Protect the protocol from loss by adding a \"interaction timeout\" to Accounts which prevents withdrawals.
\nAdditionally, add checks which allow for disabling of most system functions in emergency situations similar to SystemStatus in v2x.
Synthetix v3 introduces revolutionary mechanisms which will change the way that DeFi looks at composable protocol design. However, perhaps the biggest threat to Synthetix\nis a cataclysmic protocol failure or smart contract hack which leads to loss of user funds (think about just about any bridge hack over 2022). New systems come with\ninherent risks, and\ncertain functions, such as withdraw or delegateCollateral, will likely be a massive target for potential attackers. Adding certain restrictions to deter\nthese attackers, such as interaction timeout and easy CC disabling paths, will both reduce the risk of these endpoints, as well as limit the potential damages\nif such an attack were to occur.
These solutions were chosen because they closely align with the successful SystemStatus which has been used in v2x to great effect.
A field, lastInteraction will be added the Account storage object which stores the unix timestamp of the last time a user interacted with their account. This timestamp will be updated every time a user performs a write-action on their\naccount, such as delegation, mintUsd, or deposit.
The withdraw function, which allows for removal of collateral from the system, is an endpoint of perhaps catastrophic concern if it were to be\nexploited during an attack. Therefore, an interaction timeout is added (ex. 8 hours) which completely disables an attacker's ability to withdraw collateral\nfrom the system through means of a flash loan attack, and gives ample time for internet sleuths or other interested parties to identify the issue\nbefore it can result in loss of protocol collateral.
The withdrawal function is primarily target for protection because every other function in v3 more or less just alters the internal accounting of the system,\nso in the case of an attack, we could hypothetically recover through a system update without loss of funds.
\nA SCCP configurable parameter, withdrawTimeout, will be added to the system to configure the wait time between account interaction and first allowed\nwithdrawal.
A function is added to FeatureFlagsModule, setDeniers, which permits specification of a list of ethereum addresses which may issue a call to disable\neach function on the system. The list of deniers will be coded in the synthetix-deployments repo and approved by SC, and most likely be a set of trusted\nCC members. deniers are not permitted to re-allow any features without owner approval.
The list of deniers is an SCCP configurable value. If the owner of the system is the pdao or another address outside the SC, an SC vote is required to re-allow any disabled feature.
\nNew feature flags will be introduced to protect the following functions:
\ncreateAccountdepositwithdrawmintUsdburnUsdliquidateliquidateVaultdepositMarketCollateralwithdrawMarketCollateraldepositMarketUsdwithdrawMarketUsdclaimRewardsdelegateCollateralAll these flags will be set to allowAll automatically by cannonfile step to allow for the usual system operation on initial deployment.
Relevant tests will be developed during implementation.
\nFor each CollateralConfiguration, the following parameters are added:
withdrawalTimeout the minimum number of seconds which should have elapsed since last account interaction before withdrawal of collateral from an account is allowed. Can be set to 0 to completely disable the timeout.deniers. for each feature listed above. the list of deniers who have permission to disable the given feature.Copyright and related rights waived via CC0.
"}},"pageContext":{"id":"fd8b6313-f6ab-50c4-9ca9-a90f36f34440","frontmatter__sip":316,"__params":{"frontmatter__sip":"316"}}},"staticQueryHashes":[]}