[RFC] USD3 4.2.0 Upgrade

Web 3 Dollar (USD3) Web 3 Dollar RFC
1

Summary

Upgrade all USD3 core contracts and assets from version 3.4.0 to version 4.2.0. This new version of the software includes updates from 4.0.0, 4.1.0, and 4.2.0.

Abstract

The proposed proposal, if enacted, would use a spell contract prepared by ABC Labs and moved onchain by governors via the Register app and voted on through the standard governance process.

Problem Statement

Currently USD3 is using version 3.4.0, an older version of the Reserve Protocol. The upgrade available has improved features and offers enhanced security to USD3.

Rationale

There are several improvements made by upgrading all USD3 core contracts and assets from version 3.4.0 to version 4.2.0. For more details visit the changelog

The following releases are included in this update:

4.0.0:

  • Improvement: Introduces registries to constrain upgrades to pre-approved contracts only (components + plugins). This increases safety of governance actions and prepares USD3 for a possible future introduction of veRSR.

  • Security: Adds resistance to toxic issuance by charging more when the collateral is under peg. Opt-in, off-by-default.

  • Improvement: The release also expands collateral decimal support from 18 to 21

4.1.0:

  • Security: Global interaction lock. Introduces a mechanism to guard against possibility of reentrancy, for example in the case of unforeseen complications from changes in underlying protocols.

4.2.0:

  • Improvement: Make RToken mandate mutable by governance

  • Improvement: Integrate Trusted Fillers. Trusted Fillers are used by protocols within the Reserve ecosystem to support async swaps. This allows Cowswap searchers to participate in Dutch Auctions.

  • Improvement: Increase solidity compiler version from 0.8.19 to 0.8.28

Risks

Most risks lie in governors choosing to remain on an outdated version of the software. The outdated version will not have the enhanced security upgrades or the new safety features from 4.2.0. However, upgrades do not come without new risks. To mitigate this, the 4.2.0 contracts have been audited extensively by Trust Security.

  • Yay
  • Nay
0 voters

cc7963955802d3e0cec59bc43f2aecf62f5a40c6
cc7963955802d3e0cec59bc43f2aecf62f5a40c6200×200 5.35 KB