Component: Comptroller
Description
The Comptroller contract is called by other components of the system to centrally implement restrictions and liquidity calculations. It also manages cross-liquidity, which is the automatic sharing of collateral, along with liquidatability, between all of a user's longs and shorts.
Modifications
An address blacklist was implemented, and blacklist checks were added to most of the operations. Blacklisted addresses cannot mint, redeem, borrow, or repay. The positions owned by blacklisted addresses should, as they accrue interest, eventually be liquidatable. However, Finding ref↗ currently makes this impossible.
A borrow guardian and a redeem guardian were added. Both the
pauseGuardian
role and theadmin
role can separately pause borrowing and redeeming on specific TTokens.An optional liquidator whitelist was added. When a flag on the Comptroller is enabled, the whitelist prevents nonwhitelisted liquidators from liquidating any positions.
The function
enterAllMarkets
that whitelisted markets can call was added, which causes a minter to be added to all of the nondeprecated markets managed by this Comptroller.
Test coverage
Cases covered
testBlakcList()
Return error in
mint()
if the minter is blacklisted.Return error in
redeem()
if the redeemer is blacklisted.Return error in
borrow()
if the borrower is blacklisted.Successfully mint if the minter is not blacklisted.
testRedemptionPaused()
Successfully redeem if the redeem is not paused.
enterAllMarkets()
Enter all markets.
Revert if the sender is not a TToken contract.
testGlobalPaused()
Revert in
mint()
if mint is paused.Revert in
redeem()
if redeem is paused.Revert in
borrow()
if borrow is paused.
testProtocalProtectedAccount()
Revert in
triggerLiquidation()
if the caller is neither the admin nor pause guardian.
Cases not covered
No test for
enterMarkets()
ifborrowGuardianPaused
is true.No test for
redeem()
ifredeemAllowedInternal
is true.No test for
enterAllMarkets()
if borrowing is paused.No test for the liquidation if the market is deprecated.
No test for the liquidation if
liquidatable
is enabled and the liquidator is whitelisted.Incorrect test-result check if
liquidatable
is enabled and the liquidator is not whitelisted.
Attack surface
Blacklist or pause feature may be used to bypass the protocol's functionality.