Repository containing the necessary smart contracts to propose Proof of Reserve for AAVE v2/v3 pools.
Proof-of-Reserve is a system by Chainlink that allows for reliable monitoring of reserve assets, and usage of that data feed directly on-chain. If anomaly will be detected for a single asset, the system will try to apply the highest possible protections on the pool.
Below is the general flow of the proof of reserve check:
- Anyone can call publicly opened method executeEmergencyAction() of the Executor for the desired pool.
- The Executor asks the Aggregator if any of the reserves is unhealthy at the moment.
- Aggregator compares total supply against Chainlink's Proof of Reserve feed for every token enabled in prior.
- If at least one reserve is compromised, then
- for Aave V2 Executor disables borrowing for every asset on the pool and freezes only the exploited assets.
- for V3 the broken asset is freezed and it's LTV is set to 0.
A common ProofOfReserveAggregator smart contract, acting as a registry of pairs (asset address, proof of reserve feed address) and also implementing and exposing a areAllReservesBacked() function, which, for a list of asset addresses does the validation of proof of reserve feed value โฅ total supply of the asset. If any asset passed on the list of inputs will not fulfill that requirement, the result of areAllReservesBacked() will be false. It is also possible to use the bridge wrapper to get the total supply, if the asset has two bridges on the network.
This contract is common, to be used by both Aave v2 and v3 systems, each one with different pool logic.
- Each Aave v2 and Aave v3 pools will have their own associated smart contract implementing ProofOfReserveExecutorBase, exposing mainly 2 functions:
- areAllReservesBacked(). Returning at any time if all the assets with a proof of reserve feed associated are properly backed.
- executeEmergencyAction(). Callable by anybody and allowing to execute the appropriate protective actions on the Aave pool if areAllReservesBacked() would be returning a false value.
- The action to be executed on v2 is stopping borrowing of all the assets and freezing only the assets which did not pass proof of reserve validation.
- on v3 the assets which did not pass proof of reserve validations will be freezed and their LTV will be set to 0.
- The ProofOfReserveExecutorV3 of Aave v3 will have riskAdmin permissions from the Aave v3 protocol, allowing this way to adjust LTV when the defined conditions are met.
- To allow the ProofOfReserveExecutorV2 of Aave v2 to halt borrowing and freeze exploited reserves, as the permissions system on Aave v2 is less granular than in v3, we have added a new role PROOF_OF_RESERVE_ADMIN on the v2 addresses provider smart contract, and updated the pool configurator contract to allow both the pool admin (previously) and the new proof of reserve admin (the ProofOfReserveExecutor of v2) to disable borrowing and freeze reserve.
- The addition/removal of assets with a proof of reserve will be controlled via the standard Aave governance procedures. Everything else (monitoring if all reserves are backed, execute the emergency action if not) is completely permissionless, algorithmically defined.
ProofOfReserveKeeper contract which is compatible with Chainlink Keeper Automation to add more assurances on the execution timing.
performUpkeep()
won't be executed if it will consume more than 5m gas. Currently gas consumption is about 500k for six assets; eye should be kept on this metric upon adding of every new asset.
As for several assets on the Avalanche network deprecated bridge co-exist with the actual one, AvaxBridgeWrapper was implemented to return the sum of supplies.
Asset | PoR feed | Bridge Wrapper |
---|---|---|
AAVE.e | 0x14C4c668E34c09E1FBA823aD5DB47F60aeBDD4F7 | To be deployed |
WETH.e | 0xDDaf9290D057BfA12d7576e6dADC109421F31948 | To be deployed |
DAI.e | 0x976D7fAc81A49FA71EF20694a3C56B9eFB93c30B | To be deployed |
LINK.e | 0x943cEF1B112Ca9FD7EDaDC9A46477d3812a382b6 | To be deployed |
WBTC.e | 0xebEfEAA58636DF9B20a4fAd78Fad8759e6A20e87 | To be deployed |
BTC.b | 0x99311B4bf6D8E3D3B4b9fbdD09a1B0F4Ad8e06E9 | - |
- DeployProofOfReserveAvax.s.sol: This script will deploy Aggregator, Executors, Keeper, all Bridge Wrappers and two proposal contracts.
- ProposalPayloadProofOfReserve will
- enable proof of reserve feeds and assets in Aggregator, ExecutorV2 and ExecutorV3 contracts
- set ExecutorV3 as the Risk Admin
- register Chainlink Automation for v2 and v3
- deploy new implementation of the V2 Pool Configurator contract
- set ExecutorV2 as PROOF_OF_RESERVE_ADMIN
Audit reports:
To add a new PROOF_OF_RESERVE_ADMIN
role to the V2 pool new implementation of the LendingPoolConfigurator contract is deployed. Difference between current implementation and the new one is here.
This repo has forge and npm dependencies, so you will need to install foundry then run:
forge install
and also run:
npm i
To run the tests just run:
forge test