LogoLogo
TermMax Docs
TermMax Docs
  • Overview
    • πŸ“šIntroduction
    • πŸ”†TermMax’s Vision
  • Protocol Mechanisms
    • πŸ’²Fixed Rate Tokenization
    • 🌟User Roles
    • 🐳Range Order Setter
      • Borrowing Range Order Setter
      • Lending Range Order Setter
      • Two-Way Range Order Setter
    • 🐬Market Taker
      • Borrower
      • Lender
      • Leverager
    • 🌊Curator
    • πŸ”₯Depositor
    • βš›οΈComponents
      • πŸ’ΉMarket
      • πŸͺ™Range Order / Pricing Curve
      • 🎁Vault
      • πŸͺ™Token
    • πŸ’΅Transaction Fees
    • ❓FAQ
  • Strategies
    • πŸ’²Leverage Strategies
    • πŸ’²Borrow/Lend Strategies
    • πŸ’²Trading Strategies
  • Incentives
    • TMX Token Pre-mine
  • Security and Risks
    • πŸ›‘οΈSpearbit Competitions
    • πŸš₯Hypernative 24/7 On-Chain Security Analysis
    • 🐞Immunefi Bug Bounty Program
    • πŸ§ͺComprehensive Smart Contract Testing
    • ⏳Timelock Protection
    • πŸ›‘οΈBest Security Practices
    • πŸͺœRisks
    • πŸ“Disclaimer
  • TECHNICAL DETAILS
    • AMM Model
    • Contract
      • TermMax Roles
    • Liquidation & Physical Delivery
    • Oracles
    • Contract Addresses
      • Ethereum Markets
        • pufETH/PT-pufETH-26JUN2025@30MAY2025
        • USDC/cbBTC@30MAY2025
        • USDC/eUSDe@29MAY2025
        • USDC/PT-sUSDE-29MAY2025@30MAY2025
        • USDC/sUSDe@30MAY2025
        • USDC/USUALUSDC+@30MAY2025
        • USDC/WBTC@30MAY2025
        • USDC/wstETH@30MAY2025
        • WETH/gtWETH@30MAY2025
        • WETH/MCwETH@30MAY2025
        • WETH/pufETH@30MAY2025
        • WETH/weETH@30MAY2025
        • sUSDe/PT-sUSDE-29MAY2025@30MAY2025
        • lvlUSD/slvlUSD@30MAY2025
        • USDC/PT-lvlUSD-29MAY2025@30MAY2025
        • USDC/MC_USDCP@30MAY2025
        • USDC/gtusdcf@30MAY2025
        • WETH/mhyETH@30MAY2025
        • wstETH/inwstETHs@30MAY2025
        • WETH/weETH@27JUN2025
        • USDC/wstETH@27JUN2025
        • USDC/sUSDe@27JUN2025
        • WETH/pufETH@27JUN2025
        • USDC/WBTC@27JUN2025
        • USDC/cbBTC@27JUN2025
        • lvlUSD/slvlUSD@27JUN2025
        • wstETH/inwstETHs@27JUN2025
        • USDC/PT-sUSDE-31JUL2025@01AUG2025
        • WETH/PT-pufETH-26JUN2025@27JUN2025
        • USDC/PT-cUSDO-19JUN2025@20JUN2025
        • USDC/PT-lvlUSD-25SEP2025@25JUL2025
        • USDC/PT-lvlUSD-25SEP2025@26SEP2025
      • Arbitrum Markets
        • USDC/ARB@30MAY2025
        • USDC/WBTC@30MAY2025
        • USDC/WETH@30MAY2025
        • USDC/wstETH@30MAY2025
        • WETH/PT-weETH-26JUN2025@27JUN2025
        • WETH/weETH@30MAY2025
        • WETH/wstETH@30MAY2025
        • WETH/wstETH@27JUN2025
        • USDC/wstETH@27JUN2025
        • USDC/WBTC@27JUN2025
        • WETH/weETH@27JUN2025
        • USDC/WETH@27JUN2025
        • USDC/ARB@27JUN2025
  • TermMax Tutorial
    • Test Token Faucet
    • Leverage/Earn
    • Providing Liquidity
    • Range Order Tool
  • Resources
    • Media Kit
Powered by GitBook
On this page
  • Vault Timelock Mechanism
  • Oracle Timelock Mechanism
  1. Security and Risks

Timelock Protection

TermMax implements a sophisticated timelock protection system for sensitive operations. This mechanism ensures that critical parameter changes undergo a waiting period before being implemented, allowing for review and potential revocation of harmful changes.

Vault Timelock Mechanism

The TermMax vault contract implements a comprehensive timelock protection system for sensitive operations. This mechanism ensures that critical parameter changes undergo a mandatory waiting period before implementation, allowing for thorough review and potential revocation of harmful changes.

The timelock system follows a three-step process:

  1. Submit - A change is proposed (typically by the CURATOR)

  2. Wait - The change enters a timelock period (default: 1 day)

  3. Accept - After timelock expiration, the change can be accepted

During the timelock period, the GUARDIAN role has the ability to review and potentially revoke the pending change.

Role-Based Access

  • CURATOR: Submits parameter changes (e.g., performance fee rate)

  • GUARDIAN: Reviews and can revoke pending changes during the timelock period

  • Vault Owner: Has oversight capabilities for the timelock system

Timelock Duration Bounds

Vault timelock duration is configurable within safety limits:

  • Minimum: 1 day (86,400 seconds)

  • Maximum: 30 days (2,592,000 seconds)

Oracle Timelock Mechanism

The Oracle system includes a specialized timelock mechanism to protect against malicious or erroneous price feed updates. Given that oracles provide critical price data for collateral valuation and liquidation decisions, changes to oracle sources are protected by a mandatory waiting period.

Oracle Timelock Security Features

  • DEFAULT ADMIN ROLE Restriction: Only accounts with the DEFAULT ADMIN ROLE can submit or accept oracle changes

  • Asset-Specific Updates: Timelock is applied independently for each asset's oracle, allowing for targeted updates

  • Validation Period: Proposed oracle changes must pass through the full timelock period before acceptance

  • Multiple Oracle Support: The system maintains backup oracle mechanisms, allowing immediate failover if a primary oracle fails

Importance for Risk Management

The oracle timelock is particularly critical because:

  1. Price manipulation is a common attack vector in DeFi protocols

  2. False oracle data could trigger incorrect liquidations or allow unhealthy borrowing

  3. Oracle failures during market volatility can amplify systemic risks

By enforcing a timelock on oracle updates, TermMax provides:

  • Time for community oversight of oracle changes

  • Protection against flash attacks targeting oracle infrastructure

  • Enhanced stability during market turbulence

This multi-layered approach to securing both vault operations and oracle updates creates a robust protection system that guards against both malicious actions and operator errors, enhancing overall protocol security.

PreviousComprehensive Smart Contract TestingNextBest Security Practices

Last updated 6 days ago

⏳