Limited control of multiple liquidity pool
Liquidity providers need to make a complex series of function calls in order to retrieve their collateral from the pool. The process is undocumented and not optimized for gas costs and will result in a frustrating experience for liquidity providers. Jarvis has indicated they are considering including this functionality in the future. We highly encourage this and further suggest documentation of this limitation in the mean time.
Consider adding functionality to the multiple liquidity pool to deactivate, unregister, and remove liquidity providers. Currently there is no way to stop liquidity providers who may be acting in bad faith from interacting with the pool. Including this functionality may provide users and other liquidity providers with a sense of assurance that the protocol has protections from malicious liquidity providers. This needs to be weighed against the centralized control it offers the protocol maintainers.
Including functions that can pause external and public functions can provide an added layer of security in the event an exploit is discovered. The abstract
Pausible.solcontract byOpen Zeppelin↗ provides pre-packaged functionality for pausing functions, which might be leveraged such asaddLiquidity(...)orremoveLiquidity(...). Access to these functions can be restricted when the protocol is_pausedusing thewhenNotPausedmodifier.
There is currently no implementation in the multiple liquidity pool to call the migrate lending module function in the lending manager. Since only the liquidity pool can call this function in the lending manager, the lending module currently cannot be migrated. This is expected to be ugpraded once Jarvis has implemented lending modules servicing money markets other than Aave. The current implementation is correct and can remain in the lending manager for composability.