Smart Contracts
For our smart contracts, we used the Uniswap V2 template, modifying the functionality to use the xybk invariant.
SECURITY NOTE: For projects that fork the xybk invariant, investors MUST ensure that the tuneable boost cannot be changed instantly. Instant boost changes opens up an attack by malicious governance to rugpull LP's capital. We've added a time delay to boost changes and other measures to ensure that our implementation, in its current form, will not be able to rugpull LP's capital.
Here is a summary of the changes in the contracts:
Pair.sol:
- 1.Supports functionality for invariant tuning (switching between uniswap curve and xybk, changing boosts, hard stops which halts trading after certain pool ratios)
- 2.Supports functionality for trade fee changes (uniswap v2 is 30 basis points)
- 3.Swap function checks for xybk invariance if the pool is set to xybk. Flash loan functionality still supported
- 4.Added cheapSwap with a trusted router setup. cheapSwap can only be called by a trusted router (our deployed router), bypassing some K invariance checks. This cuts swap gas costs by 26k. Potential security vulnerabilities as a result of this code change have been checked and approved by reputable security audit firms
- 5.Switched to openzeppelin's reentrancy guard
- 6.Scrapped V2 Uniswap TWAP oracle. Might readd in future iteration if theres a strong demand for an Impossible Finance on-chain price oracle
Factory.sol:
- 1.Renamed feeToSetter to governance
- 2.Added token whitelist functionality that's controlled by governance. This is a prophylactic measure to guard against custom token attacks
- 3.Added router address (added by governance) that's passed to pair contracts on creation (for cheapSwap)
Library.sol (contains the most significant changes):
- 1.getAmountX/getAmountsX have different function parameters - it takes in the addresses of the tokens instead of the amounts. getAmountX checks pool reserves, what invariant the pool is using as well as boost values if its an xybk curve, and the fee for that pool in basis points
Router02.sol:
- 1.Uses openzeppelin's reentrancy guard
- 2.Add/remove liquidity functionality is the same as uniswap V2
- 3.All calls to Pair.swap are Pair.cheapSwap
- 4.getAmountX/getAmountsX take in different arguments (inherited from Library.sol)
Last modified 1yr ago