[VPD-778] Configure Fixed Rate Vaults on Mainnet#705
Open
GitGuru7 wants to merge 10 commits into
Open
Conversation
fred-venus
reviewed
May 27, 2026
fred-venus
reviewed
May 27, 2026
| { | ||
| target: ACM_AGGREGATOR, | ||
| signature: "addGrantPermissions((address,string,address)[])", | ||
| params: [PERMISSIONS], |
Contributor
There was a problem hiding this comment.
This should be done ahead of the vip. I saw addGrantPermissions itself is permissionless
- if attacker calls
addGrantPermissionsahead of us, its gonna take theindex=2 - then in the follow up cmd we have executeGrantPermissions(2) and we are fucked
Contributor
|
also i guess we will need to update the implementation of PSR |
fred-venus
reviewed
May 27, 2026
| { | ||
| target: INSTITUTIONAL_VAULT_CONTROLLER, | ||
| fn: "approvePositionTransfer(address)", | ||
| callers: [NORMAL, FAST_TRACK, CRITICAL], |
Contributor
There was a problem hiding this comment.
pls add CRITICAL_GUARDIAN as well for easier operation
Contributor
There was a problem hiding this comment.
also seems the signature is wrong
fred-venus
reviewed
May 27, 2026
| target: INSTITUTIONAL_VAULT_CONTROLLER, | ||
| fn: "openVault(address)", | ||
| callers: [NORMAL, FAST_TRACK, CRITICAL, CRITICAL_GUARDIAN], | ||
| }, |
Debugger022
reviewed
May 27, 2026
| import ACM_AGGREGATOR_ABI from "./abi/ACMAggregator.json"; | ||
| import ACCESS_CONTROL_MANAGER_ABI from "./abi/AccessControlManager.json"; | ||
| import INSTITUTION_POSITION_TOKEN_ABI from "./abi/InstitutionPositionToken.json"; | ||
| import INSTITUTIONAL_VAULT_CONTROLLER_ABI from "./abi/InstitutionalVaultController.json"; |
Contributor
There was a problem hiding this comment.
ABI is stale — has approvePositionTransfer(address) (1 param, should be 2) and missing cancelVault(address). VIP permission strings are correct (verified against on-chain source at 0x9e1ECb...). ABI needs regeneration from build artifacts.
Existing 'CriticalGuardian should be able to create vault' test only asserts that the call doesn't revert with Unauthorized — but the test config has marginRate=1.5e18 and fixedAPY=5e16, both of which violate _validateVaultConfig invariants, so the call always reverts with InvalidConfig and the success path is never exercised. Add a parallel test that: - uses valid config (marginRate=0.5e18, fixedAPY=500 bps) - deploys a stub oracle returning 1e18 and swaps it in via NT (since the forked ResilientOracle's chainlink feeds go stale after testVip advances time past the timelock delay) - asserts VaultCreated is emitted, allVaultsLength increments, and the new vault is registered
fred-venus
approved these changes
May 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
VIP-627: Activate Institutional Fixed Rate Vault System
Summary
If passed, this VIP activates the Institutional Fixed Rate Vault system on BNB Chain and upgrades the Protocol Share Reserve to support it. The new system introduces fixed-rate, time-bound vaults intended for whitelisted institutional borrowers, with a dedicated liquidation flow separate from the existing core pool.
Description
The proposal performs the following on-chain actions:
1. Grant ACM permissions via the ACMCommandsAggregator
Permissions for the new InstitutionalVaultController and LiquidationAdapter contracts have been pre-loaded off-chain into the ACMCommandsAggregator (index 3). The VIP temporarily grants the aggregator the DEFAULT_ADMIN_ROLE on the AccessControlManager, executes the batch, and revokes the role in the same proposal. This grants role-based access (33 permissions in total) over all administrative functions of both contracts to the Normal / Fast-track / Critical timelocks and, where appropriate, the Critical Guardian.
2. Complete two-step ownership transfers
The InstitutionalVaultController, the LiquidationAdapter, and the InstitutionPositionToken were deployed with their Ownable2Step pending owner set to the Normal Timelock. The VIP calls acceptOwnership() on the controller and adapter, and acceptPositionTokenOwnership() on the controller (which in turn accepts ownership of the position-token NFT).
3. Wire the LiquidationAdapter into the controller
Call setLiquidationAdapter on the InstitutionalVaultController, pointing it at the newly deployed LiquidationAdapter.
4. Whitelist the Critical Guardian as the initial liquidator and settler
Whitelist the Critical Guardian on the LiquidationAdapter as both an authorized liquidator and an authorized settler, so that the dedicated liquidation flow can run under operational control while remaining governance-bounded.
5. Upgrade the ProtocolShareReserve implementation
Upgrade the ProtocolShareReserve proxy to a new implementation that recognises an additional income type produced by institutional-vault liquidations, so that protocol-share income flowing in from the LiquidationAdapter is routed and accounted for correctly.
Security and additional considerations
Deployed contracts (BNB Chain)