Overview of changes to smart contracts

Summary

In order to enable the Sigma program, we’ll need some new smart contracts. This is a brief overview of the code changes I am working on, both for the program as a whole and for the DEGEN index in particular, which is the first application and seems extremely likely to be approved.

This is a fairly technical write-up but @blurr asked for an overview of what changes are being made to the contracts and I thought it might be useful to give some insight into what exactly is being changed and what I am working on to the rest of the community as well.

Proxy Manager Owner

The proxy manager does not allow approved addresses to create new proxy implementations, so we’ll need to create a new proxy owner contract that the Indexed timelock will transfer ownership to. This contract will simply wrap the owner-only functions used by the proxy manager in order to allow the sigma committee to create new proxy implementations, but not modify them. The DAO timelock will retain the sole authority to modify proxy implementations, and will have the ability to revoke the committee’s access to adding new implementations.

CommitteeProxy

I am adding a CommitteeProxy contract to enable the revocable ownership pattern laid out in IIP 4. This will define a committee address which is allowed to execute arbitrary calls from the contract, where the DAO is able to re-assign the committee address. This contract will be set as the owner of all committee-controlled contracts.

This contract probably still needs some work but here’s what I have so far:
https://gist.github.com/d1ll0n/750aeec7ff0ce1c9b71f210ab12d17f3#file-committeeproxy-sol

CommitteeTimelock

I am creating a fork of the standard timelock contract from COMP which has a second superUser assigned which is allowed to execute transactions from the timelock without waiting for the delay, and which can cancel queued transactions. The super user will be the DAO timelock and the admin will be the committee. This contract will control the NDX for Sigma rewards, and will have a delay of 7 days (2 days longer than the DAO voting period + timelock).

https://gist.github.com/d1ll0n/750aeec7ff0ce1c9b71f210ab12d17f3#file-timelock-sol

Core Contracts

UnboundTokenSeller & PoolInitializer

The proxy implementations for the UnboundTokenSeller and PoolInitializer contracts are specific to the current controller, as the base implementation is deployed with the address of the controller.

These will be modified to inherit the OwnableProxy contract, which sets a null “owner” on the base implementation (so that the base contracts can not be used for anything). The _initializeOwnership function will be called in the implementation’s initializer functions, and references to the controller will be replaced with references to the owner. These changes will allow us to use the new implementation for future indices that need these contracts even when they have different controllers.

IndexPool

  • remove the flash loan function because the contract is bumping right up against the code size limit
  • add the _public modifier to the single-token exit functions to better protect against COVER-like situations
  • replace the event for swaps being enabled with an event for swaps being toggled on/off
  • add a permissioned function that allows the controller to enable/disable swaps
  • add an exit fee of 0.5% to BConst
  • add a feeRecipient address which the controller can set
  • transfer exit fees to feeRecipient instead of the controller

Degen Index

For the DEGEN index, we’ll need a new controller. There are specific feature requests I’ve received from @redphonecrypto and @0xBay which I do not anticipate being particularly relevant to other indices, so I am modifying the current controller to work as a singleton, i.e. there will be a single controller for a single index. Aside from obvious consequences of this (like removing references to categories), these changes will be made:

  • specify a circuitBreaker address which the committee can modify, which is able to force the controller to call the pool and enable/disable swaps
  • replace the source of market caps with a floatOracle contract which exposes a getCirculatingMarketCapsInUSD(address[]) query (more on this below)
  • allow the committee to replace floatOracle
  • allow the committee to force a reindexPool call outside of the normal schedule
  • MAYBE add an automatic removal of tokens that exceed the maximum market cap
    – if added ,this will be in the token-ordering function
    – this seems like it will be very expensive to implement, but I will re-evaluate once the core functionality is finished

ChainLink Oracle

The DEGEN index will use a chainlink oracle to query circulating market caps from CoinGecko’s API. To start with, we’ll just use the most widely used node linkpool.io to use standard GET HTTP queries. Eventually we will want to aggregate data from multiple sources in order to make sure we’re getting good data, but considering how integrated this node is in the ChainLink ecosystem, and how little direct control is given as a result of these queries, I think it’s an acceptable risk to rely on them. If the results are ever too far off we can pause swaps from the committee and update the oracle address.

3 Likes

Thanks for this Dillon, looks good.

3 Likes

I made GitHub - indexed-finance/sigma-core: Core contracts for the Sigma program public and added issues to give more transparency into what I am working on.

Just a note on Chainlink, if you want to use more than one node to get a price of something that isn’t already offered as a pre-aggregated sponsored feed, you can. Doesn’t have to be just the Linkpool node. You can build out an oracle system however you need with them, from any number of nodes.

Additionally I would be interested in operating a Chainlink node for any additional feeds that might be needed. Big fan of Indexed, long time Chainlink supporter and a Senior Linux System Administrator by day, so the node work is second nature for me.

1 Like

Thank you for the feedback! I realize using a single node isn’t ideal, but I was thinking it’d be alright initially, and then the contract can just allow the committee to replace the oracle address once we have something more robust. I’d love to chat with you more about this if you’re on our Discord.