Safety Switch

Overview

The purpose of Safety Switch Plugin is to add a way of mitigating potential exploits of Integral. This is achieved by providing a functionality of stopping a certain pool(s) or all the pools (which have the plugin connected).

Briefly, a security vendor will have the ability to disable swap/flash/burn/mint operations on pools when they detect a security threat. Further, another authority (e.g. DEX admin) will be able to enable either burns only (liquidity withdrawals) or all operations.

Details

Security Registry

There is a Security Registry contract which is accessed by Safety Switches of different pools to get a status of it’s pool. Status might be equal to ENABLED, DISABLED (all operations with hooks are disabled) or BURN_ONLY (only liquidity decreasing is allowed).

Safety Switch

Pause works by executing revert in beforeSwap, beforeModifyPos и beforeFlash hooks.

To disable swaps, flashes and liquidity modification it is necessary for certain flags in a pool to be set. Otherwise hooks will not be triggered.

If the status is set to BURN_ONLY the Safety Switch will only revert in beforeModifyPos hook if liquidity is greater than 0.

How to configure Safety Switch

Security Registry is introduced to provide a single entrypoint of a “security system”. It has the following methods:

• setPoolsStatus(address[] pools, Status[] new_statuses) - a method to update status of provided pools

• setGlobalStatus(Status) - a method to set a status of all pools at once

• getPoolStatus(address pool) - a method to get a specific pool’s status

If a globalStatus is set to DISABLED then all the pools are DISABLED

If a globalStatus is set to BURN_ONLY then all the pools are BURN_ONLY

If a globalStatus is set to ENABLED then each pool’s status is defined by it’s own status

Roles

There are two roles: Guard and Admin

Guard can only set the status to DISABLED

Admin (Factory Owner might be used) can set any status