Centrifuge
    • Options
    • Versions and GitHub Sync
    • Transfer ownership
    • Delete this note
    • Template
    • Save as template
    • Insert from template
    • Export
    • Dropbox
    • Google Drive
    • Import
    • Dropbox
    • Google Drive
    • Gist
    • Clipboard
    • Download
    • Markdown
    • HTML
    • Raw HTML
    • ODF (Beta)
    • PDF (Beta)
    • Sharing Link copied
    • /edit
    • View mode
      • Edit mode
      • View mode
      • Book mode
      • Slide mode
      Edit mode View mode Book mode Slide mode
    • Note Permission
    • Read
      • Owners
      • Signed-in users
      • Everyone
      Owners Signed-in users Everyone
    • Write
      • Owners
      • Signed-in users
      • Everyone
      Owners Signed-in users Everyone
    • More (Comment, Invitee)
    • Publishing
      Everyone on the web can find and read all notes of this public team.
      After the note is published, everyone on the web can find and read this note.
      See all published notes on profile page.
    • Commenting Enable
      Disabled Forbidden Owners Signed-in users Everyone
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
      • Everyone
    • Invitee
    • No invitee
Menu Sharing Help
Menu
Options
Versions and GitHub Sync Transfer ownership Delete this note
Export
Dropbox Google Drive
Import
Dropbox Google Drive Gist Clipboard
Download
Markdown HTML Raw HTML ODF (Beta) PDF (Beta)
Back
Sharing
Sharing Link copied
/edit
View mode
  • Edit mode
  • View mode
  • Book mode
  • Slide mode
Edit mode View mode Book mode Slide mode
Note Permission
Read
Owners
  • Owners
  • Signed-in users
  • Everyone
Owners Signed-in users Everyone
Write
Owners
  • Owners
  • Signed-in users
  • Everyone
Owners Signed-in users Everyone
More (Comment, Invitee)
Publishing
Everyone on the web can find and read all notes of this public team.
After the note is published, everyone on the web can find and read this note.
See all published notes on profile page.
More (Comment, Invitee)
Commenting Enable
Disabled Forbidden Owners Signed-in users Everyone
Permission
Owners
  • Forbidden
  • Owners
  • Signed-in users
  • Everyone
Invitee
No invitee
   owned this note    owned this note      
Published Linked with GitHub
Like BookmarkBookmarked
Subscribed
  • Any changes
    Be notified of any changes
  • Mention me
    Be notified of mention me
  • Unsubscribe
Subscribe
# Multisig Tinlake Proxy :::info This document is publicly shared. ::: ## Goal We want to reduce the risk that an asset originator can mistakenly loose fund by sending them to the wrong address or losing access to their wallet. The risk speifically is in how they withdraw funds from the proxy (currently it's just sent to the owner) and then how they convert DAI to USDC and USDC to fiat and vice versa. ## Proxy Architecture & Changes Tinlake Proxy allows us to trigger different batch transactions that interact with the tinlake contract and is currently owned by a single address (most often a ledger hardware wallet). This means that this single hardware wallet has control over all of the funds that are in the pool by triggering transactions that the proxy executes. Requiring every proxy transaction to be executed by a multisig is a gas cost and operational complexity that is not bearable by our users. Most transaction in Tinlake however don't need to allow arbitrary execution of functions that could lead to loss of funds and in fact never require withdrawal of the funds from the proxy. There is a very simple solution that we can use to significantly increase the security of the contract by simply creating a two-tiered access control: users who can interact with a limited set of approved transactions and admins who can execute arbitrary code. The `execute` function of the proxy as it stands today is implemented in [tinlake-proxy](https://github.com/centrifuge/tinlake-proxy/blob/master/src/proxy.sol#L46). It relies on a library-like contract to be deployed at `_target` that has the methods that the proxy executes defined. These are in [tinlake-actions](https://github.com/centrifuge/tinlake-actions/blob/master/src/actions.sol#L97). We can extend the proxy functionality to: * allow the `admin` to call any `_target` and execute arbitrary function * allow the `admin` to maintain a list of `safe actions` and users who can trigger actions * allow users to submit any action considered safe. ### Pseudo Code Implementation ```solidity= contract Proxy extends TinlakeProxy{ mapping (address => uint256) public users; mapping (address => uint256) public targets; mapping (uint256 => uint256) public data; event Rely(address indexed usr); event Deny(address indexed usr); function rely(address usr) external auth { users[usr] = 1; emit Rely(usr); } function deny(address usr) external auth { users[usr] = 0; emit Deny(usr); } modifier user { require(users[msg.sender] == 1, "not-authorized"); _; } function file(bytes32 key, bytes32 data) auth { data[key] = data; } function safe(address target) external auth { targets[target] = 1; emit Safe(target); } function unsafe(address target) external auth { targets[target] = 0; emit Unsafe(target); } function userExecute(address _target, bytes memory _data) public payable user returns (bytes memory response) { require(_target != address(0), "tinlake/proxy-target-address-required"); require(targets[_target] == 1, "tinlake/proxy-target-not-safe"); execute(...); // matches current proxy implementation } } ``` ## Miscallenous Changes ### Off chain events & proxy discovery How we currently look for proxies in the subgraph via the proxy registry is known to be slow and should be changed to look at NFT minting events instead. ## Controlled fiat off ramp ### Tinlake to "wallet" When users borrow DAI we can ensure that they can never withdraw from the proxy. This means that funds can only go to controlled offramps. ### DAI->USDC Most users offramp DAI to fiat using Circle and thus need to first turn their DAI into USDC. There are two options to do this: 1) OTC Desks: as long as an OTC desk has a standard address they use we could allow users to withdraw funds to this address at any point knowing that the OTC desk would always require the funds to be returned to the same address. 2) Curve: we could create a target contract that can trade usdc with curve. ### USDC->Circle/Fiat Circle gives us a fixed address we can send USDC to. This allows us to similarly only approve USDC ERC20 transfers to this address to ensure that the crypto will never end up in a wallet the AO doesn't control or deems safe. ### Library Contract Example ```solidity= contract NewSilverActions is { address circleWallet = 0x0000....; address otcWallet = 0x1111....; TokenLike usdc = TokenLike(0xaaaa...); TokenLike dai = TokenLike(0xbbbb...); function transferToCircle (uint wad) public { usdc.transferFrom(address(this), circleWallet, wad); } function transferToOtc (address token, uint wad) public { TokenLike(token).transferFrom(address(this), otcWallet, wad) } } ``` ### Notes 07/18 - having 1 proxy per pool - option to deploy manually - is one library for all pools possible? Maybe keep deposit addresses in the proxy - ward will be tinlake multisig initially, maybe later maker governance - ui - change borrow action to keep funds in account - transfer to otc desk (e.g. genesis) - we need to move title NFTs to new proxy - we need to build a separate ui for this - clerk verification (NS - verification?)

Import from clipboard

Advanced permission required

Your current role can only read. Ask the system administrator to acquire write and comment permission.

This team is disabled

Sorry, this team is disabled. You can't edit this note.

This note is locked

Sorry, only owner can edit this note.

Reach the limit

Sorry, you've reached the max length this note can be.
Please reduce the content or divide it to more notes, thank you!

Import from Gist

Import from Snippet

or

Export to Snippet

Are you sure?

Do you really want to delete this note?
All users will lost their connection.

Create a note from template

Create a note from template

Oops...
This template has been removed or transferred.


Upgrade

All
  • All
  • Team
No template.

Create a template


Upgrade

Delete template

Do you really want to delete this template?

This page need refresh

You have an incompatible client version.
Refresh to update.
New version available!
See releases notes here
Refresh to enjoy new features.
Your user state has changed.
Refresh to load new user state.

Sign in

Forgot password

Help

  • English
  • 中文
  • Français
  • Deutsch
  • 日本語
  • Español
  • Català
  • Ελληνικά
  • Português
  • italiano
  • Türkçe
  • Русский
  • Nederlands
  • hrvatski jezik
  • język polski
  • Українська
  • हिन्दी
  • svenska
  • Esperanto
  • dansk

Documents

Tutorials

Book Mode Tutorial

Slide Example

YAML Metadata

Resources

Releases

Blog

Policy

Terms

Privacy

Cheatsheet

Syntax Example Reference
# Header Header 基本排版
- Unordered List
  • Unordered List
1. Ordered List
  1. Ordered List
- [ ] Todo List
  • Todo List
> Blockquote
Blockquote
**Bold font** Bold font
*Italics font* Italics font
~~Strikethrough~~ Strikethrough
19^th^ 19th
H~2~O H2O
++Inserted text++ Inserted text
==Marked text== Marked text
[link text](https:// "title") Link
![image alt](https:// "title") Image
`Code` Code 在筆記中貼入程式碼
```javascript
var i = 0;
```
var i = 0;
:smile: :smile: Emoji list
{%youtube youtube_id %} Externals
$L^aT_eX$ LaTeX
:::info
This is a alert area.
:::

This is a alert area.

Versions

Versions and GitHub Sync

Sign in to link this note to GitHub Learn more
This note is not linked with GitHub Learn more
 
Add badge Pull Push GitHub Link Settings
Upgrade now

Version named by    

More Less
  • Edit
  • Delete

Note content is identical to the latest version.
Compare with
    Choose a version
    No search result
    Version not found

Feedback

Submission failed, please try again

Thanks for your support.

On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

Please give us some advice and help us improve HackMD.

 

Thanks for your feedback

Remove version name

Do you want to remove this version name and description?

Transfer ownership

Transfer to
    Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

      Link with GitHub

      Please authorize HackMD on GitHub

      Please sign in to GitHub and install the HackMD app on your GitHub repo. Learn more

       Sign in to GitHub

      HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.

      Push the note to GitHub Push to GitHub Pull a file from GitHub

        Authorize again
       

      Choose which file to push to

      Select repo
      Refresh Authorize more repos
      Select branch
      Select file
      Select branch
      Choose version(s) to push
      • Save a new version and push
      • Choose from existing versions
      Available push count

      Upgrade

      Pull from GitHub

       
      File from GitHub
      File from HackMD

      GitHub Link Settings

      File linked

      Linked by
      File path
      Last synced branch
      Available push count

      Upgrade

      Danger Zone

      Unlink
      You will no longer receive notification when GitHub file changes after unlink.

      Syncing

      Push failed

      Push successfully