Superform USDC rate providers and vaults on Mainnet and Base #257
Conversation
MattPereira
force-pushed
the
superform-USDC-vaults
branch
from
35e65d5 to
44d780f
Compare
|
|
||
| ## Conclusion | ||
| **Summary judgment: USABLE** | ||
| The outlined ERC4626 Vaults should work with Balancer pools, but are not compatible with buffers since `testWithdraw` reverts with "too much loss", perhaps because SuperVaults leverage Yearn v3 `TokenizedStrategy` contract, which requires profits to be gradually unlocked over time, making it difficult to guarantee immediate withdrawals at the expected share price. Fork tests can be seen [here](https://github.com/balancer/balancer-v3-erc4626-tests/pull/24) |
There was a problem hiding this comment.
Without knowing the contract in details I suspect that gradual unlocks of profits should not lead to "losses" accrueing. At most the same amounts should be withdrawn, right?
There was a problem hiding this comment.
My interpretation of the failling test was that it attempts to withdraw based on an expected amount the test calculates, but that amount ends up being too low because the SuperVault contract will only release funds that have been unlocked, and not the full amount including profits until the over time part elapses
| "summary": "safe", | ||
| "review": "./SuperformSuperVaultReview.md", | ||
| "warnings": ["buffer"], | ||
| "isCompatible": "false" |
There was a problem hiding this comment.
The failing fork tests are an indication that this Vault is not comppatible
| ### Administrative Privileges | ||
| - [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). | ||
|
|
||
| - [ ] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). |
There was a problem hiding this comment.
You mentioned it in your context section, the entity authorised by onlySuperVaultsStrategist. Can add RebalanceArgs. This includes a adding new superforms.
Since totalAssets() is changed as part of a _harvestAndReport we would want to understand for example how:
numberOfSuperformsIBaseForm(superform).previewRedeemFrom(spBalance)
behaves. As part of the review we learned that as part of the rebalance numberOfSuperforms can be increased and potentially add new external call targets influencing the rate.
Based on my reading so far, there is super form validation to make sure only accurate data is added during a rebalance. The data validation includes:
- duplicate checks
- whitelist checks
- is superform from factory check
- superform existence check
Suggestion: I would tick the upgradeable section as it is not a "proxy upgrade" but a new contract inclusion upgrade and give a rundown of how such a process could potentially be misused and what guardrails are in place to protect against that. Ultimately add the address of the VaultStrategist and get in touch with Superform on the security of the pk / multisig and if helpful for the reader add that information here
| ### Administrative Privileges | ||
| - [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). | ||
|
|
||
| - [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). |
There was a problem hiding this comment.
Thanks for adding this information.
Closes #224
Summary
SuperVaultManagerrole controls a whitelist of vaults where funds can be allocated.SuperVaultStrategistrole is allowed to rebalance the allocation of assets amongst whitelisted vaults"isCompatible": falseassuming that compatibility refers to buffers