Maple
  • Welcome to Maple
  • Maple for Lenders
    • Introduction
    • Lending
    • Defaults and Impairments
    • Margin Calls and Liquidations
    • Risk
    • Withdrawal Process
  • syrupUSDC for Lenders
    • Powered by Maple
    • Lending in syrupUSDC and syrupUSDT
    • Commitments
    • Drips Rewards
    • Withdrawals
    • Monthly Updates
    • Pendle Integration
  • SyrupUSDC Rewards Prize Draw Program Summary
  • FAQ
  • Maple for Borrowers
    • Introduction
    • Loan Management
  • Maple for Token Holders
    • Introduction to SYRUP
      • MPL to SYRUP Conversion
      • FAQs
    • SYRUP Tokenomics
      • Staking
      • Staking Smart Contract Details
    • Governance and Voting
    • Drips Rewards
    • Research and Media
      • Podcasts
      • News Articles
      • TV Segments
      • Research Reports
      • Data Dashboards
    • Additional Resources
  • Technical Resources
    • Protocol Overview
      • Background
      • Protocol Actors
      • Smart Contract Architecture
      • Glossary
      • Smart Contract Addresses
      • Fees
      • Composability
      • Proxies and Upgradeability
    • Security
      • Security
      • List of Assumptions
      • External Entry Points
      • Emergency Protocol Pause
      • Protocol Invariants
      • Test Report
    • Loans
      • Loans
      • Fixed Term Loans
      • Open Term Loans
      • Refinancing
      • Impairments
      • Defaults
    • Pools
      • Pools
      • Pool Creation
      • PoolManager
      • PoolDelegateCover
      • Accounting
        • Pool Accounting
        • Pool Exchange Rates
    • Strategies
      • Fixed Term Loan Manager
        • Overview
        • Claims
        • Advance Payment Accounting
        • Accounting Examples
      • Open Term Loan Manager
      • DeFi Strategies
    • Withdrawal Managers
      • WithdrawalManager (Cyclical)
      • WithdrawalManager (Queue)
    • Singletons
      • Globals
      • MapleTreasury
      • Oracles
      • Pool Permission Manager
    • Admin Functions
      • Governor Admin Actions
        • Operational Admin Actions
      • Pool Delegate Admin Actions
      • Timelocks
    • Operations
      • Protocol Deployment
      • Open Term Loan Deployment
      • December 2023 Deployment & Upgrade Procedure
      • Strategies Release Deployment Procedure
    • Interfaces
      • FixedTermLoan
      • FixedTermLoanFactory
      • FixedTermLoanFeeManager
      • FixedTermLoanInitializer
      • FixedTermLoanManager
      • FixedTermLoanManagerFactory
      • FixedTermLoanManagerInitializer
      • FixedTermLoanRefinancer
      • Globals
      • Liquidator
      • LiquidatorFactory
      • LiquidatorInitializer
      • OpenTermLoan
      • OpenTermLoanFactory
      • OpenTermLoanInitializer
      • OpenTermLoanManager
      • OpenTermLoanManagerFactory
      • OpenTermLoanManagerInitializer
      • OpenTermLoanRefinancer
      • Pool
      • PoolDelegateCover
      • PoolDeployer
      • PoolManager
      • PoolManagerFactory
      • PoolManagerInitializer
      • PoolPermissionManager
      • WithdrawalManager (Cyclical)
      • WithdrawalManagerFactory (Cyclical)
      • WithdrawalManagerInitializer (Cyclical)
      • WithdrawalManager (Queue)
      • WithdrawalManagerFactory (Queue)
      • WithdrawalManagerInitializer (Queue)
    • SYRUP Token
      • Architectural Overview
      • Base ERC20 Structure
      • Upgradability
      • Modules
      • Time Locks
      • Recapitalization Module
      • Emergency Module
      • Deployment and Migration Procedure
    • GraphQL API
    • SDK
      • Introduction
      • Installation
      • Protocol Actors
      • Usage Guide
  • Troubleshooting & Support
    • Intercom
  • Maple 1.0
    • Access to deprecated Maple 1.0
  • Legal
    • Borrower MLA
    • KYC
    • Interface Terms of Use
    • Privacy Policy
    • syrupUSDC and syrupUSDT - Risks
    • syrupUSDC and syrupUSDT - Defaults and Impairments
    • syrupUSDC and syrupUSDT - Available Jurisdictions
    • Interface Terms of Use [syrupUSDC and syrupUSDT]
    • Interface Terms of Use [Syrup.fi/convert/ and Syrup.fi/stake/]
    • syrupUSDC and syrupUSDT- Privacy Policy
    • SyrupUSDC Rewards Prize Draw Terms & Conditions
Powered by GitBook
On this page
  1. Technical Resources
  2. Security

List of Assumptions

This page outlines all assumptions that have been made by the smart contracts team in relation to smart contract security and trust models.

1. All external calls to contracts that are part of the Maple Protocol System can be assumed to be non-reentrant.

Since all contracts that are deployed as part of the Maple protocol are developed by the Maple smart contracts team and are externally audited before deployment, it can be assumed that the contracts are both non-reentrant and non-malicious.

2. All external calls to ERC-20 contracts can be assumed to be non-reentrant.

This assumption is made since all tokens that are used in the Maple protocol have to be added to the protocol allowlist, in the MapleGlobals contract. This means that the smart contracts team will audit the ERC-20 contracts and ensure that reentrancy is impossible.

3. Pool Delegates are trusted actors.

Pool Delegates have to go through a KYC process and have to get onboarded to the Maple protocol by the Governor. They have a public reputation to protect, and are incentivized to act in the protocol's best interest to grow their pool's size. Liquidity Providers and Stakers are inherently trusting a Pool Delegate with their funds when they enter a Maple Pool. This means that they are trusting the Pool Delegate to handle funds and liquidation proceedings in a trusted manner.

4. Oracle prices from Chainlink are considered to be reasonably accurate and frequently updated.

Since the oracle price is used in the liquidation module, it is assumed that these prices are accurate and cannot be exploited (e.g., flash loan oracle manipulation is impossible with an offchain oracle source).

5. The Governor & Operational Admin are trusted actors.

The Governor multisig is held by founders and partners of the protocol, that are heavily incentivized to act in the protocol's best interest. Likewise the Operational Admin is held by the Maple team, which is also heavily incentivized to act in the protocol's best interest.

6. Loans are expected to be instantiated with reasonable terms.

During the fuzz testing process, it was discovered that certain overflow conditions can occur in the amortization calculation of the loan, but only at "unreasonable" upper bounds (E.g., 100-year loans with 1 year payment intervals at 100% APR, for >$10b).

7. Pool Delegates don't try to prevent withdrawals.

It's known that, in theory, withdrawal managers can be configured to unreasonable terms, for example, making the withdrawal window 1 second, or the cycle duration to be large,or pool delegates can set the withdrawal manager address to an invalid address. However, it's understood that pool delegates are trusted actors and they are working to making the pool well functioning.

PreviousSecurityNextExternal Entry Points

Last updated 6 months ago