Adamant Finance
Adamant Finance
Adamant Finance
Adamant Finance
Introduction
ADDY token
Token Supply & Emission
Utility
Emission Schedule
Guides
Vaults
Staking LP Tokens to Earn ADDY
Locking ADDY
Locking ADDY - Examples
Comparison of Vesting/Staking/Locking ADDY
Furnace
Resources
FAQ
Polygon Contract Links
Arbitrum Contract Links
Contract Owner Privileges
Bounties
Links
Audits
Credits
Arbitrum Presale (finished)
Polygon Presale (finished)
Other Languages
Docs in Other Languages
Powered by GitBook

Contract Owner Privileges

Developer Response to the Certik audit and RugDoc review

The contracts below do not utilize upgradeable proxies unless otherwise stated.

AddyStakingRewards.sol

  • Centralization risk of migrate/migrateLockedStakefunction

  • Third-party IMigrator(migrator).migrate() dependencies

Reasoning for having that function:

  • If the functionality ofMultiFeeDistribution is ever changed, that would require a full ADDY token migration since that contract owns the ADDY token contract. Users would need the ability to migrate their locked liquidity positions from the old ADDY token to the new ADDY token.

  • If the platform hosting the ADDY/WETH pool is changed, that would also require liquidity to be migrated to the new platform (i.e. moving from Uniswap v2 to Uniswap v3).

The migrateLockedStakefunction requires the owner of each locked stake to manually authorize the migration of their stake to the new contract, unlike Pancake Swap's infamous migratefunction, which migrates all funds in the contract.

Minter.sol

  • Centralized Risk

  • Privileged ownership of addyPerProfitEth

These owner privilege issues are currently addressed by the minter contract being owned by a timelock contract.

Arbitrum note: Due to the rapid pace at which new vaults will be added for Arbitrum for the next few days, Arbitrum's minter contract currently isn't timelocked.

Reasoning for having those functions:

  • The developer will need to grant minting privileges to new vaults on a regular basis.

  • The developer will eventually need to change the price calculator contract in order to implement other suggested changes in the audit.

  • The developer will reduce the ADDY emission rate over time.

StrategyBase.sol

  • Owner can withdraw tokens except wantToken (the LP token that users deposit) and harvestedToken from the contract. The gauge (deposit receipt) token is also restricted for pools that have such tokens (i.e. Curve).

Reasoning for having that function:

  • Certain special vaults like the PUSD stability pool vault utilized an external contract to hold and convert "special" payments that the normal vault code does not account for, such as MATIC payments from Polyquity's stability pool after a liquidation. During a large downward price movement, the PUSD stability pool vault received over 900k MATIC worth of liquidation payments, which required the developer to withdraw it to an external contract and convert it to PUSD over the course of multiple days in order to avoid getting "rekt" by slippage.

VaultBase.sol/GenericVault.sol

  • Owner can change the early withdrawal penalty time (up to 30 days)

  • Owner can change the reward multiplier (up to 10x, reduced to 3x for newer vaults)

  • Owner can change the early withdrawal penalty (5%, reduced to 0.5% for newer vaults)

    • The Emergency Withdraw function is only meant to be used if there is an error with reward calculation that breaks the contract. Therefore, it is also affected by the early withdraw penalty and early withdrawal penalty time in order to prevent stakers from claiming rewards and then calling that function to bypass the early withdrawal penalty.

ERCFund.sol

  • Privileged ownership of recover

Reasoning for having that function:

  • The Converter contract owns the ERCFund contract. It uses the recoverfunction to transfer tokens to it, then performs various functions such as:

    • Breaking up LP tokens.

    • Converting tokens to WMATIC before sending it to the fee distribution contract.

    • Executing ADDY buybacks.

Previous
Arbitrum Contract Links
Next
Bounties
Last updated 2 weeks ago
Contents
AddyStakingRewards.sol
Minter.sol
StrategyBase.sol
VaultBase.sol/GenericVault.sol
ERCFund.sol