[BIP-205] Enable relayers on gnosis chain and add other missing permissions

Payload PR - BIP-205

Background

Gnosis Chain is the first chain provisioned by the Maxis in quite a while. In the process of bringing this chain online, we have already passed governance to enable 4 gauges, as well as granting EmergencyDAO permissions. As Gnosis was working to move some initial capital into the vaults, they discovered that it was not possible to deposit base assets like USDC into these nested pools.

We learned in the last days that the set of deployed smart contracts from blabs are handed over without any configuration, and it is (as it should be) the responsibility of Balancer Governance to provision a new chain.

The full chain permissions template

Recent BIPs to enable permissions have been generated by a script maintained by the Maxis, which puts together all the tables you look at, the json payload, and even writes a lot of this text. This script has been extended to check if any permissions are already set and ignore them.

A few days were spent researching all of the permissions Balancer Governance has set in the past in order to build a complete new chain template. Additional time was spent to speak to blabs and dig a bit into the vault code in order to come up with simple descriptions of how what these permissions are for and grant.

The template is described as this input configuration which can be fed into the auth generator after updating it with any new deployments and changing it to match the desired chain(s). A modified run of the script dumped out this more human readable version. More information about all of the functions involved in the template can found here

English Specification

The authorization payload script outlined above was modified to allow it to:

  • Check each permission to see if it is already granted.
  • Skip any permissions that are already in place with the exact same actionId and caller.
  • Halt and throw an error if any of the roles already have a caller assigned other than the one specified in the template.

This script was run, no errors were found and the following the transaction details were generated by this script with inputs and outputs in this directory. These transaction details make up the delta of permissions that sitll need to be added to bring the gnosis-chain into line with our new template, and into a state of full function.

The following files can be found both linked below and in the payload PR linked above:

Filename Description of Contents
inputs.json The inputs to the script mapping functions and deployments to target addresses that can execute them.
results_address_sorted.md The resulting changes printed in a table sorted by target chain and target address. (to easily understand permisisons granted)
results_deployment_sorted.md The resulting changes printed in a table sorted by target chain and target deployment. (for verification against action ids)
function_descriptions.md A table that describes what each function that is being granted privileged access to allows.
chainname.json For each change with changes, a transaction builder json named after said chain exists to apply the changes described in the tables.

In the tables above:

The “emergency” caller group:

  • maps to the Balancer Emergency DAO Multisig as defined in this vote.

The “feeManager” caller group:

  • maps to the feeManager multisig controlled by the Balancer Maxis on all chains except mainnet.
  • On mainnet a special feeSetter multisig exists to manage a-factors and a gautletFeeSetter contract that allows bulk changing of fees.
  • The maxi’s functionally control all contracts that make up the feeManager target group.

the “lm” caller group:

  • Maps to a multisig managed by the maxis that is used for operational changes that, for the most part, do not require governance as they have been governed to happen in perpetuity. For example, fee handling.

More information about the various Balancer Multisigs and their functions can be found in the multisig-ops repo

Specification

As described in the payload json, the authorizer will be called to grant the roles as described.

The change can be reviewed by the below by comparing the results_deployment_sorted.md file to the source of truth, which should match the order found in the source of truth for actionIds on the balancer-v2-monorepo.

For record, the contents of results_address_sorted.md are printed here:

deployment chain function role target target_address
20221122-composable-stable-pool-v2 gnosis setSwapFeePercentage(uint256) 0x60b21b2ae5a82434b74afd79abbbafb941197b06237922de3a54d36aaa9c4ea2 lm 0x14969B55a675d13a1700F71A37511bc22D90155a
20221122-composable-stable-pool-v2 gnosis startAmplificationParameterUpdate(uint256,uint256) 0xd82b3ab66c70adebd687f4d69dae8b0abd33cacede07deb0c948dc2383f4aeb7 lm 0x14969B55a675d13a1700F71A37511bc22D90155a
20221122-composable-stable-pool-v2 gnosis stopAmplificationParameterUpdate() 0x8ab1e42805feb8214d075b216e36ee38c5f3064d5c2ada1d99aa9f63367a029d lm 0x14969B55a675d13a1700F71A37511bc22D90155a
20221207-aave-rebalanced-linear-pool-v3 gnosis setSwapFeePercentage(uint256) 0x528c3020f2bd77511812b0aacb3cb91170124524cfdf0d4941db79d4ebf6ff72 lm 0x14969B55a675d13a1700F71A37511bc22D90155a
20220527-child-chain-gauge-token-adder gnosis addTokenToGauge(address,address,address) 0x1ff8dca7a9af725b8fde69703b657ae58c04e9a7153ef1025379deb0dda4f926 lm 0x14969B55a675d13a1700F71A37511bc22D90155a
20220517-protocol-fee-withdrawer gnosis withdrawCollectedFees(address,uint256,address) 0xf6c9a5b5acca77f76aed5abd6f810c52c3ff5f4a8a40ee9e1bc09f85795e73da lm 0x14969B55a675d13a1700F71A37511bc22D90155a
20220725-protocol-fee-percentages-provider gnosis setFeeTypePercentage(uint256,uint256) 0x77b2549a67e235e7bd37726ed4ebd404701323182a0028ea067bb8337e6e15a3 dao 0x2a5AEcE0bb9EfFD7608213AE1745873385515c18
20210418-vault gnosis setFlashLoanFeePercentage(uint256) 0xbe2a180d5cc5d803a8eec4cea569989fc1c593d7eeadd1f262f360a68b0e842e ProtocolFeePercentagesProvider 0x41B953164995c11C81DA73D212ED8Af25741b7Ac
20210418-vault gnosis setSwapFeePercentage(uint256) 0xb28b769768735d011b267f781c3be90bce51d5059ba015bc7a28b3e882fb2083 ProtocolFeePercentagesProvider 0x41B953164995c11C81DA73D212ED8Af25741b7Ac
20220413-child-chain-gauge-factory gnosis notify_reward_amount(address) 0xf139842955587e7816c90b6d72792f2b7e6014d560464517094450df28164bc8 blabs_ops 0x955556b002d05c7B31a9394c10897c1DA19eAEab
20221123-pool-recovery-helper gnosis addPoolFactory(address) 0x27f2737d0304362f4d515085adcfa1319a27436bb556d75e8ce5216c8ad601be blabs_ops 0x955556b002d05c7B31a9394c10897c1DA19eAEab
20221123-pool-recovery-helper gnosis removePoolFactory(address) 0xf73432698cd2e092161276906856b882c56056a85b0a0792733cc87cc6d49e57 blabs_ops 0x955556b002d05c7B31a9394c10897c1DA19eAEab
20230206-weighted-pool-v3 gnosis enableRecoveryMode() 0x2e31b466b15801536da90012c6e9916b3e0587c2d0b7c63328971c531b6ccf87 PoolRecoveryHelper 0xc3ccacE87f6d3A81724075ADcb5ddd85a8A1bB68
20230206-composable-stable-pool-v3 gnosis enableRecoveryMode() 0xd6f4df0a512a29fa4cf2fcfbe4a0b5ea1266a4bbb1ab6fb5761205dbb038441f PoolRecoveryHelper 0xc3ccacE87f6d3A81724075ADcb5ddd85a8A1bB68
20221122-composable-stable-pool-v2 gnosis enableRecoveryMode() 0x793ca26aa62caae6b2fb946bce982e9d0448354abd818cabb58abd0d04a3ef03 PoolRecoveryHelper 0xc3ccacE87f6d3A81724075ADcb5ddd85a8A1bB68
20221207-aave-rebalanced-linear-pool-v3 gnosis enableRecoveryMode() 0x2b9e0eea2297118ae92c9c5b6b9ca813c821186c7eb196bd9893a4113354ec4e PoolRecoveryHelper 0xc3ccacE87f6d3A81724075ADcb5ddd85a8A1bB68
20230206-aave-rebalanced-linear-pool-v4 gnosis enableRecoveryMode() 0x55183eaafc9e607c22ca713ce26b115fe0e7e47216af41fcec2f0fff0d6f622a PoolRecoveryHelper 0xc3ccacE87f6d3A81724075ADcb5ddd85a8A1bB68
20220609-stable-pool-v2 gnosis disable() 0x06efe7e891755c060de5033e398e2d4d9f1bc713591717209ef84b7e021bd154 emergency 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962
20221122-composable-stable-pool-v2 gnosis pause() 0x21e53d020b912764bb3a437d64ccad86ad4b36334ab4933c92b4f7e20ec74c34 emergency 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962
20221207-aave-rebalanced-linear-pool-v3 gnosis disable() 0x12068567376f5214f735cd6e477a885e135c8964f6771112086ce1fda7cc475d emergency 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962
20221207-aave-rebalanced-linear-pool-v3 gnosis pause() 0xd919e97356fc5c0cb30e2fdb110ca94a297b955b06db82ee8d9d603c7f9d1989 emergency 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962
20230206-aave-rebalanced-linear-pool-v4 gnosis pause() 0x9fca6ce6b2733f09e22be866cbbfc8b9b4b6822e7ff1e1c9b5c10895e2bbb6b0 emergency 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962
20210418-vault gnosis setPaused(bool) 0xb5593fe09464f360ecf835d5b9319ce69900ae1b29d13844b73c250b1f5f92fb emergency 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962
20220517-protocol-fee-withdrawer gnosis denylistToken(address) 0x6843b94f991c5dbdf5c0bd1ce79ce0de10b8e72ed8b70dbe019e3eda4079802a emergency 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962
20210418-vault gnosis withdrawCollectedFees(address,uint256,address) 0xb2b6e48fa160a7c887d9d7a68b6a9bb9d47d4953d33e07f3a39e175d75e97796 ProtocolFeesWithdrawer 0xdAE7e32ADc5d490a43cCba1f0c736033F2b4eFca
20210418-vault gnosis batchSwap(uint8,(bytes32,uint256,uint256,uint256,bytes),address,(address,bool,address,bool),int256,uint256) 0x1282ab709b2b70070f829c46bc36f76b32ad4989fecb2fcb09a1b3ce00bbfc30 BalancerRelayer 0xeF606F58A4FD0fCcb066c6203d0994694d3eB2D3
20210418-vault gnosis exitPool(bytes32,address,address,(address,uint256,bytes,bool)) 0xc149e88b59429ded7f601ab52ecd62331cac006ae07c16543439ed138dcb8d34 BalancerRelayer 0xeF606F58A4FD0fCcb066c6203d0994694d3eB2D3
20210418-vault gnosis joinPool(bytes32,address,address,(address,uint256,bytes,bool)) 0x78ad1b68d148c070372f8643c4648efbb63c6a8a338f3c24714868e791367653 BalancerRelayer 0xeF606F58A4FD0fCcb066c6203d0994694d3eB2D3
20210418-vault gnosis manageUserBalance((uint8,address,uint256,address,address)) 0xeba777d811cd36c06d540d7ff2ed18ed042fd67bbf7c9afcf88c818c7ee6b498 BalancerRelayer 0xeF606F58A4FD0fCcb066c6203d0994694d3eB2D3
20210418-vault gnosis setRelayerApproval(address,address,bool) 0x0014a06d322ff07fcc02b12f93eb77bb76e28cdee4fc0670b9dec98d24bbfec8 BalancerRelayer 0xeF606F58A4FD0fCcb066c6203d0994694d3eB2D3
20210418-vault gnosis swap((bytes32,uint8,address,address,uint256,bytes),(address,bool,address,bool),uint256,uint256) 0x7b8a1d293670124924a0f532213753b89db10bde737249d4540e9a03657d1aff BalancerRelayer 0xeF606F58A4FD0fCcb066c6203d0994694d3eB2D3

Risk Assessment

This BIP is routine operation for provisioning a new factory. The new factories are themselves a risk mitigation.

References

Directory of Addresses used by script which generated the table and multsig payloads

5 Likes

Proposal has been shortened because of the 14’400 character limit. All relevant payload information is contained within snapshot: https://snapshot.org/#/balancer.eth/proposal/0x7ce64257c3dd36c557fbc9bed565592afc982310c9e8802d41e7198971e8f35f

2 Likes