eIP 14: Contract Upgrades

Shared Changes

Some changes have been made to files that are shared between all/many of the modules below.

  • computeExchangeRate has been modified to support the case where ETokens exist on the pool but no actual deposits have been made yet. The exchange rate is defined to be 1:1 in this state. This change allows an INITIAL_RESERVES EToken balance to be allocated to the reserves at market activation time.
  • Increase the gas allocated to the balanceOf method to 200k.
    • Some honest tokens that implement complex logic in the balanceOf method can exceed the previous 20k limit, for example stETH.
    • Even if every entered market exceeded this gas limit, the total gas usage (2m) would still be below the block gas limit, so liquidations would not be prevented.
  • reentrancyLock has been marked as internal to be explicit about storage visibility.
  • New events and constants will show up in all diffs, even though each are only used by a subset of modules.
  • Some modules haven’t been upgraded in a while, so they will have some scaling by assetCache.underlyingDecimalsScaler in their shared utilities. These are unused (modules that used them have already been upgraded).

DToken

VIEW CODE DIFF

  • flashLoan feature: This new function support gas-efficient flash loans. The underlying tokens are transferred to the msgSender, and then a callback is invoked on msgSender. After this callback completes, the contract verifies that the loaned tokens have been transferred back.
  • approveDebt was marked as nonReentrant for consistency’s sake (we don’t believe this is actually required for security).
  • transfer was marked as reentrantOK (no-op). The reentrancy check is done in the transferFrom method.

EToken

VIEW CODE DIFF

  • donateToReserves feature: This allows users to donate some of their ETokens to the reserves. This may be useful for certain wrapper contracts, and potentially could be a better way to burn “dust” in an account (for gas refund purposes).
  • approveSubAccount was marked as nonReentrant for consistency’s sake (we don’t believe this is actually required for security).
  • transfer and transferFromMax were marked as reentrantOK (no-op). The reentrancy check is done in the transferFrom method.

Exec

VIEW CODE DIFF

The changes to this module break the external interface: The UI already seamlessly supports both old and new versions, and we will be coordinating with bot runners to upgrade to the new interface.

  • batchDispatch no longer returns results from a batch execution, since this was an unnecessary gas expense. Batches are typically only used by EOAs, since smart contracts can simply make multiple calls.
  • batchDispatchExtra has been deleted.
  • batchDispatchSimulate has been added. This method executes the items in the batch but then throws a custom BatchDispatchSimulation error that contains the batch item execution results. This way users can see their batch results even if the batch would subsequently have failed due to collateral violation.

Governance

VIEW CODE DIFF

  • New setChainlinkPriceFeed function allows the configuration of a chainlink feed for an asset.
  • setPricingConfig now allows the setting of a new CHAINLINK pricing type.
  • convertReserves performs a couple additional checks:
    • The reserves cannot be depleted below INITIAL_RESERVES
    • If the account receiving the reserves has outstanding debts in this token, check the account’s liquidity to prevent an account from entering borrow isolation due to a self-collateralised loan.
  • Since this module has not been upgraded recently, it also has a minor gas optimisation in unpackTrailingParamMsgSender and unpackTrailingParams that was previously deployed to the other modules, as well as some changes to constants and interfaces that don’t affect this module.

Liquidation

VIEW CODE DIFF

  • No changes, other than the shared changes described above.

Markets

VIEW CODE DIFF

  • When creating a market, start its initial reserves off at INITIAL_RESERVES to prevent initial deposit rounding issues.
  • New view methods:
    • dTokenToUnderlying
    • getChainlinkPriceFeedConfig

RiskManager

VIEW CODE DIFF

  • Support CHAINLINK pricing type.
  • The getPrice and getPriceFull methods have been changed to use internalLoadAssetCacheRO so that they don’t fail when invoked by a method that has acquired the reentrancy guard (ie during a liquidation).

Swap

VIEW CODE DIFF

  • No changes, other than the shared changes described above.
1 Like

@doug have these code changes undergone a security review, if so by who?

1 Like

Hi, good question! Yes, the chainlink changes have been audited by Omniscia, report is here: Omniscia Euler Finance Audit

The other changes are being looked at now by Sherlock and a couple other parties. We’ll post any updates on this in the thread.

2 Likes

We have updated these diffs to reflect the changes in this pull request.

This change is described in “Shared Changes” section above, see description of loadAssetCacheRO.

EDIT: These changes are no longer part of the eIP, they were applied as a separate hotfix.

These changes have received another round of audits from WATCHPUG:

Some of their suggestions have been incorporated, and others we have replied to separately.