VaultProxyun-migratable to any future release.
FundDeployer, rather than vice-versa.
FundDeployerinstances must be able to be bypassed in the case of failure.
FundDeployer.createMigratedFundConfig(). This deploys a
ComptrollerProxyand sets all release-level fund configuration, as described in "ComptrollerProxy Creation".
FundDeployer.signalMigration()with the addresses of the
VaultProxythat should be joined.
FundDeployervalidates that CallerA was the creator of the
ComptrollerProxyand is a valid migrator for the
FundDeployercalls up to
Dispatcher.signalMigration(), which stores a
MigrationRequestwith the passed values along with the
executableTimestamp(the timestamp at which the migration will be allowed to be executed, based on the
migrationTimelockvalue set on
Dispatcherat the time migration is signaled).
executableTimestamp, CallerA can call
FundDeployer.executeMigration(), which calls the mirroring function on the
Dispatchervalidates whether the
migrationTimelockhas elapsed for the
MigrationRequest, and whether the calling
FundDeployeris still the
currentFundDeployer(migrations to stale releases are not allowed).
setAccessor()in order on the
VaultProxy, updating the target of the proxy and the
ComptrollerProxy.activate()to set the migrated
ComptrollerProxyand to give extensions a final chance to update state before the the fund can start taking investments.
migrationTimelock, which defines the minimum time that must elapse between signaling and executing a migration. This gives investors the opportunity to opt-out of a fund if they do not agree to the upgrade, or to the new fund configuration.
Dispatcherinvokes two types of hooks that call down to the outbound and inbound
FundDeployerinstances during the migration process, giving them the chance to execute arbitrary code at the release-level:
invokeMigrationOutHookis called on the outbound
FundDeployerinstance before and after each action in the migration pipeline: signal, migrate, and cancel (only post-cancellation)
invokeMigrationInCancelHookis called on the inbound
FundDeployerinstance post-cancellation. This is necessary because while the inbound
FundDeployeris the caller in all other cases, if an approved migrator calls
FundDeployer.cancelMigration()directly, the inbound
FundDeployershould be given the opportunity to react.
bool _bypassFailureparam on the
Dispatcher, which is set to
xxxEmergencyversions of each function on the