Payload PR - BIP-205
Background
Gnosis Chain is the first chain provisioned by the Maxis in quite a while. In the process of bringing this chain online, we have already passed governance to enable 4 gauges, as well as granting EmergencyDAO permissions. As Gnosis was working to move some initial capital into the vaults, they discovered that it was not possible to deposit base assets like USDC into these nested pools.
We learned in the last days that the set of deployed smart contracts from blabs are handed over without any configuration, and it is (as it should be) the responsibility of Balancer Governance to provision a new chain.
The full chain permissions template
Recent BIPs to enable permissions have been generated by a script maintained by the Maxis, which puts together all the tables you look at, the json payload, and even writes a lot of this text. This script has been extended to check if any permissions are already set and ignore them.
A few days were spent researching all of the permissions Balancer Governance has set in the past in order to build a complete new chain template. Additional time was spent to speak to blabs and dig a bit into the vault code in order to come up with simple descriptions of how what these permissions are for and grant.
The template is described as this input configuration which can be fed into the auth generator after updating it with any new deployments and changing it to match the desired chain(s). A modified run of the script dumped out this more human readable version. More information about all of the functions involved in the template can found here
English Specification
The authorization payload script outlined above was modified to allow it to:
- Check each permission to see if it is already granted.
- Skip any permissions that are already in place with the exact same actionId and caller.
- Halt and throw an error if any of the roles already have a caller assigned other than the one specified in the template.
This script was run, no errors were found and the following the transaction details were generated by this script with inputs and outputs in this directory. These transaction details make up the delta of permissions that sitll need to be added to bring the gnosis-chain into line with our new template, and into a state of full function.
The following files can be found both linked below and in the payload PR linked above:
Filename | Description of Contents |
---|---|
inputs.json | The inputs to the script mapping functions and deployments to target addresses that can execute them. |
results_address_sorted.md | The resulting changes printed in a table sorted by target chain and target address. (to easily understand permisisons granted) |
results_deployment_sorted.md | The resulting changes printed in a table sorted by target chain and target deployment. (for verification against action ids) |
function_descriptions.md | A table that describes what each function that is being granted privileged access to allows. |
chainname .json |
For each change with changes, a transaction builder json named after said chain exists to apply the changes described in the tables. |
In the tables above:
The “emergency” caller group:
- maps to the Balancer Emergency DAO Multisig as defined in this vote.
The “feeManager” caller group:
- maps to the feeManager multisig controlled by the Balancer Maxis on all chains except mainnet.
- On mainnet a special feeSetter multisig exists to manage a-factors and a gautletFeeSetter contract that allows bulk changing of fees.
- The maxi’s functionally control all contracts that make up the feeManager target group.
the “lm” caller group:
- Maps to a multisig managed by the maxis that is used for operational changes that, for the most part, do not require governance as they have been governed to happen in perpetuity. For example, fee handling.
More information about the various Balancer Multisigs and their functions can be found in the multisig-ops repo
Specification
As described in the payload json, the authorizer will be called to grant the roles as described.
The change can be reviewed by the below by comparing the results_deployment_sorted.md file to the source of truth, which should match the order found in the source of truth for actionIds on the balancer-v2-monorepo.
For record, the contents of results_address_sorted.md are printed here:
deployment | chain | function | role | target | target_address |
---|---|---|---|---|---|
20221122-composable-stable-pool-v2 | gnosis | setSwapFeePercentage(uint256) | 0x60b21b2ae5a82434b74afd79abbbafb941197b06237922de3a54d36aaa9c4ea2 | lm | 0x14969B55a675d13a1700F71A37511bc22D90155a |
20221122-composable-stable-pool-v2 | gnosis | startAmplificationParameterUpdate(uint256,uint256) | 0xd82b3ab66c70adebd687f4d69dae8b0abd33cacede07deb0c948dc2383f4aeb7 | lm | 0x14969B55a675d13a1700F71A37511bc22D90155a |
20221122-composable-stable-pool-v2 | gnosis | stopAmplificationParameterUpdate() | 0x8ab1e42805feb8214d075b216e36ee38c5f3064d5c2ada1d99aa9f63367a029d | lm | 0x14969B55a675d13a1700F71A37511bc22D90155a |
20221207-aave-rebalanced-linear-pool-v3 | gnosis | setSwapFeePercentage(uint256) | 0x528c3020f2bd77511812b0aacb3cb91170124524cfdf0d4941db79d4ebf6ff72 | lm | 0x14969B55a675d13a1700F71A37511bc22D90155a |
20220527-child-chain-gauge-token-adder | gnosis | addTokenToGauge(address,address,address) | 0x1ff8dca7a9af725b8fde69703b657ae58c04e9a7153ef1025379deb0dda4f926 | lm | 0x14969B55a675d13a1700F71A37511bc22D90155a |
20220517-protocol-fee-withdrawer | gnosis | withdrawCollectedFees(address,uint256,address) | 0xf6c9a5b5acca77f76aed5abd6f810c52c3ff5f4a8a40ee9e1bc09f85795e73da | lm | 0x14969B55a675d13a1700F71A37511bc22D90155a |
20220725-protocol-fee-percentages-provider | gnosis | setFeeTypePercentage(uint256,uint256) | 0x77b2549a67e235e7bd37726ed4ebd404701323182a0028ea067bb8337e6e15a3 | dao | 0x2a5AEcE0bb9EfFD7608213AE1745873385515c18 |
20210418-vault | gnosis | setFlashLoanFeePercentage(uint256) | 0xbe2a180d5cc5d803a8eec4cea569989fc1c593d7eeadd1f262f360a68b0e842e | ProtocolFeePercentagesProvider | 0x41B953164995c11C81DA73D212ED8Af25741b7Ac |
20210418-vault | gnosis | setSwapFeePercentage(uint256) | 0xb28b769768735d011b267f781c3be90bce51d5059ba015bc7a28b3e882fb2083 | ProtocolFeePercentagesProvider | 0x41B953164995c11C81DA73D212ED8Af25741b7Ac |
20220413-child-chain-gauge-factory | gnosis | notify_reward_amount(address) | 0xf139842955587e7816c90b6d72792f2b7e6014d560464517094450df28164bc8 | blabs_ops | 0x955556b002d05c7B31a9394c10897c1DA19eAEab |
20221123-pool-recovery-helper | gnosis | addPoolFactory(address) | 0x27f2737d0304362f4d515085adcfa1319a27436bb556d75e8ce5216c8ad601be | blabs_ops | 0x955556b002d05c7B31a9394c10897c1DA19eAEab |
20221123-pool-recovery-helper | gnosis | removePoolFactory(address) | 0xf73432698cd2e092161276906856b882c56056a85b0a0792733cc87cc6d49e57 | blabs_ops | 0x955556b002d05c7B31a9394c10897c1DA19eAEab |
20230206-weighted-pool-v3 | gnosis | enableRecoveryMode() | 0x2e31b466b15801536da90012c6e9916b3e0587c2d0b7c63328971c531b6ccf87 | PoolRecoveryHelper | 0xc3ccacE87f6d3A81724075ADcb5ddd85a8A1bB68 |
20230206-composable-stable-pool-v3 | gnosis | enableRecoveryMode() | 0xd6f4df0a512a29fa4cf2fcfbe4a0b5ea1266a4bbb1ab6fb5761205dbb038441f | PoolRecoveryHelper | 0xc3ccacE87f6d3A81724075ADcb5ddd85a8A1bB68 |
20221122-composable-stable-pool-v2 | gnosis | enableRecoveryMode() | 0x793ca26aa62caae6b2fb946bce982e9d0448354abd818cabb58abd0d04a3ef03 | PoolRecoveryHelper | 0xc3ccacE87f6d3A81724075ADcb5ddd85a8A1bB68 |
20221207-aave-rebalanced-linear-pool-v3 | gnosis | enableRecoveryMode() | 0x2b9e0eea2297118ae92c9c5b6b9ca813c821186c7eb196bd9893a4113354ec4e | PoolRecoveryHelper | 0xc3ccacE87f6d3A81724075ADcb5ddd85a8A1bB68 |
20230206-aave-rebalanced-linear-pool-v4 | gnosis | enableRecoveryMode() | 0x55183eaafc9e607c22ca713ce26b115fe0e7e47216af41fcec2f0fff0d6f622a | PoolRecoveryHelper | 0xc3ccacE87f6d3A81724075ADcb5ddd85a8A1bB68 |
20220609-stable-pool-v2 | gnosis | disable() | 0x06efe7e891755c060de5033e398e2d4d9f1bc713591717209ef84b7e021bd154 | emergency | 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962 |
20221122-composable-stable-pool-v2 | gnosis | pause() | 0x21e53d020b912764bb3a437d64ccad86ad4b36334ab4933c92b4f7e20ec74c34 | emergency | 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962 |
20221207-aave-rebalanced-linear-pool-v3 | gnosis | disable() | 0x12068567376f5214f735cd6e477a885e135c8964f6771112086ce1fda7cc475d | emergency | 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962 |
20221207-aave-rebalanced-linear-pool-v3 | gnosis | pause() | 0xd919e97356fc5c0cb30e2fdb110ca94a297b955b06db82ee8d9d603c7f9d1989 | emergency | 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962 |
20230206-aave-rebalanced-linear-pool-v4 | gnosis | pause() | 0x9fca6ce6b2733f09e22be866cbbfc8b9b4b6822e7ff1e1c9b5c10895e2bbb6b0 | emergency | 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962 |
20210418-vault | gnosis | setPaused(bool) | 0xb5593fe09464f360ecf835d5b9319ce69900ae1b29d13844b73c250b1f5f92fb | emergency | 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962 |
20220517-protocol-fee-withdrawer | gnosis | denylistToken(address) | 0x6843b94f991c5dbdf5c0bd1ce79ce0de10b8e72ed8b70dbe019e3eda4079802a | emergency | 0xd6110A7756080a4e3BCF4e7EBBCA8E8aDFBC9962 |
20210418-vault | gnosis | withdrawCollectedFees(address,uint256,address) | 0xb2b6e48fa160a7c887d9d7a68b6a9bb9d47d4953d33e07f3a39e175d75e97796 | ProtocolFeesWithdrawer | 0xdAE7e32ADc5d490a43cCba1f0c736033F2b4eFca |
20210418-vault | gnosis | batchSwap(uint8,(bytes32,uint256,uint256,uint256,bytes),address,(address,bool,address,bool),int256,uint256) | 0x1282ab709b2b70070f829c46bc36f76b32ad4989fecb2fcb09a1b3ce00bbfc30 | BalancerRelayer | 0xeF606F58A4FD0fCcb066c6203d0994694d3eB2D3 |
20210418-vault | gnosis | exitPool(bytes32,address,address,(address,uint256,bytes,bool)) | 0xc149e88b59429ded7f601ab52ecd62331cac006ae07c16543439ed138dcb8d34 | BalancerRelayer | 0xeF606F58A4FD0fCcb066c6203d0994694d3eB2D3 |
20210418-vault | gnosis | joinPool(bytes32,address,address,(address,uint256,bytes,bool)) | 0x78ad1b68d148c070372f8643c4648efbb63c6a8a338f3c24714868e791367653 | BalancerRelayer | 0xeF606F58A4FD0fCcb066c6203d0994694d3eB2D3 |
20210418-vault | gnosis | manageUserBalance((uint8,address,uint256,address,address)) | 0xeba777d811cd36c06d540d7ff2ed18ed042fd67bbf7c9afcf88c818c7ee6b498 | BalancerRelayer | 0xeF606F58A4FD0fCcb066c6203d0994694d3eB2D3 |
20210418-vault | gnosis | setRelayerApproval(address,address,bool) | 0x0014a06d322ff07fcc02b12f93eb77bb76e28cdee4fc0670b9dec98d24bbfec8 | BalancerRelayer | 0xeF606F58A4FD0fCcb066c6203d0994694d3eB2D3 |
20210418-vault | gnosis | swap((bytes32,uint8,address,address,uint256,bytes),(address,bool,address,bool),uint256,uint256) | 0x7b8a1d293670124924a0f532213753b89db10bde737249d4540e9a03657d1aff | BalancerRelayer | 0xeF606F58A4FD0fCcb066c6203d0994694d3eB2D3 |
Risk Assessment
This BIP is routine operation for provisioning a new factory. The new factories are themselves a risk mitigation.
References
Directory of Addresses used by script which generated the table and multsig payloads