Contract Owner Privileges
Developer Response to third party audits and reviews
The contracts below do not utilize upgradeable proxies unless otherwise stated.
AddyStakingRewards.sol
Centralization risk of
migrate/migrateLockedStake
functionThird-party
IMigrator(migrator).migrate()
dependencies
Reasoning for having that function:
If the functionality of
MultiFeeDistribution
is ever changed, that would require a full ADDY token migration since that contract owns the ADDY token contract. Users would need the ability to migrate their locked liquidity positions from the old ADDY token to the new ADDY token.If the platform hosting the ADDY/WETH pool is changed, that would also require liquidity to be migrated to the new platform (i.e. moving from Uniswap v2 to Uniswap v3).
The migrateLockedStake
function requires the owner of each locked stake to manually authorize the migration of their stake to the new contract, unlike Pancake Swap's infamous migrate
function, which migrates all funds in the contract.
Minter.sol
Centralized Risk
Privileged ownership of
addyPerProfitEth
These owner privilege issues are currently addressed by the minter contract being owned by a timelock contract.
Reasoning for having those functions:
The developer will need to grant minting privileges to new vaults on a regular basis.
The developer will reduce the ADDY emission rate over time.
StrategyBase.sol
Owner can withdraw tokens except
wantToken
(the LP token that users deposit) andharvestedToken
from the contract. The gauge (deposit receipt) token is also restricted for pools that have such tokens (i.e. Curve).
Reasoning for having that function:
Certain special vaults like the PUSD (a collateralized stablecoin protocol) stability pool vault utilized an external contract to hold and convert "special" payments that the normal vault code does not account for, such as MATIC payments from Polyquity's stability pool after a liquidation. During a large downward price movement, the PUSD stability pool vault received over 900k MATIC worth of liquidation payments, which required the developer to withdraw it to an external contract and convert it to PUSD over the course of multiple days in order to avoid getting "rekt" by slippage.
SwaprStrategy.sol
Owner can migrate user tokens to a new staking address. This requires the approval of at least two Adamant staff member wallets in order to prevent the loss of user funds if a private key is compromised. This function is not present in any other vaults except for Swapr vaults, and no vault with this function has been deployed since 2021.
Reasoning for having that function:
Swapr deploys new staking reward contracts every two weeks. Due to the cost of moving between vaults every two weeks, users asked for a token migration function to be added.
VaultBase.sol/GenericVault.sol
Newer vaults don't have an early withdrawal penalty.
Owner can change the early withdrawal penalty time (up to 30 days)
Owner can change the reward multiplier (up to 3x)
Owner can change the early withdrawal penalty (up to 0.5%)
The Emergency Withdraw function is only meant to be used if there is an error with reward calculation that breaks the contract. Therefore, it is also affected by the early withdraw penalty and early withdrawal penalty time in order to prevent stakers from claiming rewards and then calling that function to bypass the early withdrawal penalty.
ERCFund.sol
Privileged ownership of
recover
Reasoning for having that function:
The
Converter
contract owns the ERCFund contract. It uses therecover
function to transfer tokens to it, then performs various functions such as:Breaking up LP tokens.
Converting tokens to WMATIC before sending it to the fee distribution contract.
Executing ADDY buybacks.
Managed Collateral Smart Farming Vaults
Repay
Guardians (repayment bots) can withdraw any amount of the user's Curve LP tokens, remove the USDC liquidity, and use all of the returned USDC to repay all or part of the user's debt to the Lending Pool (Aave or Mai).
Reasoning for having that function:
The repayment bot will automatically repay part of the user's debt when their loan falls below a certain health level in order to avoid liquidation.
It is possible that the repayment bot fails to repay the user's debt in time and that their collateral is liquidated. There are multiple reasons that could happen, like a denial of service attack on Polygon and/or the server the repayment bot is hosted on.
If the value of the LP token decreases due to the price of one of the tokens in the pool decreasing, the vault may have to sell some of the user's collateral to repay the loan.
If the vault did not earn any profit, the vault performance fee will be waived. Adamant will not compensate users for any loss of collateral.
Execute Transaction
Users can grant or revoke permission for the Guardians to execute arbitrary call data on their behalf.
Reasoning for having that function:
Aave/Mai Managed Collateral vaults are much more complex than normal vaults. Many tests were performed by the Adamant Team and the Solidity Finance auditors to make sure the vaults were working properly, but in the event of a major issue that breaks the vault, emergency transactions may need to be executed to rescue the user's funds.
The Vault Owner should exercise caution when granting this permission. It enables Guardians to execute any transactions on the contract's behalf, including withdrawing any tokens or ETH from the contract or the associated Lending Pool.
Last updated