Summary
This proposal recommends upgrading ETHplus to Reserve Protocol v4.2.0 to align it with the latest supported smart contract release. The upgrade consists of a single onchain spell that upgrades core contract implementation contracts and rotates governance and collateral plugins to their v4.2.0 equivalents.
The proposal also aims to remove legacy onchain state. Specifically, obsolete TimelockControllers that still retain pauser and freezer roles will be removed. These controllers were not removed after the v3.4.0 upgrade and represent an unnecessary governance grief vector.
A single onchain vote is required to execute both this upgrade and to clean-up the onchain state.
Problem Statement
ETHplus is currently deployed on Reserve Protocol v3.4.0, which is no longer the latest supported protocol version, 4.2.0. Remaining on an outdated version introduces avoidable operational and governance risk and forgoes additional security benefits.
In addition, legacy TimelockControllers continue to hold pauser and freezer permissions despite becoming obsolete following the v3.4.0 upgrade. Retaining unused roles introduces a potential griefing vector, where a proposal could be executed through an inactive governance path to pause or freeze ETHplus operations.
Rationale for upgrading to Protocol version 4.2.0
Several improvements have been introduced in the new protocol version, including;
- Allowlist registries. ETHplus can only be upgraded in the future to implementations on an allowlist, including collateral plugins. This prevents arbitrary upgrading of ETHplus to code not approved by ABC Labs, and in the future, the broader RSR ecosystem DAO.
- Trusted fillers for asynchronous swaps via CowSwap. Asynchronous swaps via CowSwap enable a more flexible swap execution of ETHplus collateral, a long awaited upgrade which helps mitigate the risk of loss for RSR stakers during collateral basket rebalances.
- Mutable mandates for yield DTFs. Enables onchain modification of a DTF’s mandate post-deployment. This is particularly relevant for ETHplus as governance is currently considering a mandate update which if passes would see liquid restaking tokens, LRTs be included in ETHplus’ eligible asset universe.
- Global interaction lock. Introduces a mechanism to guard against possibility of reentrancy, for example in the case of unforeseen complications from changes in underlying protocols.
- Optional toxic issuance. Allows issuance costs to increase when collateral assets trade below peg, improving economic incentives during periods of stress off-by-default. While off-by-default this can be enabled by governance at a later date.
- Solidity compiler upgrade to 0.8.28. Aligns ETHplus with the current Solidity standard.
Next Steps
The upgrade will be executed via a standard upgrade spell, consistent with prior protocol upgrades.
This migration requires only a single onchain action and does not require any follow-up cleanup steps. Pending positive community feedback and an affirmative off-chain poll, this proposal will graduate to an Implementation Proposal for an onchain vote.
Risks
As with any protocol upgrade, there is inherent smart contract risk. This risk is mitigated by prior audits and a specific audit of the Reserve Protocol v4.2.0. codebase. The upgrade does not modify ETHplus parameters, collateral composition, or governance configuration beyond migration to new plugin versions and removing obsolete roles.
Failing to upgrade carries its own risk by leaving ETHplus on an outdated protocol version that does not benefit from the security provided by the allowlist registries and global reentrancy lock, or improved auction dynamics from integration with CowSwap.
Poll
- Yay, proceed to upgrade to protocol version 4.2.0 and clean up legacy onchain state
- Nay, do not proceed with the protocol upgrade or clean up legacy onchain state