Release Architecture
The storage and logic of the ComptrollerProxy are defined by the ComptrollerLib and its associated libraries. Though it inherits the same upgradable Proxy as the VaultProxy, there is no way to call for an upgrade in this release.
The VaultLib contract contains the storage layout, event signatures, and logic for VaultProxy instances that are attached to this release. There is 1 shared VaultLib for the release.
They are semi-trusted, in that they are selectively granted access to state-changing calls to VaultProxy instances. In order to make such a state-changing call, two conditions must be met:
- 1.The Extension function must have been called by a ComptrollerProxy via a function with the allowsPermissionedVaultAction modifier, which opens the calling ComptrollerProxy to VaultProxy state changes.
- 2.The state-changing call must pass back through the ComptrollerProxy, and is delegated to the PermissionedVaultActionLib to determine whether the calling Extension is allowed to perform such an action.
This paradigm assures that an Extension can only perform a state-changing action to a VaultProxy if it was called by that VaultProxy's corresponding ComptrollerProxy and if the Extension is permitted to make such a change at all. Though this might seem like overkill for the current release, where extensions are all trusted and audited, it reduces the auditing surface area (e.g,. PolicyManager has no permitted actions) and opens the door for a subsequent release to allow arbitrary Extensions. In this release, there are three Extensions. All funds share one contract per Extension.
The IntegrationManager allows exchanging a fund's assets for other assets via "adapters" to DeFi protocols (e.g., Uniswap, Kyber, Compound, Chai). It treats these adapter plugins in an almost untrusted manner (it does rely on adapters to report the expected assets to spend and receive based on user input), validating asset values spent and received against expected values, and also providing the opportunity for policies to implement hooks that are run pre- and post-asset exchange.
The PolicyManager allows state validation via "policies" that implement hooks invoked while buying shares and making an exchange in the IntegrationManager There is no trust involved in policies, as the PolicyManager has no access to state-changing vault actions.
Like the PolicyManager, the FeeManager invokes hooks at different points in core logic, namely while buying shares, redeeming shares, and upon a specific function to invoke a "continuous" hook (e.g., for a ManagementFee that grows every block).
Each of the Extensions above make use of plugins. The IntegrationManager uses "adapters", the PolicyManager uses "policies", and the FeeManager uses "fees". Allowed plugins are all defined on registries in their respective Extensions. As with Extensions, the plan for subsequent releases is to open up these plugins for third party development.
In addition to "core" and "extension" release-level contracts, there are also entirely decoupled "infrastructure" contracts that can theoretically be recycled between releases. Currently, this category only contains contracts that are related to asset prices and values, but it can also contain contracts such as a forthcoming release that will implement protocol fees.
The ValueInterpreter is the single point of aggregation of various price feeds that are used to calculate the value of one or many input asset amounts in terms of an output asset. There are two categories of assets in this release:
- "primitives" - assets for which we have direct rates with which to convert one primitive to any other (e.g., WETH, WBNB, FNDZ, etc)
- "derivatives" - assets for which we only have rates in terms of underlying assets (e.g., Chai, Compound cTokens, Uniswap, Pancakeswap, pool tokens, etc)
The ValueInterpreter determines whether an asset is a primitive or derivative, and executes logic to use corresponding price feeds to determine the value in the output asset. There is only one supported price feed for each category in this release, so both are hardcoded as immutable variables.
There are several individual price feeds that provide the actual rates of derivatives to their underlying assets. Each inherits IDerivativePriceFeed to provide a standard interface for the AggregatedDerivativePriceFeed to register derivative mappings and grab rates. e.g., CompoundPriceFeed, ChaiPriceFeed
Interfaces for internal contracts (e.g., IFundDeployer ) are kept beside the contracts to which they refer. These are narrow interfaces that only contain the functions required by other non-plugin, release-level contracts (i.e., those in the "core" and "extensions" sections above). The idea was to have a handy visual reference to the intra-release surface area of interactions between contracts.
Last modified 7mo ago