Add EIP: Circuit Breaker #7265

diyahir · 2023-07-03T06:55:44Z

This standard outlines a smart contract interface for a Circuit Breaker that triggers a temporary halt on protocol-wide token outflows when a threshold is exceeded for a predefined metric. This circuit breaker does not assume the structure of the underlying protocol, and mainly serves as a pass-through vehicle for token outflows. In order to maintain correct internal accounting for integrated protocols, and to provide maximum flexibility for developers, developers can specify if the circuit breaker contract should delay settlement and temporarily custody outflows during the cooldown period, or revert on attempted outflows.

Example implementation of a circuit breaker
Interface
'ProtectedContract' Contract to be inherited by DeFi contract for CB best practices

eth-bot · 2023-07-03T06:56:14Z

File `EIPS/eip-7265.md`

Requires 1 more reviewers from @axic, @Pandapip1, @SamWilsn, @xinbenlv

- Readme for testing instructions - Refactoring - including tests

github-actions · 2023-07-03T09:28:10Z

The commit 19807d5 (as a parent of 8e1f744) contains errors.
Please inspect the Run Summary for details.

hell0men · 2023-07-04T11:42:22Z

It's a great idea. I think Forta Network Devs @dylankilkenny and other security analysts should be included in the discussion. Contract protection is their specialty.

EnbangWu · 2023-07-04T12:15:06Z

it seems like Admin have way privileged roles here,they can execute functions likeupdateAssetParams, overrideRateLimit startGracePeriod anytime , which may raise centralized risk concerns.

I think it might be a good idea to consider integrating with a timelock function into the major changes here. So that if the threshold is changed significantly and affect users getting their funds out, they can have a grace period to exist the system.

monokh · 2023-07-04T12:25:12Z

Would there be some scope here to support more custom circuit breaking? Some protocols don't have inflow/outflows into their contract but they do facilitate exchange and volume. If the circuit breaker could be based on a number managed by the implementing contract, that could work.

DZGoldman · 2023-07-04T13:56:14Z

it seems like Admin have way privileged roles here,they can execute functions likeupdateAssetParams, overrideRateLimit
startGracePeriod anytime , which may raise centralized risk concerns.
I think it might be a good idea to consider integrating with a timelock function into the major changes here. So that if the threshold is changed significantly and affect users getting their funds out, they can have a grace period to exist the system.

The proposed standard is agnostic to what the admin is; i.e., it could, for a given app, be decentralized / only operate on a timelock. So I don't think the standard itself needs to be opinionated on this.

assets/eip-7265/src/core/CircuitBreaker.sol

EIPS/eip-7265.md

Co-authored-by: bobafetador <samglennss3@gmail.com>

syntax highlighting, thank you! Co-authored-by: Francisco <fg@frang.io>

karmacoma-eth · 2023-07-10T22:34:15Z

assets/eip-7265/src/core/CircuitBreaker.sol

+    constructor(
+        address _admin,
+        uint256 _rateLimitCooldownPeriod,
+        uint256 _withdrawlPeriod,


typo in _withdrawlPeriod

0xshinobii · 2023-08-06T15:37:47Z

assets/eip-7265/src/utils/LimiterLib.sol

+            totalChange += node.amount;
+            uint256 nextTimestamp = node.nextTimestamp;
+            // Clear data
+            limiter.listNodes[currentHead];


should be delete limiter.listNodes[currentHead]

0xshinobii · 2023-08-08T07:42:44Z

assets/eip-7265/src/utils/LimiterLib.sol

+            // If the list is empty, set the tail and head to current times
+            limiter.listHead = block.timestamp;
+            limiter.listTail = block.timestamp;


Why block.timestamp is used here and not currentTickTimestamp? It would be cleaner that way.

SamWilsn · 2023-10-18T16:34:22Z

assets/eip-7265/test/mocks/MockToken.sol

@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: UNLICENSED
