FundDeployer is the gateway for a user to create a new fund and signal the migration of a fund from an old release to the current release.
As described in the previous page, this is the contract that the
Dispatcher considers as the
currentFundDeployer, thus allowing it to deploy and migrate
FundDeployer deploys configuration contracts (
ComptrollerProxy ) per-fund that are then attached to
VaultProxy instances (more in the next section).
FundDeployer is also used as a release-wide reference point for a couple types of values.
The first is the
releaseStatus . When set to
Paused , any functions that write to
VaultProxy storage are prohibited, other than redeeming shares. This is a safety mechanism in the case that a critical bug is discovered in one of the protocol contracts.
The second storage value of
FundDeployer that is referred to release-wide is a registry of allowed "vault calls" , which is referred to by the
ComptrollerLib. This allows for arbitrary calls to be made from the
msg.sender , which will be used in calls such as delegating the
SynthetixAdapter as an approved trader of Synths directly from the
There is 1 shared
FundDeployer for the release.
ComptrollerProxy is deployed per-fund, and it is the canonical contract for interacting with a fund in this release. It stores core release-level configuration and is attached to a
VaultProxy via the latter's
accessor role described on the previous page.
All state-changing calls to the
VaultProxy related to the fund's holdings and shares must thus pass through the
ComptrollerProxy, making it a critically important bottleneck of access control.
The storage and logic of the
ComptrollerProxy are defined by the
ComptrollerLib and its associated libraries. Though it inherits the same upgradable
Proxy as the
VaultProxy, there is no way to call for an upgrade in this release.
As described on the previous page, the
VaultLib contract contains the storage layout, event signatures, and logic for
VaultProxy instances that are attached to this release.
There is 1 shared
VaultLib for the release.
Extensions extend the logic of the core contracts by adding additional kinds of functionality.
They are semi-trusted, in that they are selectively granted access to state-changing calls to
In order to make such a state-changing call, two conditions must be met:
The Extension function must have been called by a
ComptrollerProxy via a function with the
allowsPermissionedVaultAction modifier, which opens the calling
VaultProxy state changes.
The state-changing call must pass back through the
ComptrollerProxy, and is delegated to the
PermissionedVaultActionLib to determine whether the calling Extension is allowed to perform such an action.
This paradigm assures that an Extension can only perform a state-changing action to a
VaultProxy if it was called by that
ComptrollerProxy and if the Extension is permitted to make such a change at all.
Though this might seem like overkill for the current release, where extensions are all trusted and audited, it reduces the auditing surface area (e.g,.
PolicyManager has no permitted actions) and opens the door for a subsequent release to allow arbitrary Extensions.
In this release, there are three Extensions. All funds share one contract per Extension.
IntegrationManager allows exchanging a fund's assets for other assets via "adapters" to DeFi protocols (e.g., Uniswap, Kyber, Compound, Chai).
It treats these adapter plugins in an almost untrusted manner (it does rely on adapters to report the expected assets to spend and receive based on user input), validating asset values spent and received against expected values, and also providing the opportunity for policies to implement hooks that are run pre- and post-asset exchange.
PolicyManager allows state validation via "policies" that implement hooks invoked while buying shares and making an exchange in the
There is no trust involved in policies, as the
PolicyManager has no access to state-changing vault actions.
FeeManager allows for "fees" to dictate the minting, burning, or transferal of fund shares, according to their internal logics.
FeeManager invokes hooks at different points in core logic, namely while buying shares, redeeming shares, and upon a specific function to invoke a "continuous" hook (e.g., for a
ManagementFee that grows every block).
Each of the Extensions above make use of plugins. The
IntegrationManager uses "adapters", the
PolicyManager uses "policies", and the
FeeManager uses "fees".
Allowed plugins are all defined on registries in their respective Extensions.
As with Extensions, the plan for subsequent releases is to open up these plugins for third party development.
In addition to "core" and "extension" release-level contracts, there are also entirely decoupled "infrastructure" contracts that can theoretically be recycled between releases. Currently, this category only contains contracts that are related to asset prices and values, but it can also contain contracts such as a forthcoming release that will implement protocol fees.
ValueInterpreter is the single point of aggregation of various price feeds that are used to calculate the value of one or many input asset amounts in terms of an output asset.
There are two categories of assets in this release:
"primitives" - assets for which we have direct rates with which to convert one primitive to any other (e.g., WETH, MLN, etc)
"derivatives" - assets for which we only have rates in terms of underlying assets (e.g., Chai, Compound cTokens, Uniswap pool tokens, etc)
ValueInterpreter determines whether an asset is a primitive or derivative, and executes logic to use corresponding price feeds to determine the value in the output asset.
There is only one supported price feed for each category in this release, so both are hardcoded as
ChainlinkPriceFeed provides all conversions between primitives. This feed registers assets with their Chainlink aggregators, thus defining the primitive asset universe for the release.
AggregatedDerivativePriceFeed serves as a central registry that maps derivatives to their corresponding price feeds, and fetches rates from them.
There are several individual price feeds that provide the actual rates of derivatives to their underlying assets. Each inherits
IDerivativePriceFeed to provide a standard interface for the
AggregatedDerivativePriceFeed to register derivative mappings and grab rates. e.g.,
All interfaces to external contracts are contained in the
Interfaces for internal contracts (e.g.,
IFundDeployer ) are kept beside the contracts to which they refer. These are narrow interfaces that only contain the functions required by other non-plugin, release-level contracts (i.e., those in the "core" and "extensions" sections above). The idea was to have a handy visual reference to the intra-release surface area of interactions between contracts.