Maple
  • Welcome to Maple
  • Maple for Lenders
    • Introduction
    • Lending
    • Defaults and Impairments
    • Margin Calls and Liquidations
    • Risk
    • Withdrawal Process
  • syrupUSDC for Lenders
    • Powered by Maple
    • Lending in syrupUSDC and syrupUSDT
    • Commitments
    • Drips Rewards
    • Withdrawals
    • Monthly Updates
    • Pendle Integration
  • SyrupUSDC Rewards Prize Draw Program Summary
  • FAQ
  • Maple for Borrowers
    • Introduction
    • Loan Management
  • Maple for Token Holders
    • Introduction to SYRUP
      • MPL to SYRUP Conversion
      • FAQs
    • SYRUP Tokenomics
      • Staking
      • Staking Smart Contract Details
    • Governance and Voting
    • Drips Rewards
    • Research and Media
      • Podcasts
      • News Articles
      • TV Segments
      • Research Reports
      • Data Dashboards
    • Additional Resources
  • Technical Resources
    • Protocol Overview
      • Background
      • Protocol Actors
      • Smart Contract Architecture
      • Glossary
      • Smart Contract Addresses
      • Fees
      • Composability
      • Proxies and Upgradeability
    • Security
      • Security
      • List of Assumptions
      • External Entry Points
      • Emergency Protocol Pause
      • Protocol Invariants
      • Test Report
    • Loans
      • Loans
      • Fixed Term Loans
      • Open Term Loans
      • Refinancing
      • Impairments
      • Defaults
    • Pools
      • Pools
      • Pool Creation
      • PoolManager
      • PoolDelegateCover
      • Accounting
        • Pool Accounting
        • Pool Exchange Rates
    • Strategies
      • Fixed Term Loan Manager
        • Overview
        • Claims
        • Advance Payment Accounting
        • Accounting Examples
      • Open Term Loan Manager
      • DeFi Strategies
    • Withdrawal Managers
      • WithdrawalManager (Cyclical)
      • WithdrawalManager (Queue)
    • Singletons
      • Globals
      • MapleTreasury
      • Oracles
      • Pool Permission Manager
    • Admin Functions
      • Governor Admin Actions
        • Operational Admin Actions
      • Pool Delegate Admin Actions
      • Timelocks
    • Operations
      • Protocol Deployment
      • Open Term Loan Deployment
      • December 2023 Deployment & Upgrade Procedure
      • Strategies Release Deployment Procedure
    • Interfaces
      • FixedTermLoan
      • FixedTermLoanFactory
      • FixedTermLoanFeeManager
      • FixedTermLoanInitializer
      • FixedTermLoanManager
      • FixedTermLoanManagerFactory
      • FixedTermLoanManagerInitializer
      • FixedTermLoanRefinancer
      • Globals
      • Liquidator
      • LiquidatorFactory
      • LiquidatorInitializer
      • OpenTermLoan
      • OpenTermLoanFactory
      • OpenTermLoanInitializer
      • OpenTermLoanManager
      • OpenTermLoanManagerFactory
      • OpenTermLoanManagerInitializer
      • OpenTermLoanRefinancer
      • Pool
      • PoolDelegateCover
      • PoolDeployer
      • PoolManager
      • PoolManagerFactory
      • PoolManagerInitializer
      • PoolPermissionManager
      • WithdrawalManager (Cyclical)
      • WithdrawalManagerFactory (Cyclical)
      • WithdrawalManagerInitializer (Cyclical)
      • WithdrawalManager (Queue)
      • WithdrawalManagerFactory (Queue)
      • WithdrawalManagerInitializer (Queue)
    • SYRUP Token
      • Architectural Overview
      • Base ERC20 Structure
      • Upgradability
      • Modules
      • Time Locks
      • Recapitalization Module
      • Emergency Module
      • Deployment and Migration Procedure
    • GraphQL API
    • SDK
      • Introduction
      • Installation
      • Protocol Actors
      • Usage Guide
  • Troubleshooting & Support
    • Intercom
  • Maple 1.0
    • Access to deprecated Maple 1.0
  • Legal
    • Borrower MLA
    • KYC
    • Interface Terms of Use
    • Privacy Policy
    • syrupUSDC and syrupUSDT - Risks
    • syrupUSDC and syrupUSDT - Defaults and Impairments
    • syrupUSDC and syrupUSDT - Available Jurisdictions
    • Interface Terms of Use [syrupUSDC and syrupUSDT]
    • Interface Terms of Use [Syrup.fi/convert/ and Syrup.fi/stake/]
    • syrupUSDC and syrupUSDT- Privacy Policy
    • SyrupUSDC Rewards Prize Draw Terms & Conditions
Powered by GitBook
On this page
  • Pre-Upgrade Pausing
  • Granular Pausing
  1. Technical Resources
  2. Security

Emergency Protocol Pause

Pre-Upgrade Pausing

In the previous version of the protocol, there was a single switch that determined whether the protocol was paused. This switch had a global effect on all functions within the protocol. The security admin was responsible for triggering the global pause.

However, while effective as an emergency shut down, this architecture posed limitations for recovery strategies to return the system to normal operations from a paused state. To illustrate this limitation, consider a scenario where a pool delegate misconfigures a parameter that affects a pool, such as setting an inappropriate liquidation rate, which allows collateral to be traded at an unwanted discount.

In such a situation, the security admin would trigger a pause, which stops all operations. However, the fix requires either the governor or the pool delegate to reset the minimum ratio, which cannot be done in a paused state. Full recovery requires the following atomic actions to be performed:

1. The security admin calls unpause.
2. The governor or pool delegate calls setMinRatio.

Even in this simple scenario, the fix is an operational challenge, as there is no native way to ensure the atomicity of operations and it involves multiple parties and time-sensitive procedures. Therefore, the mechanism has been redesigned to address these issues.

Granular Pausing

Addressing the flaws described above, the pausing has 3 separate setters that control the status.

  1. Global pause

  2. Per contract pause

  3. Per function un-pause.

Global Pause

This structure is the same as the previous one, meaning a single switch that turns on or off the pause for the whole system, with the difference that now it can be called by either the governor or the security admin.

Per-Contract Pause

Additionally, a flag is added to pause specific contract instances. This way, if there's a problem in an isolated contract, there's no need to lock the whole protocol while a fix is underway. This granularity allows, for example, to have a specific loan paused, but not any of the others.

Per-Function Unpause

To help with the recovery, there's a third lever which indicates which function in a paused contract can be manually un-paused. This handles the case of "unknown unknowns", which is hard to know upfront which functions might need to be called as part of the solution.

With these three variables, the governor and security admin have a greater flexibility in dealing with emergencies, and also allows for the protocol to return to a functioning state sooner.

Back to the example where the ratio of a collateral asset is misconfigured in a pool, the new way of handling the issue:

1. Pause the whole protocol for investigation.
2. Turn on the `setMinRatio` function to be callable and adjust the parameter.
3. Once the fix is assured to be comprehensible, unpause the protocol.

Using the new pausing mechanism, the operational complexity is reduced and it becomes impossible to exploit the system while the fix is underway.

PreviousExternal Entry PointsNextProtocol Invariants

Last updated 1 year ago