Release Architecture
Core
FundDeployer
The FundDeployer
is the gateway for a user to create a new fund and signal the migration of a fund from an old release to the current release.
As described in the previous page, this is the contract that the Dispatcher
considers as the currentFundDeployer
, thus allowing it to deploy and migrate VaultProxy
instances.
The FundDeployer
deploys configuration contracts ( ComptrollerProxy
) per-fund that are then attached to VaultProxy
instances (more in the next section).
The FundDeployer
is also used as a release-wide reference point for a couple types of values.
The first is the releaseStatus
. When set to Paused
, any functions that write to VaultProxy
storage are prohibited, other than redeeming shares. This is a safety mechanism in the case that a critical bug is discovered in one of the protocol contracts.
The second storage value of FundDeployer
that is referred to release-wide is a registry of allowed "vault calls" , which is referred to by the ComptrollerLib
. This allows for arbitrary calls to be made from the VaultProxy
as msg.sender
, which will be used in calls such as delegating the SynthetixAdapter
as an approved trader of Synths directly from the VaultProxy
.
There is 1 shared FundDeployer
for the release.
ComptrollerProxy
One ComptrollerProxy
is deployed per-fund, and it is the canonical contract for interacting with a fund in this release. It stores core release-level configuration and is attached to a VaultProxy
via the latter's accessor
role described on the previous page.
All state-changing calls to the VaultProxy
related to the fund's holdings and shares must thus pass through the ComptrollerProxy
, making it a critically important bottleneck of access control.
The storage and logic of the ComptrollerProxy
are defined by the ComptrollerLib
and its associated libraries. Though it inherits the same upgradable Proxy
as the VaultProxy
, there is no way to call for an upgrade in this release.
VaultLib
As described on the previous page, the VaultLib
contract contains the storage layout, event signatures, and logic for VaultProxy
instances that are attached to this release.
There is 1 shared VaultLib
for the release.
Extensions
Extensions extend the logic of the core contracts by adding additional kinds of functionality.
They are semi-trusted, in that they are selectively granted access to state-changing calls to VaultProxy
instances.
In order to make such a state-changing call, two conditions must be met:
The Extension function must have been called by a
ComptrollerProxy
via a function with theallowsPermissionedVaultAction
modifier, which opens the callingComptrollerProxy
toVaultProxy
state changes.The state-changing call must pass back through the
ComptrollerProxy
, and is delegated to thePermissionedVaultActionLib
to determine whether the calling Extension is allowed to perform such an action.
This paradigm assures that an Extension can only perform a state-changing action to a VaultProxy
if it was called by that VaultProxy
's corresponding ComptrollerProxy
and if the Extension is permitted to make such a change at all.
Though this might seem like overkill for the current release, where extensions are all trusted and audited, it reduces the auditing surface area (e.g,. PolicyManager
has no permitted actions) and opens the door for a subsequent release to allow arbitrary Extensions.
In this release, there are three Extensions. All funds share one contract per Extension.
IntegrationManager
The IntegrationManager
allows exchanging a fund's assets for other assets via "adapters" to DeFi protocols (e.g., Uniswap, Kyber, Compound, Chai).
It treats these adapter plugins in an almost untrusted manner (it does rely on adapters to report the expected assets to spend and receive based on user input), validating asset values spent and received against expected values, and also providing the opportunity for policies to implement hooks that are run pre- and post-asset exchange.
PolicyManager
The PolicyManager
allows state validation via "policies" that implement hooks invoked while buying shares and making an exchange in the IntegrationManager
There is no trust involved in policies, as the PolicyManager
has no access to state-changing vault actions.
FeeManager
The FeeManager
allows for "fees" to dictate the minting, burning, or transferal of fund shares, according to their internal logics.
Like the PolicyManager
, the FeeManager
invokes hooks at different points in core logic, namely while buying shares, redeeming shares, and upon a specific function to invoke a "continuous" hook (e.g., for a ManagementFee
that grows every block).
Plugins
Each of the Extensions above make use of plugins. The IntegrationManager
uses "adapters", the PolicyManager
uses "policies", and the FeeManager
uses "fees".
Allowed plugins are all defined on registries in their respective Extensions.
As with Extensions, the plan for subsequent releases is to open up these plugins for third party development.
Infrastructure
In addition to "core" and "extension" release-level contracts, there are also entirely decoupled "infrastructure" contracts that can theoretically be recycled between releases. Currently, this category only contains contracts that are related to asset prices and values, but it can also contain contracts such as a forthcoming release that will implement protocol fees.
ValueInterpreter
The ValueInterpreter
is the single point of aggregation of various price feeds that are used to calculate the value of one or many input asset amounts in terms of an output asset.
There are two categories of assets in this release:
"primitives" - assets for which we have direct rates with which to convert one primitive to any other (e.g., WETH, MLN, etc)
"derivatives" - assets for which we only have rates in terms of underlying assets (e.g., Chai, Compound cTokens, Uniswap pool tokens, etc)
The ValueInterpreter
determines whether an asset is a primitive or derivative, and executes logic to use corresponding price feeds to determine the value in the output asset.
There is only one supported price feed for each category in this release, so both are hardcoded as immutable
variables.
ChainlinkPriceFeed (IPrimitivePriceFeed)
The ChainlinkPriceFeed
provides all conversions between primitives. This feed registers assets with their Chainlink aggregators, thus defining the primitive asset universe for the release.
AggregatedDerivativePriceFeed
The AggregatedDerivativePriceFeed
serves as a central registry that maps derivatives to their corresponding price feeds, and fetches rates from them.
There are several individual price feeds that provide the actual rates of derivatives to their underlying assets. Each inherits IDerivativePriceFeed
to provide a standard interface for the AggregatedDerivativePriceFeed
to register derivative mappings and grab rates. e.g., CompoundPriceFeed
, ChaiPriceFeed
Interfaces
All interfaces to external contracts are contained in the release/interfaces/
directory.
Interfaces for internal contracts (e.g., IFundDeployer
) are kept beside the contracts to which they refer. These are narrow interfaces that only contain the functions required by other non-plugin, release-level contracts (i.e., those in the "core" and "extensions" sections above). The idea was to have a handy visual reference to the intra-release surface area of interactions between contracts.
Last updated