[VPD-1118] feat: VIP-666 + VIP-667 — DeviationSentinel + EBrakeV2 on Ethereum, Arbitrum One, Base#702
Open
Debugger022 wants to merge 15 commits intomainfrom
Open
[VPD-1118] feat: VIP-666 + VIP-667 — DeviationSentinel + EBrakeV2 on Ethereum, Arbitrum One, Base#702Debugger022 wants to merge 15 commits intomainfrom
Debugger022 wants to merge 15 commits intomainfrom
Conversation
- Wires DeviationSentinel + EBrakeV2 + SentinelOracle + UniswapOracle on Ethereum, Arbitrum One, zkSync Era, and Base - Grants only the IL-supported subset of EBrake action functions since these chains use isIsolatedPool=true (Diamond-only fns would revert) - Add ACCESS_CONTROL_MANAGER for arbitrumone, zksyncmainnet, and basemainnet to networkAddresses.ts - Include cross-chain simulation suite with pre/post permission, ownership, and functional sanity checks; auto-skips when placeholder addresses are unfilled
…zkSync in VIP-666
DeviationSentinel, EBrake, SentinelOracle, and UniswapOracle proxies sourced from venus-periphery PR #65 (feat/VPD-1134). Keeper and multisig pauser reuse the same BSC mainnet addresses (keeper: 0x57fa…, multisig: 0xCCa5…).
- Remove ZKSYNCMAINNET_CONFIG import and NETWORKS array entry - Update proposal title from 4 chains to 3 (Ethereum, Arbitrum One, Base) - Update description and summary to reflect 3-chain deployment - Reduce permission event count from 332 to 249 (83 per chain × 3) - Update market count line: remove zkSync market count reference - Set realistic fork block numbers for remaining 3 chains - Delete market.md (was scoped to 4-chain proposal)
- Monolithic VIP-666 (122 cmds/chain) exceeded Ethereum's 30M block gas limit with the LayerZero adapter param. Split into VIP-666 (bootstrap + permissions, 60 cmds/chain) and new VIP-667 (governance EBrake actions + per-market wiring). - Drop eBTC (Ethereum) and cbBTC + wstETH (Base) from monitored markets. Their only liquid pools (Curve / Aerodrome Slipstream) are not Uniswap V3 ABI-compatible — UniswapOracle would silently revert at handleDeviation time. Re-include once dedicated CurveOracle / SlipstreamOracle adapters are deployed. - Simulation hardening: bump Chainlink/RedStone tokenConfig staleness to 1y so post-time-warp price reads keep validating; add zero-address validity guard; add end-to-end checkPriceDeviation pre-flight (LBTC skipped due to OneJumpOracle fork-time fragility, production unaffected).
Debugger022
changed the title
- Bootstrap CurveOracle (Ethereum) + AerodromeSlipstreamOracle (Base) in VIP-666: acceptOwnership + setPoolConfig admin grants for Guardian + 3 Timelocks. These markets were previously commented out because their only liquid pools were not Uniswap V3 ABI-compatible — the dedicated adapters from venus-periphery PR #66 unblock them. - Add an `oracleType` discriminator on MonitoredMarket so VIP-667's wiring loop branches between UniswapOracle / CurveOracle (4-arg setPoolConfig with coinIndex + referenceToken) / AerodromeSlipstream (Uniswap-shaped 2-arg setPoolConfig). - Bump VIP-667 fork blocks past the new oracle deployments (Eth ≥ 24985630, Base ≥ 45337626). - Sim note: UniswapOracle and AerodromeSlipstreamOracle share the `PoolConfigUpdated(address,address)` topic, so the post-execution event-count assertion sums Uniswap + Aerodrome markets under one ABI filter; CurveOracle's 4-arg variant is checked separately.
Debugger022
changed the title
fred-venus
reviewed
Apr 30, 2026
Replace price_oracle() EMA with get_dy() instantaneous swap output. New PoolConfig adds refCoinIndex and assetDecimals fields; setPoolConfig signature updated to (address,address,uint8,uint8,address,uint8). Redeploy proxy to 0x9F508F3 and bump Ethereum fork blocks to 24992834+.
…EBrake - Minimal 22-command VIP (bsctestnet.ts) targeting Sepolia via LZ — fits within the testnet relayer's ~10 KB payload ceiling; the full governance admin set is deferred to mainnet VIPs - Deploys ownership, EBrake→Comptroller and Sentinel→EBrake wiring, trusted keeper whitelist (deployer EOA + on-chain keeper), deployer extra permissions for the E2E reset cycle, and market config for WETH + WBTC at 10% threshold - Sepolia address config (addresses/sepolia.ts) with deployed contract addresses and keeper set to match the BSC testnet keeper address - Fork simulation (simulations/vip-666/sepolia.ts) covering pre/post VIP state: ownership, permissions, trusted keepers, market config - Adds WETH address to src/networkAddresses.ts sepolia entry
Cross-chain commands fail at on-chain estimateFees with 'Relayer: _payloadSize tooooo big' when the encoded payload exceeds 10,000 bytes, but local simulations bypass the Relayer and pass silently. Compute the payloadWithId envelope size during proposal build and throw with the offending dstChainId + command count so oversized VIPs fail in CI rather than at proposeOnTestnet/propose time.
…trap - Cross-chain payload for VIP-616 + VIP-617 combined exceeds the LZ V1 RelayerV2 ~10 KB ceiling; encode all ACM grants and market wiring inside per-chain DeviationSentinelConfigurator so each chain needs only ~6 cross-chain commands instead of 100+ ACM grants - Merge vip-617 scope into vip-616 — configurator runs both bootstraps atomically in a single execute() call, no second VIP needed - Fix ACM bootstrap: VIP must grant DEFAULT_ADMIN_ROLE (not per-sig perms); Venus ACM.giveCallPermission wraps OZ grantRole which requires that role, per-sig grants caused execute() to revert on the first self-grant call - Add full fork simulation suite for Ethereum, Arbitrum One, and Base: pre/post ownership, ACM permissions, market wiring, and end-to-end SentinelOracle / checkPriceDeviation assertions
fred-venus
reviewed
May 5, 2026
| signature: "execute()", | ||
| params: [], | ||
| dstChainId, | ||
| }, |
Contributor
There was a problem hiding this comment.
why dont we revoke permission ? 🤔
Contributor
There was a problem hiding this comment.
nvm, saw its done in configurator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
get_dy()instantaneous swap output rather than the EMAprice_oracle, so manipulation is captured immediatelymakeProposalso oversized cross-chain VIPs fail at simulation/CI rather than atpropose/proposeOnTestnettimeChanges
VIP-616 (Bootstrap & Permissions)
pauseBorrow,pauseSupply,decreaseCF)VIP-617 (Governance Actions & Market Wiring)
Framework
src/utils.ts:makeProposalnow computes thepayloadWithIdenvelope size for each per-chain LZ message and throws when it exceeds the destination chain'sDEFAULT_PAYLOAD_SIZE_LIMIT. Catches the on-chainRelayer: _payloadSize tooooo bigrevert that local simulations otherwise miss.Per-chain LZ payload size limits (verified on-chain)
Queried
DEFAULT_PAYLOAD_SIZE_LIMIT()andpayloadSizeLimitLookup(srcChainId)on every VenusOmnichainGovernanceExecutor. Source LZ chain ID =102(BSC mainnet) for mainnets,10102(BSC testnet) for testnets.0xd70ffB56E4763078b8B814C0B48938F35D83bE0C0xc1858cCE6c28295Efd3eE742795bDa316D7c75260x09b11b1CAdC08E239970A8993783f0f8EeC60ABf0xE7C56EaA4b6eafCe787B3E1AB8BCa0BC6CBDDb9e0xA1b56f19CA5E5b15EF29d38238930Ce9f02353120x82598878Adc43F1013A27484E61ad663c5d50A030x3E281461efb3D53EC20DB207674373Ed8Ef3BbA90xD9B18a43Ee9964061c1A1925Aa907462F02491090xcf3e6972a8e9c53D33b642a2592938944956f1380xC7D6D33adcdBfccD416C3aAB1878360ea8b79ac60xDD59be81B3B5BFa391bDA3a84c9f5233BfEF52a40x0aa644c4408268E9fED5089A113470B6e706bc0CAll 12 destination executors return identical 10,000-byte caps with no per-source override, so the framework hardcodes a single
LZ_PAYLOAD_SIZE_LIMIT = 10_000constant. If any chain later configures apayloadSizeLimitLookupoverride, the comment inutils.tsflags the migration path.Infra
ACCESS_CONTROL_MANAGERtonetworkAddresses.tsfor Arbitrum One, ZkSync, and BasePoolConfigupdated to 5-field struct: addsrefCoinIndex+assetDecimalsforget_dy()pricingTest plan