This protocol allows users to deposit certain ERC20s into an ERC4626 vault managed by a human being, or a vaultGuardian
. The goal of a vaultGuardian
is to manage the vault in a way that maximizes the value of the vault for the users who have despoited money into the vault.
You can think of a vaultGuardian
as a fund manager.
To prevent a vault guardian from running off with the funds, the vault guardians are only allowed to deposit and withdraw the ERC20s into specific protocols.
- Aave v3
- Uniswap v2
- None (just hold)
These 2 protocols (plus "none" makes 3) are known as the "investable universe".
The guardian can move funds in and out of these protocols as much as they like, but they cannot move funds to any other address.
The goal of a vault guardian, is to move funds in and out of these protocols to gain the most yield. Vault guardians charge a performance fee, the better the guardians do, the larger fee they will earn.
Anyone can become a Vault Guardian by depositing a certain amount of the ERC20 into the vault. This is called the guardian stake
. If a guardian wishes to stop being a guardian, they give out all user deposits and withdraw their guardian stake.
Users can then move their funds between vault managers as they see fit.
The protocol is upgradeable so that if any of the platforms in the investable universe change, or we want to add more, we can do so.
- User deposits an ERC20 into a guardian's vault
- The guardian automatically move the funds based on their strategy
- The guardian can update the settings of their strategy at any time and move the funds
- To leave the pool, a user just calls
redeem
orwithdraw
Guardians can earn DAO tokens by becoming guardians. The DAO is responsible for:
- Updating pricing parameters
- Getting a cut of all performance of all guardians
Users can stake some ERC20s to become a vault guardian. Other users can allocate them funds in order to maximize yield. The guardians can move the funds between Uniswap, Aave, or just hold the funds. The guardians are incentivized to maximize yield, as they earn a performance fee.
- git
- You'll know you did it right if you can run
git --version
and you see a response likegit version x.x.x
- You'll know you did it right if you can run
- foundry
- You'll know you did it right if you can run
forge --version
and you see a response likeforge 0.2.0 (816e00b 2023-03-16T00:05:26.396218Z)
- You'll know you did it right if you can run
git clone https://github.com/Cyfrin/8-vault-guardians-audit
cd 8-vault-guardians-audit
make
If you can't or don't want to run and install locally, you can work with this repo in Gitpod. If you do this, you can skip the clone this repo
part.
Set the RPC_URL_MAINNET
environment variable with the URL of a mainnet RPC node. It's used for tests that fork Ethereum mainnet state.
Then run:
forge test
forge coverage
and for coverage based testing:
forge coverage --report debug
- Commit Hash: xx
- In Scope:
- Solc Version: 0.8.20
- Chain(s) to deploy contract to: Ethereum
- Tokens:
- All issues in the
audit-data
folder are considered known - We are aware that USDC is behind a proxy and is susceptible to being paused and upgraded. Please assume for this audit that is not the case.