SIP-76: Integrate Warning Flags to Disable Transactions
Author | |
---|---|
Discussions-To | https://research.synthetix.io/t/sip-76-chainlink-warning-flags/167 |
Status | Implemented |
Created | 2020-08-05 |
Simple Summary
Integrate Chainlink’s warning flags contract into Synthetix to prevent any mutative action against a synth that has its price feed flagged.
Abstract
Chainlink have prepared a flags contract which allows them to indicate if there's an issue with a given Aggregator
. During an exchange
of src
to dest
synth, if the corresponding Aggregator
is flagged, then the exchange
will fail. In addition, all issuance functions (issue
, burn
, claim
) also need to be prevented as these require the calculation of the entire debt pool, which cannot be done if any synth has an invalid price.
Motivation
As the Synthetix protocol migrates to Chainlink feeds for all remaining prices (in the upcoming SIP-36), the primary responsibility of monitoring and maintenance shifts from Synthetix to Chainlink. Having a flags contract controlled by the Chainlink team allows their monitoring teams to flip a warning switch in the case of any outage and prevents spurious actions on the Synthetix protocol taking advantage of incorrect pricing.
Specification
Overview
The interface proposed by Chainlink is a view
that takes an Aggregator
address
and returns a bool
. This value is true
if there is an issue and false
otherwise.
Synthetix's ExchangeRates
contract will need to expose this functionality so other contracts can check it at the time of exchanging or issuance. It currently exposes rateIsStale
, so this functionality can be replicated by a function rateIsInvalid
that encompasses either rateIsStale
OR rateIsFlagged
.
Rationale
ExchangeRates
is the only contract that currently knows about the pricing Aggregator
addresses. The various issuance and exchanging functionality already interfaces with ExchangeRates
to check for stale rates. This check can be modified into a new function rateIsInvalid
that can combine a stale check with a flag check. If a transaction fails due to rateIsInvalid
, the specific reason can be inferred from reading the state of the ExchangeRates
contract for that currencyKey
- either stale or flagged.
Technical Specification
ExchangeRates
to be given a new functionrateIsInvalid
that returnstrue
if the givencurrencyKey
is either stale or flagged. In additionratesAndStaleForCurrencies
andanyRateIsStale
will be renamed to replaceStale
withInvalid
and modified to iniclude the flagged state.- All uses of
rateIsStale
and its associated functions in other Synthetix contracts, to be replaced with the aforementionedInvalid
counterparts
Test Cases
Given there exists a user Marie with 100 SNX
, 5 sUSD
, 1 sETH
and 0.1 sBTC
And the flag contract returns true
for the aggregator address of sETH
-
When Marie attempts to exchange all her
sUSD
forsETH
, -
❌ Then the transaction fails as the rate of
sETH
is invalid -
When Marie attempts to exchange all her
sETH
forsUSD
-
❌ Then the transaction fails as the rate of
sETH
is invalid -
When Marie attempts to exchange all her
sBTC
forsUSD
-
✅ Then the transaction succeeds as the rate of
sBTC
is valid (sUSD
is always valid) -
When Marie attemps to issue more
sUSD
, burn hersUSD
or claim any outstanding rewards -
❌ Then the transaction fails as one of the synth rates (
sETH
) is invalid
Configurable Values (Via SCCP)
None.
Copyright
Copyright and related rights waived via CC0.