Timelock Protection
TermMax implements a sophisticated timelock protection system for sensitive operations. This mechanism ensures that critical parameter changes undergo a waiting period before being implemented, allowing for review and potential revocation of harmful changes.
Vault Timelock Mechanism
The TermMax vault contract implements a comprehensive timelock protection system for sensitive operations. This mechanism ensures that critical parameter changes undergo a mandatory waiting period before implementation, allowing for thorough review and potential revocation of harmful changes.
The timelock system follows a three-step process:
Submit - A change is proposed (typically by the CURATOR)
Wait - The change enters a timelock period (default: 1 day)
Accept - After timelock expiration, the change can be accepted
During the timelock period, the GUARDIAN role has the ability to review and potentially revoke the pending change.
Role-Based Access
CURATOR: Submits parameter changes (e.g., performance fee rate)
GUARDIAN: Reviews and can revoke pending changes during the timelock period
Vault Owner: Has oversight capabilities for the timelock system
Timelock Duration Bounds
Vault timelock duration is configurable within safety limits:
Minimum: 1 day (86,400 seconds)
Maximum: 30 days (2,592,000 seconds)
Oracle Timelock Mechanism
The Oracle system includes a specialized timelock mechanism to protect against malicious or erroneous price feed updates. Given that oracles provide critical price data for collateral valuation and liquidation decisions, changes to oracle sources are protected by a mandatory waiting period.
Oracle Timelock Security Features
DEFAULT ADMIN ROLE Restriction: Only accounts with the DEFAULT ADMIN ROLE can submit or accept oracle changes
Asset-Specific Updates: Timelock is applied independently for each asset's oracle, allowing for targeted updates
Validation Period: Proposed oracle changes must pass through the full timelock period before acceptance
Multiple Oracle Support: The system maintains backup oracle mechanisms, allowing immediate failover if a primary oracle fails
Importance for Risk Management
The oracle timelock is particularly critical because:
Price manipulation is a common attack vector in DeFi protocols
False oracle data could trigger incorrect liquidations or allow unhealthy borrowing
Oracle failures during market volatility can amplify systemic risks
By enforcing a timelock on oracle updates, TermMax provides:
Time for community oversight of oracle changes
Protection against flash attacks targeting oracle infrastructure
Enhanced stability during market turbulence
This multi-layered approach to securing both vault operations and oracle updates creates a robust protection system that guards against both malicious actions and operator errors, enhancing overall protocol security.
Last updated