Skip to main content

Governor contracts

Directory: src/Governor

Collection of specialized governor contracts that can be installed as an admin in the EVK factory contract and as a governor admin in the EVK credit vaults.

FactoryGovernor

This is a contract that is intended to be installed as the upgradeAdmin of the GenericFactory that is used to create EVK vaults. When invoked by a caller of suitable privilege, this contract will invoke methods on the factory.

There are 3 privilege levels: default admin and guardian.

  • Default admins can invoke the factory with arbitrary calldata using the adminCall() function.
  • Pause Guardians can call pause() which replaces the factory implementation with a ReadOnlyProxy instance. To unpause, a default admins should use adminCall() to reinstate a (possibly fixed) implementation.
  • Unpause Guardians can call unpause() to reinstate a previously paused implementation in case the factory implementation was replaced with a ReadOnlyProxy instance due to a false positive.

Note that invoking pause() on a FactoryGovernor will instantly pause all upgradeable vaults created by this factory, so it should be used with caution. Non-upgradeable vaults will be unaffected.

ReadOnlyProxy

This is a simple proxy contract that forwards all calls to an wrapped implementation. However, it always invokes the calls with staticcall, meaning that read-only operations will succeed, but any operations that perform state modifications will fail.

The intent behind this contract is to minimise the damage to third-party integrations in the event of a pause. State-changing operations will fail until the contract is unpaused, but at least operations like reading balance and debt amounts will succeed.

Note that this contract uses a staticcall-to-self trick similar to the EVK.

GovernorGuardian

Instances of this contract are intended to be installed as the governor of one or more EVK vaults. Similarly to FactoryGovernor, these are proxy-like contracts that allow users with the default admin role to invoke the vault with adminCall(), and users with the guardian role to pause().

In addition, there is an unpause() function that can be invoked by anybody, once a PAUSE_DURATION amount of time has passed. Guardians can unpause immediately.

A PAUSE_COOLDOWN parameter prevents a guardian from continually pausing a vault: They must wait until a certain amount of time has elapsed after the previous pause.

In order to allow selective re-enabling of methods, guardians can invoke a changePauseStatus() function. This could be used to re-enable a subset of functionality, for example permitting withdrawals and repays but blocking a method that was discovered to contain buggy behaviour.

GovernorAccessControl

This contract can be installed as the governor of one or more EVK vaults and allows whitelisted callers to invoke specific functions on target contracts. It uses a fallback function to authenticate the caller and forward the call to the target contract. The address of the target contract is expected to be appended by the caller as trailing calldata and is extracted from it accordingly.

GovernorAccessControlEmergency

The GovernorAccessControlEmergency inherits from GovernorAccessControl and includes emergency functionality for certain critical operations. This allows authorized users to perform emergency actions without needing the full selector role:

  1. Emergency LTV Adjustment: Users with the LTV_EMERGENCY_ROLE can lower the borrow LTV without changing the liquidation LTV. As with all changes to borrow LTV, this takes effect immediately. The current ramp state for liquidation LTV (if any) is preserved.
  2. Emergency Vault Pausing: Users with the HOOK_EMERGENCY_ROLE can disable all operations on the vault.
  3. Emergency Caps Lowering: Users with the CAPS_EMERGENCY_ROLE can lower supply and/or borrow caps.

These emergency roles provide a way to quickly respond to critical situations without compromising the overall access control structure of the governor.