Tetu EOA Protection
Tetu has a central governance contract - Controller under control of MultiSig Wallet with public signers.
However, for reducing EOA effect we implement different levels of access to our contracts.

Level 1 - Strict access

We have 48h time lock for any actions on this layer.
Protection logic implemented in a special contract - Announcer
Announcer contains scheduling for time-locked operations.
For each function announce call twice forbidden.
Function types under time-lock control:
  • Any contract address changes in Controller
  • Any ratio changes (currently Profit Sharing and Fund ratios)
  • Any token movements from contracts to MultiSig Wallet
  • TETU mint operation
  • Proxy contract upgrades
  • Strategy change for a vault
The only controller has access to this type of function and can call it only after the time-lock period.

Level 2 - Governance actions

On this layer, we will not use time-lock for the reason of not critical functionality or urgent actions.
Controller or Governance can call it immediately:

Bookkeeper

  • Remove vaults or strategies from the registered lists

Controller

  • Add/remove Reward Distributor addresses
  • Add/remove HardWorker addresses
  • Add/remove from Whitelist
  • Register Vault/Strategy

FeeRewardForwarder

  • Set conversation path for rewards

Strategy

  • Emergency exit from external project and pause investing
  • Continue investing
  • Move money from strategy to vault
  • Invest money from strategy to external project

MintHelper

Only MintHelper has access to our TETU token contract and this address is unchangeable.
  • Setup Dev Funds addresses and ratios for next mints

SmartVault

  • Change activity status
    Deactivated vault can't do HardWork and accept Deposits. Withdraw allowed.
  • Call DoHardWork
  • Add/Remove reward tokens
  • Rebalance vault (withdraw all from strategy to vault and invest again)
  • Withdraw all from strategy to Vault

LiquidityBalancer

  • Move tokens from LiquidityBalancer to Controller contract
  • Set target Price/TVL
  • Set Router
  • Set Targets' Update ratios

NotifyHelper

  • Disperse weekly emission
  • Move tokens from NotifyHelper to Controller

PayrollClerk

  • Add worker or change the worker wallet address
  • Change any worker settings except worked hours
  • Pay salary
  • Set Price Calculator address
  • Move tokens from PayrollClerk to Controller

PriceCalculator

  • Change any settings

Level 3 - HardWorkers and Reward distributors actions

Any actions allowed for HardWorker/Distributor also allowed for Controller and Governance
Allowed:
  • DoHardWork for HardWorker
  • Call LiquidityBalancer for HardWorker
  • Disperse rewards for vaults for Reward Distributor
Export as PDF
Copy link
Outline
Level 1 - Strict access
Level 2 - Governance actions
Level 3 - HardWorkers and Reward distributors actions