[GIP-53] Gearbox V2 Security Improvements

Voting ended almost 3 years agoSucceeded

Overview

This proposal is to enable a number of security improvements and bug fixes to currently deployed Gearbox V2 contracts. The core system parameters, such as asset LTs, fees, etc. will not be changed, but some new security parameters will be added (see below). All changes are audited by Chainsecurity.

For motivation and an in-depth description of changes, see the forum discussion.

Contract changes

The contracts to be replaced:

CreditConfigurator for each underlying asset’s CM;
CreditFacade for each underlying asset’s CM;
All adapters;
All LP price feeds;
A new BlacklistHelper contract will be added to the USDC credit contract suite;

The new versions of the contracts can be found in:

Core contracts in the 'main' branch of 'core-v2' starting from commit 710113f;
Adapters in the 'legacy' branch of 'integrations-v3' starting from commit e34cfbe;

Parameter additions and changes

New security parameters will be established:

Maximal cumulative loss before pausing a CM - equal to maxBorrowedAmount for each respective CM: 1.1) DAI - 1'000'000; 1.2) USDC - 1'000'000; 1.3) WETH - 600; 1.4) wstETH - 600; 1.5) WBTC - 50; 1.6) FRAX - 1'000'000;
Emergency liquidation premium - 4% for all CMs;
Total debt limit - corresponding pool's expected liquidity at the time of deployment;

Additionally, two dev team bot addresses will be added into the emergency liquidator list:

0x16040e932b5Ac7A3aB23b88a2f230B4185727b0d
0x3c2E5548bCe88315D50eAB4f6b1Ffb2f1B8eBd7A

Changes for end users

For UI users:

WalletConnect support would be discontinued and the corresponding tab removed. Practically, it was always buggy and never got properly fixed, so nobody is factually being affected by this.

For smart contract users and integrators:

All account management would be done through CreditFacade.multicall() - this includes both adapters and CreditFacade functions for managing existing accounts, such as increaseDebt. Account opening/closing is unaffected.
Most view functions were removed from adapters (unless the function does not exist in the contract the adapter points to). The target contract needs to be called instead of the adapter;

Timeline

The dev team is essentially ready to deploy, so the changes should be live within 1-2 days after the proposal is successfully voted on.

Off-Chain Vote

Yes, update Gearbox V2 contracts

225.38M GEAR100%

No, do not update V2 contracts

0 GEAR0%

Quorum:113%

Download mobile app to vote

Discussion

[GIP-53] Gearbox V2 Security Improvements

Timeline

May 01, 2023Proposal created

May 01, 2023Proposal vote started

May 04, 2023Proposal vote ended

Dec 15, 2025Proposal updated

Overview

For motivation and an in-depth description of changes, see the forum discussion.

Contract changes

The contracts to be replaced:

CreditConfigurator for each underlying asset’s CM;

CreditFacade for each underlying asset’s CM;

All adapters;

All LP price feeds;

A new BlacklistHelper contract will be added to the USDC credit contract suite;

The new versions of the contracts can be found in:

Core contracts in the 'main' branch of 'core-v2' starting from commit 710113f;

Adapters in the 'legacy' branch of 'integrations-v3' starting from commit e34cfbe;

Parameter additions and changes

New security parameters will be established:

Maximal cumulative loss before pausing a CM - equal to maxBorrowedAmount for each respective CM: 1.1) DAI - 1'000'000; 1.2) USDC - 1'000'000; 1.3) WETH - 600; 1.4) wstETH - 600; 1.5) WBTC - 50; 1.6) FRAX - 1'000'000;

Emergency liquidation premium - 4% for all CMs;

Total debt limit - corresponding pool's expected liquidity at the time of deployment;

Additionally, two dev team bot addresses will be added into the emergency liquidator list:

0x16040e932b5Ac7A3aB23b88a2f230B4185727b0d

0x3c2E5548bCe88315D50eAB4f6b1Ffb2f1B8eBd7A

Changes for end users

For UI users:

WalletConnect support would be discontinued and the corresponding tab removed. Practically, it was always buggy and never got properly fixed, so nobody is factually being affected by this.

For smart contract users and integrators:

All account management would be done through CreditFacade.multicall() - this includes both adapters and CreditFacade functions for managing existing accounts, such as increaseDebt. Account opening/closing is unaffected.

Most view functions were removed from adapters (unless the function does not exist in the contract the adapter points to). The target contract needs to be called instead of the adapter;