feat: stewards injector robot (#13)

* fix: no same updates or all keep current

* fix: no same update for capo

* feat: add edge risk steward

* chore: fix lint

* chore: add risk oracle contract

* feat: add stewards injector and fix remappings

* test: stewards injector

* test: isUpdatedIdExecuted

* test: expiredUpdate

* test: some more injector tests

* test: edge risk steward

* refactor: rename method

* feat: add writeup

* test: add missing tests

* fix: script for coverage

* chore: deploy scripts

* fix: deploy script

* feat: simplify injector

* fix: update contracts to v3.2 and adjust imports and remappings

* chore: update readme

* fix: certora remapping

* chore: update readme from suggestion

Co-authored-by: Ernesto Boado <[email protected]>

* chore: update readme from suggestion

Co-authored-by: Ernesto Boado <[email protected]>

* chore: update readme from suggestion

Co-authored-by: Ernesto Boado <[email protected]>

* fix: remove revert on sameUpdate and all keepCurrent

* chore: fix lint

* chore: fix typo in writeup

* fix: generator imports and update address book

* fix: stewards base

* chore: add risk oracle to deploy script

---------

Co-authored-by: Ernesto Boado <[email protected]>

Author: brotherlymite

Makefile

@@ -8,6 +8,10 @@ update:; forge update
 coverage :; forge coverage --report lcov && \
 	lcov --remove ./lcov.info -o ./lcov.info.p \
 	'tests/*' \
+	'src/contracts/dependencies/*' \
+	'src/contracts/examples/*' \
+	'src/contracts/updates/*' \
+	'scripts/*' \
 	&& genhtml ./lcov.info.p -o report --branch-coverage \
 	&& coverage=$$(awk -F '[<>]' '/headerCovTableEntryHi/{print $3}' ./report/index.html | sed 's/[^0-9.]//g' | head -n 1); \
 	wget -O ./report/coverage.svg "https://img.shields.io/badge/coverage-$${coverage}%25-brightgreen"
@@ -27,4 +31,4 @@ git-diff :
 deploy-ledger :; FOUNDRY_PROFILE=${chain} forge script $(if $(filter zksync,${chain}),--zksync) ${contract} --rpc-url ${chain} $(if ${dry},--sender 0x25F2226B597E8F9514B3F68F00f494cF4f286491 -vvvv, --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify -vvvv --slow --broadcast)
 deploy-pk :; FOUNDRY_PROFILE=${chain} forge script $(if $(filter zksync,${chain}),--zksync) ${contract} --rpc-url ${chain} $(if ${dry},--sender 0x25F2226B597E8F9514B3F68F00f494cF4f286491 -vvvv, --private-key ${PRIVATE_KEY} --verify -vvvv --slow --broadcast)
 
-run-script:; FOUNDRY_PROFILE=${network} forge script ${contract_path} --rpc-url ${network} --sig "run(bool)" ${broadcast} -vv
+run-script:; FOUNDRY_PROFILE=${network} forge script ${contract} --rpc-url ${network} --sig "run(bool)" ${broadcast} -vv

README.md

@@ -8,7 +8,7 @@ Expanding from the scope of CapsPlusRiskSteward, we now introduce the new RiskSt
 
 ## Specification
 
-The new RiskSteward we propose follows the same design as the CapsPlusRiskSteward: a smart contract to which the Aave Governance gives `POOL_ADMIN` the role over all v3 instances, controlled by a 2-of-2 multi-sig of the risk providers, and heavily constrained on what can do and how by its own logic.
+The new RiskSteward we propose follows the same design as the CapsPlusRiskSteward: a smart contract to which the Aave Governance gives `POOL_ADMIN` the role over all v3 instances. It is controlled by a 2-of-2 multi-sig and is heavily constrained on what can do and how by its own logic.
 
 _Note: The Risk Stewards will only be available for Aave V3.1 instances and not Aave V2 (or previous Aave v3) due to missing admin roles on Aave V2 instances and other incompatibilities._
 
@@ -39,10 +39,10 @@ For each risk param, `minDelay` can be configured, which is the minimum amount o
 
 #### Max Percent Change:
 
-For each risk param, `maxPercentChange` which is the maximum percent change allowed (both upwards and downwards) for the risk param using the RiskStewards.
+For each risk param, `maxPercentChange` is the maximum percent change allowed (both upwards and downwards) for the risk param using the RiskStewards.
 
-- Supply cap, Borrow cap and Debt ceiling: The `maxPercentChange` is relative and is denominated in BPS. (Ex. `50_00` for +-50% relative change).
-  For example, for a current supply cap of an asset at 1_000_000 and `maxPercentChange` configured for supply cap at `50_00`, the max supply cap that can be configured is 1_500_000 and the minimum 500_000 via the steward.
+- Supply cap, Borrow cap, and Debt ceiling: The `maxPercentChange` is relative and is denominated in BPS. (Ex. `50_00` for +-50% relative change).
+  For example, with an asset's current supply cap at 1_000_000 and `maxPercentChange` configured for supply cap at `50_00`, the max supply cap that can be configured is 1_500_000, and the minimum is 500_000 via the steward.
 
 - LTV, LT, LB: The `maxPercentChange` is in absolute values and is also denominated in BPS. (Ex. `5_00` for +-5% change in LTV).
   For example, for a current LTV of an asset configured at 70_00 (70%) and `maxPercentChange` configured for ltv at `10_00`, the max ltv that can be configured is 77_00 (77%) and the minimum 63_00 (63%) via the steward.
@@ -66,6 +66,30 @@ Some assets/oracles can also be restricted on the RiskStewards by calling the `s
 
 <br>
 
+## AGRS + Edge Infrastructure (Risk Oracles)
+
+With the introduction of Edge Risk Oracles by Chaos Labs, which leverages advanced off-chain infrastructure to deliver real-time risk updates to the Aave protocol via the Risk Oracle, the risk updates for the Aave protocol can be automated in a constrained manner. This can be done by combining the Edge Risk Oracle with the Aave Risk Steward, using a middleware contract `AaveStewardsInjector`.
+
+The Aave Risk Steward contract used for automated updates (called now [EdgeRiskSteward](./src/contracts/EdgeRiskSteward.sol)), has been slightly modified to only allow Interest Rates Updates on the protocol initially as a matter of extra security considerations.
+
+The following is a simple diagram of how the system works as a whole:
+
+<img src="./docs/agrs-edge.png" alt="AGRS and Risk Oracle Diagram Flow" width="100%" height="100%">
+
+### AaveStewardsInjector
+
+The [AaveStewardsInjector](./src/contracts//AaveStewardInjector.sol) is a Chainlink automation compatible contract which checks if the latest update from the Edge Risk Oracle could be pushed to the Risk Steward, and if so, injects it to the Aave Risk Stewards. The `AaveStewardsInjector` should be set as the `riskCouncil` on the Aave Risk Steward contract so it can inject updates.
+
+The `AaveStewardsInjector` has the following major functions:
+
+- `checkUpkeep()`: This method is called off-chain by Chainlink nodes every block to check if the latest update could be injected, and if so, calls `performUpKeep()`. It fetches the latest interest rate update for the whitelisted asset (initially WETH) using the `getLatestUpdateByParameterAndMarket()` method on the Risk Oracle, and checks if the update can be injected into the Risk Steward if not already executed before. If the latest update is not executed or disabled the method returns true.
+
+- `performUpkeep()`: The `performUpkeep()` method is called by the Chainlink automation nodes when the `checkUpkeep()` method returns true. The `performUpkeep()` call injects the latest update on the Risk Steward, unless that update has been disabled by the steward injector guardian or previously executed. After an update has been injected on the Risk Steward using the params from the Risk Oracle, we mark the updateId as executed on storage mapping `_isUpdateIdExecuted[id]`. The `performUpkeep()` method is permissionless on purpose, so as to allow injections from the Risk Oracle to the Risk Steward even in case of some downtime on the automation infra via a manual trigger.
+
+The Stewards Injector Guardian is an entity, which is the owner of the `AaveStewardsInjector` contract and has access to disable updates for the specific `updateId` using the `disableUpdateById()` method in case of any emergencies. The guardian can also change / add update types using the `addUpdateType()` method, to whitelist the type of updates that can be injected via the Stewards Injector.
+
+The `AaveStewardsInjector` contract also introduces an `EXPIRATION_PERIOD` to disallow outdated risk param updates to be injected. The `EXPIRATION_PERIOD` is set to 6 hours, which means after an update is pushed on the Edge Risk Oracle, the `AaveStewardsInjector` has a maximum of 6 hours to inject the update onto the Risk Steward otherwise the update expires.
+
 ## Security
 
 - Certora security review: [2024-07-10](./audits/10-07-2024_Certora_AaveV3-Risk-Steward.pdf)

certora/confs/rules.conf

@@ -1,7 +1,7 @@
 {
     "files": [
         "certora/munged/src/contracts/RiskSteward.sol",
-        "lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin/src/periphery/contracts/v3-config-engine/AaveV3ConfigEngine.sol"
+        "lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin/src/contracts/extensions/v3-config-engine/AaveV3ConfigEngine.sol"
     ],
     "link": [
         "RiskSteward:CONFIG_ENGINE=AaveV3ConfigEngine",
@@ -10,10 +10,9 @@
                 "aave-helpers=lib/aave-helpers",
                 "forge-std=lib/aave-helpers/lib/forge-std/src",
                 "aave-address-book=lib/aave-helpers/lib/aave-address-book/src",
-                "solidity-utils=lib/aave-helpers/lib/solidity-utils/src",
-                "aave-v3-origin=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin/src",
-                "aave-v3-core=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin/src/core",
-                "aave-v3-periphery=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin/src/periphery",
+                "solidity-utils=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin/lib/solidity-utils/src",
+                "lib/aave-helpers:aave-v3-origin=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin/src",
+                "aave-v3-origin=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin",
                 "aave-capo=lib/aave-capo/src",
                 "lib/aave-capo:cl-synchronicity-price-adapter=lib/aave-capo/lib/cl-synchronicity-price-adapter/src"
                 ],

certora/confs/sanity.conf

@@ -6,10 +6,9 @@
                 "aave-helpers=lib/aave-helpers",
                 "forge-std=lib/aave-helpers/lib/forge-std/src",
                 "aave-address-book=lib/aave-helpers/lib/aave-address-book/src",
-                "solidity-utils=lib/aave-helpers/lib/solidity-utils/src",
-                "aave-v3-origin=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin/src",
-                "aave-v3-core=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin/src/core",
-                "aave-v3-periphery=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin/src/periphery",
+                "solidity-utils=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin/lib/solidity-utils/src",
+                "lib/aave-helpers:aave-v3-origin=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin/src",
+                "aave-v3-origin=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-origin",
                 "aave-capo=lib/aave-capo/src",
                 "lib/aave-capo:cl-synchronicity-price-adapter=lib/aave-capo/lib/cl-synchronicity-price-adapter/src"
                 ],

docs/agrs-edge.png

@@ -3,7 +3,7 @@ src = 'src'
 test = 'tests'
 script = 'scripts'
 out = 'out'
-solc = '0.8.19'
+solc = '0.8.20'
 libs = ['lib']
 remappings = [
 ]
@@ -16,10 +16,10 @@ src = 'zksync'
 test = 'zksync'
 script = 'scripts'
 libs = ['lib']
-solc = '0.8.19'
+solc = '0.8.20'
 fs_permissions = [{ access = "write", path = "./reports" }]
 ffi = true
-evm_version = 'paris'
+evm_version = 'shanghai'
 
 [profile.zksync.zksync]
 compile = true

foundry.toml

@@ -28,7 +28,7 @@ pragma solidity ^0.8.0;
 
 import {AaveV3EthereumAssets} from 'aave-address-book/AaveV3Ethereum.sol';
 import {RiskStewardsEthereum} from '../../../../scripts/networks/RiskStewardsEthereum.s.sol';
-import {IAaveV3ConfigEngine} from 'aave-v3-periphery/contracts/v3-config-engine/IAaveV3ConfigEngine.sol';
+import {IAaveV3ConfigEngine} from 'aave-v3-origin/src/contracts/extensions/v3-config-engine/IAaveV3ConfigEngine.sol';
 
 /**
  * @title test

generator/features/__snapshots__/capUpdates.spec.ts.snap

@@ -39,8 +39,8 @@ pragma solidity ^0.8.0;
 
 import {AaveV3EthereumAssets} from 'aave-address-book/AaveV3Ethereum.sol';
 import {RiskStewardsEthereum} from '../../../../scripts/networks/RiskStewardsEthereum.s.sol';
-import {EngineFlags} from 'aave-v3-periphery/contracts/v3-config-engine/EngineFlags.sol';
-import {IAaveV3ConfigEngine} from 'aave-v3-periphery/contracts/v3-config-engine/IAaveV3ConfigEngine.sol';
+import {EngineFlags} from 'aave-v3-origin/src/contracts/extensions/v3-config-engine/EngineFlags.sol';
+import {IAaveV3ConfigEngine} from 'aave-v3-origin/src/contracts/extensions/v3-config-engine/IAaveV3ConfigEngine.sol';
 
 /**
  * @title test

generator/features/__snapshots__/collateralUpdates.spec.ts.snap

@@ -76,8 +76,8 @@ pragma solidity ^0.8.0;
 
 import {AaveV3EthereumAssets} from 'aave-address-book/AaveV3Ethereum.sol';
 import {RiskStewardsEthereum} from '../../../../scripts/networks/RiskStewardsEthereum.s.sol';
-import {EngineFlags} from 'aave-v3-periphery/contracts/v3-config-engine/EngineFlags.sol';
-import {IAaveV3ConfigEngine} from 'aave-v3-periphery/contracts/v3-config-engine/IAaveV3ConfigEngine.sol';
+import {EngineFlags} from 'aave-v3-origin/src/contracts/extensions/v3-config-engine/EngineFlags.sol';
+import {IAaveV3ConfigEngine} from 'aave-v3-origin/src/contracts/extensions/v3-config-engine/IAaveV3ConfigEngine.sol';
 
 /**
  * @title test

generator/features/__snapshots__/rateUpdates.spec.ts.snap

@@ -17,11 +17,11 @@ describe('prefixWithImports', () => {
 
   it('should detect v3 Engine imports', () => {
     expect(prefixWithImports(`EngineFlags.KEEP_CURRENT`)).toContain(
-      `import {EngineFlags} from 'aave-v3-periphery/contracts/v3-config-engine/EngineFlags.sol';`,
+      `import {EngineFlags} from 'aave-v3-origin/src/contracts/extensions/v3-config-engine/EngineFlags.sol';`,
     );
 
     expect(prefixWithImports('IAaveV3ConfigEngine.CapsUpdate')).toContain(
-      `import {IAaveV3ConfigEngine} from 'aave-v3-periphery/contracts/v3-config-engine/IAaveV3ConfigEngine.sol';`,
+      `import {IAaveV3ConfigEngine} from 'aave-v3-origin/src/contracts/extensions/v3-config-engine/IAaveV3ConfigEngine.sol';`,
     );
   });