Summary
This proposal seeks to update the FiRM Borrow Controller across all active markets to a newly-deployed, Pectra-compliant version, addressing security risks introduced by EIP-7702. The upgrade ensures continued protection against flash loan exploits, reentrancy, and atomic transaction manipulations, while maintaining all previously implemented risk controls such as the rolling 24-hour borrow limit and daily borrow caps.
Background
The borrow controller in FiRM plays a crucial role in risk management, ensuring that borrowing transactions comply with security measures such as:
- Minimum Debt Amount: Protecting the protocol from griefing by enforcing a minimum market debt allowed to be carried per user.
- Smart Contract Verification: Restricting borrowing from unauthorized smart contracts to mitigate risk.
- Rolling 24-Hour Borrow Limit: Preventing exploitative behaviors related to fixed-time resets.
- Staleness Threshold: Addressing stale oracle data exploits by preventing borrowing when price feeds have not updated within a governance-defined timeframe.
However, with the first phase of the Pectra hard fork scheduled for mid-March 2025, Ethereum’s EIP-7702 introduces the ability for EOAs (externally owned accounts) to delegate execution to smart contracts, effectively bypassing FiRM’s existing protections against flash loans and reentrancy attacks.
To mitigate these risks, the new borrow controller enforces a stricter validation, combining tx.origin == msg.sender with msg.sender.code.length == 0 to ensure that the caller is not a delegated smart contract. In doing so, it ensures full compatibility with the Pectra hard fork, maintaining security without sacrificing user experience.
The new borrow controller has been rigorously tested on the Prague EVM and reviewed by 3rd parties, both of which confirm it correctly blocks unauthorized delegated transactions while maintaining expected protocol functionality.
Implementation Plan
This proposal will standardize the borrow controller across all active markets, eliminating existing discrepancies and bringing the rolling 24-hour borrow limit to all markets. All previously whitelisted addresses as well as market-specific daily borrow limits, staleness thresholds, and min debts will need to be set. As such with 31 live markets, this will require over 100 on-chain actions. As each proposal is limited to 20 on-chain actions, this will be spread out across 7 proposals.
On-Chain Actions
- Add the new borrow controller as a FiRM minter
- Allow all previously approved smart contracts on the new borrow controller:
- Whitelist the ALE smart contract
- Whitelist user 0x495886947EAce9788360F46be55c758f92Ecd074
- Whitelist user 0x496a3Fc15209350487F7136b7c3c163F9204eE70
- Whitelist user 0x0591926d5d3b9cc48ae6efb8db68025ddc3adfa5
- Whitelist DBR helper: 0x0aBb47c564296D34B0F5B068361985f507fe123c
- Set the Borrow Controller and Inherit All Existing Borrow Parameters for the following FiRM Markets:
- INV, cvxCRV, sUSDe, st-yETH, CVX, stETH, wstETH, st-yCRV, wBTC, wETH, cbBTC, CRV, DAI, sFRAX, COMP
- deUSD/DOLA, sUSDS/DOLA, sUSDe/DOLA, scrvUSD/DOLA, crvUSD/DOLA, scrvUSD/sDOLA, DOLA/USR
- yv-deUSD/DOLA, yv-sUSDS/DOLA, yv-scrvUSD/DOLA, yv-sUSDe/DOLA, yv-crvUSD/DOLA, yv-scrvUSD/sDOLA, yv-DOLA/USR
- PT-sUSDe-27MAR25, PT-sUSDe-29MAY25