As per the result of the governance vote, we can now proceed to implement the PSM for the tentative launch date of December 18th, 2020. For those just joining please review the Accelerate the PSM thread for an explanation.
There are a few things that need to be done before we can launch the PSM. I will list them below, and mark them off as they are completed.
Smart Contract Audits [Complete]
Quantstamp has released the audit report and nothing major has been found. Please read the report for yourself, and I’ll add my response below (which I’ll forward to Quantstamp for their followup review). In total there are 5 minor / informational issues that I will address below:
QSP-1: The contracts are missing input validation, but this is okay as all methods mentioned are either constructors or admin-authed. This issue exists in most existing Maker contracts anyways, so there is no more risk here than is already present.
QSP-2: Informational. Just a note about programming practises.
QSP-3: These unused admin functions are in place to allow governance to transfer the PSM to a new contract at a later point in time. This will help us if for example we want to move PSM-USDC-A over to an interest earning implementation.
join-5-auth.sol is copied from the existing gem joins repository. This mismatch between
external visibility is a point I have just corrected, but the issue is present in the gem-joins repository as well. This only affects gas usage in a very minor way, so it is nothing critical.
The other points about
Lerp.tick() are intentional design decisions.
exit() needs to be publicly callable for emergency shutdown, and Lerp only works if
tick() is publicly callable.
QSP-5: This one is also an intentional design decision, and is necessary due to the difference in decimal precision between DAI and USDC. The difference in fee handling mentioned is that fees are subtracted from
sellGem() and added on top of
Update Jan 11th, 2021: Quantstamp has released their final report.
Lev has done an informal review here.
Risk Analysis [Complete]
@Primoz has completed this:
Along with signal requests:
Deploy to Kovan [Complete]
Contracts deployed and spell has been cast.
Deploy to Mainnet [Complete]
Contracts deployed and spell is ready to be voted on.