Update the FiRM Borrow Controller

FiRM
1

Update the FiRM Borrow Controller

Summary

This proposal aims to update the borrow controller for all active markets on FiRM to implement an improved method of handling the daily borrow limit. The changes will introduce a rolling 24-hour limit, replacing the current system, which resets the borrow limit at midnight (00:00 UTC).

Background

The borrow controller in FiRM serves as a gatekeeper for borrowing transactions, determining if users are permitted to borrow based on the following criteria:

  • Market Daily Borrow Limit: Verifies that the requested borrow amount does not exceed the remaining daily borrow limit for the market.
  • Smart Contract Verification: Checks whether the borrowing address is a smart contract and, if so, ensures it is on the whitelist.

The daily borrow limit is a key risk management feature designed to:

  • Mitigate potential DAO losses in the event of an exploit
  • Limit the financial gain for would-be exploiters

Currently, the daily borrow limit resets entirely at midnight (00:00 UTC), leading to the following drawbacks:

  • Double Borrowing Exploitability: A borrower can execute a transaction just before midnight and another immediately after, effectively doubling the daily limit in a short period.
  • Non-Linear Competition: In competitive markets like DOLA/USR, borrowers who act first after midnight can consume the entire limit, leaving no capacity for others.

To address these issues, we propose shifting to a rolling 24-hour borrow limit. This updated mechanism will replenish borrowing capacity incrementally with each passing second, rather than resetting at a fixed time.

Implementation

The rolling-limit borrow controller we are reinstating has already proved itself in production: it was first rolled out by Grace Protocol and later activated on a group of pilot markets within FiRM, where it underwent rigorous live testing. During the subsequent Pectra-compliant controller upgrade, that rolling-limit module was inadvertently removed from those markets. This proposal simply restores the same, fully validated logic—while keeping every other feature of the current controller—and extends it to every active FiRM market. The code has passed exhaustive internal testing as well as an independent external review, giving the DAO high confidence in its reliability and security.