GEB Docs
GEB Docs
Introduction to GEB
Currently Deployed Systems
Current System Parameters
GEB Risks
Governance Minimization Guide
FAQ
Contract Variables Translation
Core Contracts Naming Transition
Governance Contracts Naming Transition
SAFE Management Contract Naming Transition
System Contracts
Core Module
Auction Module
Oracle Module
Token Module
Money Market Module
Sustainability Module
Stability Fee Treasury
Governance Module
Shutdown Module
Proxy Infrastructure
DSProxy
Proxy Registry
Helper Contracts
SAFE Manager
GEB.js
Getting Started
Global Settlement Guide
API Reference
APIs
API Endpoints
Pyflex
Getting Started
SAFE Management
Numerics
Keepers
Overview
Collateral Auction Keeper
Debt Auction Keeper
Surplus Auction Keeper
Bidding Models
Integrations
SAFE Insurance
Powered by GitBook

Sustainability Module

The protocol's resource fund

Relevant smart contracts:

1. Overview

The Sustainability Module provides funds to critical system components such as the Oracle Network Medianizer in order to function properly, even in the absence of governance power over the protocol.

2. Component Descriptions

  • StabilityFeeTreasury - this contract tries to keep an "optimum" amount of stability fees for itself in order to make sure it can provide funds to other contracts (or in some cases, people) that maintain the protocol's well-being. Anyone can periodically call a function to recalculate the optimum amount of funds to keep in the treasury. Any surplus above optimum values is transferred to the AccountingEngine.

3. Risks

Smart Contract Bugs

  • A bug in the StabilityFeeTreasury would potentially block other contracts from pulling funds or would incorrectly calculate the optimum amount of funds to keep in the contract (CDPEngine.coinBalance[stabilityFeeTreasury]).

  • A bug could also prevent the treasury from sending extra unused resources to another address using transferSurplusFunds()

Misconfiguration

  • Governance might set an incorrect address as the AccountingEngine or could maliciously withdraw the permission of core contracts to pull funds. Governance could also allow malicious contracts to drain the treasury.

4. Governance Minimization

Governance can withdraw their power over this module if two conditions are satisfied:

  1. All treasury dependent contracts were set up correctly (can withdraw enough funds to function properly).

  2. All external actors (if any) have the necessary permissions to pull funds from the treasury.

The StabilityFeeTreasury is part of the Level 2 Gov Minimization. That being said, governance should maintain control only over setting total allowances to their initial values for every address that's currently authorized to pullFunds from the treasury.

Keeping Governance over takeFunds

Given that takeFunds has very simple and clearly defined behavior where governance cannot harm the treasury, it can be governed in the long run.

Previous
Tax Collector
Next
Stability Fee Treasury
Last updated 3 weeks ago
Contents
1. Overview
2. Component Descriptions
3. Risks
Smart Contract Bugs
Misconfiguration
4. Governance Minimization