Summary:
The proposal aims to approve the actions taken by the Emergency Guardians, and to vote on the implementation of the resolution related to the detected bug.
Context:
On November 30th we detected a bug related to how the fees generated by the protocol are calculated. This is linked to the way the bridging module works.
Currently, to calculate the fees generated, the protocol compares total debt to total supply. As debt increases due to borrowing rates, it is always higher than the total supply of stablecoin in circulation. The protocol therefore deducts the total debt from the total supply to calculate the fees generated.
Note: No users funds at risk, the protocol is working as intended and it is not possible to economically exploit the protocol, the bridging module is working as intended.
The total debt is calculated by the RatesManager contract (e.g PAR on Ethereum: Mimo Capital: Rates Manager (0x8d4B22346c4c2F8aA023Af201219dD5AE93E9EcE) | Address 0x8d4B22346c4c2F8aA023Af201219dD5AE93E9EcE | Etherscan)
The generated fees are calculated by the VaultsCoreState contract (e.g PAR on Ethereum: Mimo Capital: Vaults Core State (0x9A99a3911357F3f1934dc423956713E087eF6F25) | Address 0x9A99a3911357F3f1934dc423956713E087eF6F25 | Etherscan) via the âavailableIncomeâ function.
Generated fees are minted by via the âreleaseâ function in the FeeDistributor contract (e.g PAR on Ethereum: Mimo Capital: Fee Distributor (0x585c9ad00d5dd65f3fee6aa64ffa17aec38c718a) | Address 0x585c9ad00d5dd65f3fee6aa64ffa17aec38c718a | Etherscan)
When someone is bridging, for example bridging PAR from Ethereum to Polygon PoS, PAR are burned on Ethereum and then new tokens are minted on Polygon PoS. This reduces the supply of PAR on Ethereum and increases the supply on Polygon PoS.
However, as the calculation of generated fees is based on total supply, burning/minting tokens makes the formula for calculating generated fees outdated.
This has created a situation where:
- as the supply on Ethereum becomes less than the total debt, with the current formula the protocol finds itself minting bridged PAR to other chains as a fee.
- as the supply on Polygon becomes greater than the total debt, the protocol no longer generates any revenue (until total debt comes back above total supply).
There are currently 195,660.78 PAR having been bridged from Ethereum to Polygon PoS & Fantom, including 195,655.77 on Polygon PoS and 5.00 on Fantom. There are currently 0.016 paUSD bridged from Ethereum to Polygon PoS.
This means that there are 195,660.78 PAR in excess that can be minted on Ethereum as fees right now, but it would take 195,655.77 PAR of fees generated on Polygon PoS for the protocol to start generating fees again. As the paUSD amounts were extremely low, the costs generated offset them.
In response to this situation, emergency guardians decided to pause PAR and paUSD bridging modules. Transactions pausing the paUSD and PAR bridging module, performed by emergency guardians can be found here:
- Ethereum: Ethereum Transaction Hash (Txhash) Details | Etherscan
- Polygon PoS: Polygon PoS Chain Transaction Hash (Txhash) Details | PolygonScan
- Fantom: Fantom Transaction Hash (Txhash) Details | FTMScan
Rationale:
Following joint discussions between Mimo Labs and Cooper Labs, a solution was decided, and is already being implemented.
Rework the BridgeableToken contract:
- Lock underlying stablecoins sent from the contract instead of burn them
- â When an lzReceive message is received, transfer priority to underlying if not enough underlying => mint again underlying and track the mint amount via an uint256 underlyingMinted
- â If underlyingMinted is > 0 during a send, burn until underlyingMinted = 0, otherwise lock
- â Fork the OFT standard in order to remove dusts tokens
Rework the VaultsCoreState contract :
- Contract must store the bridgeableToken address associated with its underlying
- â Rework the âavailableIncomeâ function, must subtract the minted amount from the calculation to avoid having more supply than expected
- Note: Due to the pragma version, there is a possibility that we delete the syncStateFromV1 function to avoid contract size overflow.
We expect to have updated contracts ready for audits by the end of this week. They will then be audited before being implemented in production.
Means:
- Human Resources: Multisig signers will need to sign transactions to execute the proposal.
- Treasury Resources: No treasury resources needed.
Technical implementation:
On Ethereum:
- Mint generated fees
- Create a special multisig to receive unwanted PAR (195,660.78) & paUSD (0.016) from bridged tokens
- Send unwanted PAR (195,660.78) & paUSD (0.016) to the created multisig
- Once new lz-PAR & lz-paUSD contracts deployed on Ethereum, send 195,660.78 PAR to the lz-PAR contract & 0.016 paUSD to the lz-paUSD contract
For each stablecoin, on Ethereum, Polygon PoS & Fantom:
- Deploy the updated bridging module with the same minted/burned amounts & limits
- Remove Mint/Burn role to the old bridging module contract
- Deploy the updated VaultsCoreState contract
- â Re-deploy the VaultsCore contract with updated VaultsCoreState address
- Remove Mint/Burn role to the old VaultsCore contract
- Add Mint/burn role to the new VaultsCore contract
- â Call the âsyncStateâ function from the old VaultcoreState on the new one in order to get back cumulativeRates & lastRefresh
- Update the AddressProvider by updating VaultsCore & VaultsCoreState contracts address
- â Re-deploy the MimoVaultCoreAction from SuperVaults
- Update the library with new contract addresses
- Update frontend
Voting Options:
- For the Implementation
- Abstain
- Against / Rework the Proposal
Authors: Mimo Labs & Cooper Labs
Community poll:
- For the Implementation
- Abstain
- Against / Rework the Proposal