Security Plugin
Last updated
Last updated
The purpose of Security Plugin is to add a way of mitigating potential exploits of Integral. This is achieved by providing a functionality of stopping a certain pool(s) or all the pools (which have the plugin connected).
Briefly, a security vendor will have the ability to disable swap/flash/burn/mint operations on pools when they detect a security threat. Further, another authority (e.g. DEX admin) will be able to enable either burns only (liquidity withdrawals) or all operations.
There is a Security Registry contract which is accessed by Safety Switches of different pools to get a status of it’s pool. Status might be equal to ENABLED, DISABLED (all operations with hooks are disabled) or BURN_ONLY (only liquidity decreasing is allowed).
Pause works by executing revert in beforeSwap, beforeModifyPos и beforeFlash hooks.
To disable swaps, flashes and liquidity modification it is necessary for certain flags in a pool to be set. Otherwise hooks will not be triggered.
If the status is set to BURN_ONLY the Safety Switch will only revert in beforeModifyPos hook if liquidity is greater than 0.
Security Registry is introduced to provide a single entrypoint of a “security system”. It has the following methods:
setPoolsStatus(address[] pools, Status[] new_statuses) - a method to update status of provided pools
setGlobalStatus(Status) - a method to set a status of all pools at once
getPoolStatus(address pool) - a method to get a specific pool’s status
If a globalStatus is set to DISABLED then all the pools are DISABLED
If a globalStatus is set to BURN_ONLY then all the pools are BURN_ONLY
If a globalStatus is set to ENABLED then each pool’s status is defined by it’s own status
There are two roles: Guard and Admin
Guard can only set the status to DISABLED
Admin (Factory Owner might be used) can set any status
