Protocol Token Printing Permissions
Contract allowing multiple independent debt auction houses to print protocol tokens
1. Summary
GebPrintingPermissions
allows governance to whitelist multiple independent GEBs to print the same protocol token. It imposes delays for adding and removing permissions and it can also allow specific systems to print tokens indefinitely.
2. Contract Variables & Functions
Variables
authorizedAccounts[usr: address]
- addresses allowed to cover or uncover systemsallowedSystems[system: address]
- data about a system that is allowed to print protocol tokensusedAuctionHouses[house: address]
- mapping that shows whether aDebtAuctionHouse
is allowed to print tokens or notunrevokableRightsCooldown
- minimum time (in seconds) after which as system will have indefinite permission to print protocol tokensdenyRightsCooldown
- cooldown that must pass between callingstartUncoverSystem
andendUncoverSystem
addRightsCooldown
- cooldown for quickly removing cover from a freshly added systemcoveredSystems
- the current number of systems covered by the protocol tokenprotocolTokenAuthority
- the authority contract dictating who can print tokensAUCTION_HOUSE_TYPE
- debt auction house identifier
Data Structures
SystemRights
- struct that stores data about eachAccountingEngine
(system). Contains:covered
- whether this system is covered or notrevokeRightsDeadline
- deadline after which governance can no longer remove printing permissions from the systemuncoverCooldownEnd
- cooldown after which governance can callendUncoverSystem
and uncover this systemwithdrawAddedRightsDeadline
- cooldown during which governance can uncover a system without having to wait untiluncoverCooldownEnd
passedpreviousDebtAuctionHouse
- the previousDebtAuctionHouse
connected to theAccountingEngine
currentDebtAuctionHouse
- the currentDebtAuctionHouse
connected to theAccountingEngine
Modifiers
isAuthorized
- checks whether an address is part ofauthorizedAddresses
.
Functions
addAuthorization(usr: address)
- add an address toauthorizedAddresses
.removeAuthorization(usr: address)
- remove an address fromauthorizedAddresses
.modifyParameters(parameter: bytes32, data: uint256)
- modify auint256
parametergiveUpAuthorityRoot()
- give up the perinting permission's position ofroot
inside theProtocolTokenAuthority
giveUpAuthorityOwnership
- give up the perinting permission's position ofowner
inside theProtocolTokenAuthority
coverSystem(accountingEngine: address)
- cover a new system / allow theDebtAuctionHouse
set insideaccountingEngine
to print protocol tokensstartUncoverSystem(accountingEngine: address)
- start to uncover a system / withdraw the permission of the previous and currentDebtAuctionHouse
s that were associated withaccountingEngine
abandonUncoverSystem(accountingEngine: address)
- abandon the uncovering of a specific systemendUncoverSystem(accountingEngine: address)
- end the uncovering process for a systemupdateCurrentDebtAuctionHouse(accountingEngine: address)
- update thecurrentDebtAuctionHouse
of a specific system and set the old current auction house as thepreviousDebtAuctionHouse
removePreviousDebtAuctionHouse(accountingEngine: address)
- remove the permission to print protocol tokens from anaccountingEngine
'spreviousDebtAuctionHouse
proposeIndefinitePrintingPermissions(accountingEngine: address
,freezeDelay: uint256)
- propose a deadline after which theaccountingEngine
/ system cannot be denied printing permissions
Events
AddAuthorization
- emitted when a new address becomes authorized. Contains:account
- the new authorized account
RemoveAuthorization
- emitted when an address is de-authorized. Contains:account
- the address that was de-authorized
ModifyParameters
- emitted when auint256
parameter is updated.GiveUpAuthorityRoot
- emitted whengiveUpAuthorityRoot
is called.GiveUpAuthorityOwnership
- emitted whengiveUpAuthorityOwnership
is called.RevokeDebtAuctionHouses
- emitted when both the current and the previousDebtAuctionHouse
s are denied printing permissions. Contains:accountingEngine
- the accounting engine whose debt auction houses are denied permissionscurrentHouse
- the current debt auction housepreviousHouse
- the previous debt auction house
CoverSystem
- emitted when a new system is covered / allowed to print tokens. Contains:accountingEngine
- the accounting engine from the system that is being covereddebtAuctionHouse
- the debt auction house set inside theaccountingEngine
coveredSystems
- the new number of systems being coveredwithdrawAddedRightsDeadline
- the deadline after which governance can no longer quickly uncover a system without callingstartUncoverSystem
andendUncoverSystem
StartUncoverSystem
- emitted when governance starts to uncover a system. Contains:accountingEngine
- the address of the accounting engine whose debt auction houses are uncoveredcurrentDebtAuctionHouse
- the current debt auction house connected to the accounting enginepreviousDebtAuctionHouse
- the previous debt auction house that was connected to the accounting enginecoveredSystems
- the latest amount of covered systemsrevokeRightsDeadline
- the deadline after which governance will not be able to remove this system's printing rightsuncoverCooldownEnd
- the deadline after which governance can callendUncoverSystem
and finish the uncover processwithdrawAddedRightsDeadline
- cooldown during which governance could have uncovered the system without having to callendUncoverSystem
AbandonUncoverSystem
- emitted when governance abandons the uncover process for a system. Contains:accountingEngine
- address of the accounting engine who's no longer being uncovered
EndUncoverSystem
- emitted when the uncovering process is finished. Contains:accountingEngine
- the address of the accounting engine whose debt auction houses are denied printing permissionscurrentHouse
- the current debt auction house connected to the accounting enginepreviousHouse
- the previous debt auction house that was connected to the accounting engine
UpdateCurrentDebtAuctionHouse
- emitted when the current debt auction house of an accounting engine is updated. Contains:accountingEngine
- the address of the accounting engine whose current debt auction house is updatedcurrentHouse
- the address of the new current debt auction housepreviousHouse
- the address of the previous debt auction house
RemovePreviousDebtAuctionHouse
- emitted when the previous debt auction house is removed from a covered system. Contains:accountingEngine
- the address of the accounting engine whose previous debt auction house is updatedcurrentHouse
- the address of the new current debt auction housepreviousHouse
- the address of the previous debt auction house
ProposeIndefinitePrintingPermissions
- emitted when governance proposes a deadline after which they can no longer remove a system's permission to print tokens. Contains:accountingEngine
- the address of the accounting engine that's part of the system which will no longer be denied printing permissionsfreezeDelay
- the delay from the current timestamp after which the system will have indefinite printing permissions
3. Walkthrough
Current and Previous Debt Auction Houses
Inside the printing permissions contract, a system is represented by an AccountingEngine. The AccountingEngine
has one debt auction house address in it at any time. That's the currentDebtAuctionHouse
although governance may have previously had another auction house that was buggy or had to be upgraded and so the printing permissions keep track of both the currentDebtAuctionHouse
and previousDebtAuctionHouse
until there's no outstanding auction left in the previousDebtAuctionHouse
.
Function Descriptions
coverSystem
: checks that the debt auction house associated with that AccountingEngine
is not already covered. Updates the withdrawAddedRightsDeadline
for that specific AccountingEngine
. The deadline makes sure that governance can withdraw cover from the AccountingEngine
without the need to wait between startUncoverSystem
and endUncoverSystem
startUncoverSystem
: it cannot uncover a system if either the current or the previous debt auction house associated with that system have outstanding debt auctions to settle. It cannot uncover a system if that system is already in the process of being uncovered. It can withdraw cover from a system either if there are at least 2 systems covered or, even if there are multiple systems covered, the withdrawAddedRightsDeadline
for the system that governance wants to uncover was not passed. It must make sure that at least one system is protected at any time the exception being when all the systems added have not passed their respective withdrawAddedRightsDeadline
s
abandonUncoverSystem
: it can only abandon the uncover for a system that is in the process of being uncovered.
endUncoverSystem
: it must check again that neither the current nor the previous debt auction house has any outstanding auctions left. Similar to startUncoverSystem
, it can withdraw cover from a system either if there are at least 2 systems covered or, even if there are multiple systems covered, the withdrawAddedRightsDeadline
for the system that governance wants to uncover was not passed (same exception to the rule applies as for startUncoverSystem
).
updateCurrentDebtAuctionHouse
: it cannot update the currentDebtAuctionHouse
if the new auction house is the same as the current one. It also cannot update the current auction house if previousDebtAuctionHouse
is non null. It must allow the new auction house to print tokens and set previousDebtAuctionHouse
as the last currentDebtAuctionHouse
removePreviousDebtAuctionHouse
: it cannot remove the permission of the previousDebtAuctionHouse
to print protocol tokens unless there are no outstanding auctions in that auction house.
proposeIndefinitePrintingPermissions
: it sets a time after which governance can never remove cover from a specific accounting engine (and thus it's associated debt auction house). updateCurrentDebtAuctionHouse
and removePreviousDebtAuctionHouse
should still work even if now > allowedSystems[accountingEngine].revokeRightsDeadline