collateralizable Contract
LetterOfCredit v0 moves to a Transparent Proxy pattern separated into LetterOfCreditProxy and LetterOfCredit v1
LetterOfCredit v1 adopts new “Dynamic” and “Static” LOC terminology and behavior
- Separates createLOC() into createDynamicLOC() and createStaticLOC()
- Variable and function naming update to reflect new terminology
LetterOfCredit v1 updates price calculation logic to prevent data type edge case issues
LetterOfCredit v1 implements universal application of SafeERC20 library
TimeBasedCollateralPoolSingleton v1 has updated calculations surrounding resetPool()
TimeBasedCollateralPoolSingleton v1 and LetterOfCredit v1 implement more efficient handling of invalid signatures

Executed Changes

Calls CollateralVault::upsertCollateralizableContractApprovals() to set:

LetterOfCredit v0 (0x1A3251d83B4ed97d8E1d8451613D7DD9B4f42961) isApproved to false
LetterOfCreditProxy (0x14db9a91933aD9433E1A0dB04D08e5D9EF7c4808) isApproved to true

Calls TimeBasedCollateralPoolBeacon::upgradeTo() setting the implementation to TimeBasedCollateralPoolSingleton v1 (0xCc437a7Bb14f07de09B0F4438df007c8F64Cf29f)

Calls CollateralVault::setWithdrawalFeeBasisPoints() to set withdrawal fee to 0

Topic		Replies	Views
[PROPOSAL] Accept Protocol Ownership Of Core Smart Contracts Proposals	1	1226	September 12, 2024
[PROPOSAL] Support for Flexa Capacity v3 Proposals	0	1471	October 18, 2024
[PROPOSAL] Support Additional Collateral Tokens Proposals	0	557	December 18, 2024
[PROPOSAL] Initial Letter Of Credit Related Configurations Proposals	0	566	September 23, 2024
[PROPOSAL] Configure Collateral Vault With Initial Token Support Proposals	0	660	September 16, 2024