-
Notifications
You must be signed in to change notification settings - Fork 22
Security
Security is of the utmost importance in the Maple protocol. In order to ensure the safety of the capital held within the system, multiple measures have been taken.
The Maple protocol considers Pool Delegates to be trusted actors. Pool Delegates must be validated by the Maple protocol, have a public reputation, and LPs and Stakers are electing them to manage their funds in a safe and responsible way.
The Maple protocol has extensive testing of all functionality, using HEVM to perform native Solidity unit and fuzz testing against a fork of Ethereum mainnet.
The Maple protocol will be undergoing a full scope protocol audit with external auditors Dedaub and Peckshield. The final reports from these audits are posted below:
- Dedaub-Audit-Report-Maple-Core.pdf
- Dedaub-Audit-Report-MPL-ERC20.pdf
- PeckShield-Audit-Report-Maple-Core.pdf
- PeckShield-Audit-Report-MPL-ERC20.pdf
After audits are conducted and all necessary changes have been made to the smart contracts, the protocol will be made public and will be submitted for a Code Arena competition.
Once all smart contracts are deployed to mainnet, a smart contract monitoring system will be used to immediately identify any suspicious/malicious behaviour against the protocol. The team is still evaluating which product to use for this, but Tenderly will probably be used.
In the event of an oracle outage, all transactions requesting asset prices will be reverted. This behaviour will immediately be reported through the smart contract monitoring tool. To address the issue, the Security Multisig can temporarily provide a manual override on the oracle price for a given asset.
In the event of a protocol exploit, two multisigs are available to use. The first is the security multisig, which has the following capabilities (outside of oracles):
- Pause
Loan.fundLoan()- prevents new capital from entering Loans (only if Borrower grants permission to the multisig in advance) - Pause
Pool.setLiquidityCap()- prevents new capital from entering Pools (only if Pool Delegate grants permission to the multisig in advance) - Pause
StakeLocker.stake()- prevents new capital from entering StakeLocker (only if Pool Delegate grants permission to the multisig in advance)
In the case of a more serious exploit where immediate emergency action must be taken to prevent a loss of funds, the emergency multisig can be used. This multisig has the simple ability to call setProtocolPause, which sets Globals.protocolPaused() to true, which stops all external facing functions in the Maple protocol besides ERC-20 transfer and transferFrom. It is acknowledged that this is a highly powerful feature, so once the protocol is deemed to be in a stable and safe state, the admin of Globals will be set from the Emergency Multisig to address(0), after which it cannot be added back.