SIP-76: Integrate Warning Flags to Disable Transactions

Author
StatusImplemented
TypeGovernance
NetworkEthereum
ImplementorTBD
ReleaseTBD
Created2020-08-05

Simple Summary

Integrate Chainlink’s warning flags contract into Synthetix to prevent any mutative action against a synth that has its price feed flagged.

Abstract

Chainlink have prepared a flags contract which allows them to indicate if there's an issue with a given Aggregator. During an exchange of src to dest synth, if the corresponding Aggregator is flagged, then the exchange will fail. In addition, all issuance functions (issue, burn, claim) also need to be prevented as these require the calculation of the entire debt pool, which cannot be done if any synth has an invalid price.

Motivation

As the Synthetix protocol migrates to Chainlink feeds for all remaining prices (in the upcoming SIP-36), the primary responsibility of monitoring and maintenance shifts from Synthetix to Chainlink. Having a flags contract controlled by the Chainlink team allows their monitoring teams to flip a warning switch in the case of any outage and prevents spurious actions on the Synthetix protocol taking advantage of incorrect pricing.

Specification

Overview

The interface proposed by Chainlink is a view that takes an Aggregator address and returns a bool. This value is true if there is an issue and false otherwise.

Synthetix's ExchangeRates contract will need to expose this functionality so other contracts can check it at the time of exchanging or issuance. It currently exposes rateIsStale, so this functionality can be replicated by a function rateIsInvalid that encompasses either rateIsStale OR rateIsFlagged.

Rationale

ExchangeRates is the only contract that currently knows about the pricing Aggregator addresses. The various issuance and exchanging functionality already interfaces with ExchangeRates to check for stale rates. This check can be modified into a new function rateIsInvalid that can combine a stale check with a flag check. If a transaction fails due to rateIsInvalid, the specific reason can be inferred from reading the state of the ExchangeRates contract for that currencyKey - either stale or flagged.

Technical Specification

  • ExchangeRates to be given a new function rateIsInvalid that returns true if the given currencyKey is either stale or flagged. In addition ratesAndStaleForCurrencies and anyRateIsStale will be renamed to replace Stale with Invalid and modified to iniclude the flagged state.
  • All uses of rateIsStale and its associated functions in other Synthetix contracts, to be replaced with the aforementioned Invalid counterparts

Test Cases

Given there exists a user Marie with 100 SNX, 5 sUSD, 1 sETH and 0.1 sBTC And the flag contract returns true for the aggregator address of sETH

  • When Marie attempts to exchange all her sUSD for sETH,

  • ❌ Then the transaction fails as the rate of sETH is invalid

  • When Marie attempts to exchange all her sETH for sUSD

  • ❌ Then the transaction fails as the rate of sETH is invalid

  • When Marie attempts to exchange all her sBTC for sUSD

  • ✅ Then the transaction succeeds as the rate of sBTC is valid (sUSD is always valid)

  • When Marie attemps to issue more sUSD, burn her sUSD or claim any outstanding rewards

  • ❌ Then the transaction fails as one of the synth rates (sETH) is invalid

Configurable Values (Via SCCP)

None.

Copyright and related rights waived via CC0.