Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No asset manager for the composable pool #2353

Open
enzoevers opened this issue Mar 14, 2023 · 1 comment
Open

No asset manager for the composable pool #2353

enzoevers opened this issue Mar 14, 2023 · 1 comment

Comments

@enzoevers
Copy link

enzoevers commented Mar 14, 2023
edited
Loading

Looking at the constructor of the composable pool, it can be seen that the asset manager for the tokens is 'empty' by default. Is this for a reason?

balancer-v2-monorepo/pkg/pool-stable/contracts/ComposableStablePool.sol

Line 97 in eeb691e

new address[](params.tokens.length + 1),

I get that some new logic should be added in order to correctly match the asset manager with the pool token, or to make sure that the asset managers are only applied to the 'actual' tokens in the pool (depending on if you want to allow an asset manager for the BPT token).

But apart from that, is there any logical reason to not allow an asset manager for tokens in a composable pool?
@EndymionJkb
Copy link
Collaborator

EndymionJkb commented Mar 14, 2023
edited
Loading

Yes; that is a deliberate design decision for the standard pool. Asset managers are extremely powerful: they can directly manipulate prices, and a malicious (or even incautious) manager could drain the pool.

Since Balancer is permissionless, a major way aggregators and UIs ensure that "Balancer" pools are legit vs. from malicious forks is to check that they were deployed from the official factory. If we let people deploy pools from that factory with random asset managers, it would greatly compromise security.

The safe way to use asset managers is to incorporate them into wrappers (e.g., Managed Pool owner contracts), or associated contracts deployed and linked by the factory (e.g., Linear Pool Rebalancers). That way the contract code can be inspected to ensure that asset manager powers are only used in appropriate ways that do not put user funds at risk.

We don't currently have a use case for general stable pools with asset managers (outside the context of Linear/Stable Boosted Pools). If we did, it would be possible to "move up" the initialization to the factory level: e.g., allow asset managers to be passed in at the pool level, and just have our standard factory hard-code them to zero. It would then be possible to create other factories that deployed and linked asset manager contracts in a manner similar to Linear or Managed pools.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EndymionJkb @enzoevers