Mainnet spell 2024-09-05 #423

SidestreamIcedMango · 2024-09-02T16:00:49Z

Description

This PR implements the 2024-09-05 mainnet spell based on the relevant exec sheet

Contribution Checklist

PR title starts with (PE-<TICKET_NUMBER>)
Code approved
Tests approved
CI Tests pass

Checklist

SidestreamStrongStrawberry · 2024-09-03T09:50:58Z

Good to deploy

Development Stage

Preparation
- Exec Sheet for the specified date is found in the "Executive Vote Implementation Process" google sheet
  Insert URL to the specific sheet here
  https://docs.google.com/spreadsheets/d/1w_z5WpqxzwreCcaveB2Ye1PP5B8QAHDglzyxKHG3CHw/edit?gid=1235051032#gid=1235051032
- Using Exec Sheet URL from the above, read spell instructions from the Exec Sheet and list them below
  List all instructions announced in the Exec Sheet
  - Launch Project Funding
    - Launch Project - 9535993 DAI - 0x3C5142F28567E6a0F172fd0BaaF1f2847f49D02F
    - Launch Project - 2630.00 MKR - 0x3C5142F28567E6a0F172fd0BaaF1f2847f49D02F
  - Spark Proxy Spell
    - Trigger Spark Proxy Spell at 0x668C84584Ef8EeEd6BFb4FFB2a4Fa03231F8b241
Base checks
- Current solc version 0.8.16
- Office hours is true IF spell introduces a major change that can affect external parties (e.g.: keepers are affected in case of collateral offboarding) OTHERWISE explicitly set to false
- Office hours value matches the Exec Sheet
- 30 days spell expiry set in the constructor (block.timestamp + 30 days)
Spell description
- Description follows the format TARGET_DATE MakerDAO Executive Spell | Hash: EXEC_DOC_HASH
- TARGET_DATE in the description matches the target date
- Accompanying comment above spell description follows the format // Hash: cast keccak -- "$(wget 'EXEC_DOC_URL' -q -O - 2>/dev/null)"
Comments inside the spell
- Every Section text from the Exec Sheet is copied to the spell code as a comment surrounded by the set of dashes (E.g. // ----- Section text -----)
- Every Instruction text from the Exec Sheet is copied to the spell code as // Instruction text
- Every Instruction text have newline above it
- ~~IF an instruction can not be taken, it should have explanation under the instruction prefixed with // Note: (e.g.: // Note: Payments are skipped on goerli)~~
- ~~IF action in the spell doesn't have relevant instruction (e.g.: chainlog version bump), the necessity of it is explained in the comment above prefixed with // Note:~~
- Every proof url from the Exec Sheet, such as Reasoning URL and Authority URL is present in the spell code under relevant section or instruction (depending on which row the url is present)
- Every proof url from the Exec Sheet, such as Reasoning URL and Authority URL have prefix derived from the url itself
  - // Executive Vote: if URL starts with https://vote.makerdao.com/executive/
  - // Poll: if URL starts with https://vote.makerdao.com/polling/
  - // Forum: if URL starts with https://forum.makerdao.com/t/
  - // MIP: if URL starts with https://mips.makerdao.com/mips/details/

Dependency checks

Update Foundry by running foundryup

Reinstall libraries by running rm -rf ./lib && git submodule update --init --recursive

Insert checked out submodule paths here

Submodule path 'lib/dss-exec-lib': checked out '69b658f35d8618272cd139dfc18c5713caf6b96b'
Submodule path 'lib/dss-exec-lib/lib/dss-interfaces': checked out '9bfd7afadd1f8c217ef05850b2555691786286cb'
Submodule path 'lib/dss-exec-lib/lib/forge-std': checked out '0aa99eb8456693c015350c5e6c4f442ebe912f77'
Submodule path 'lib/dss-exec-lib/lib/forge-std/lib/ds-test': checked out 'cd98eff28324bfac652e63a239a60632a761790b'
Submodule path 'lib/dss-test': checked out '36ff4adbcb35760614e0d2df864026991c23d028'
Submodule path 'lib/dss-test/lib/dss-interfaces': checked out '9bfd7afadd1f8c217ef05850b2555691786286cb'
Submodule path 'lib/dss-test/lib/forge-std': checked out '155d547c449afa8715f538d69454b83944117811'
Submodule path 'lib/dss-test/lib/forge-std/lib/ds-test': checked out 'e282159d5170298eb2455a6c05280ab5a73a4ef0'

~~IF submodule upgrades are present, make sure dss-exec-lib is synced as well~~
git submodule hash of dss-exec-lib (run git submodule status) matches the latest release version or newer
dss-interfaces library used inside lib/dss-exec-lib matches submodule used inside lib/dss-test

IF interfaces are present in the spell
- Interfaces imported from dss-interfaces
  - No unused dss-interfaces
  - Only single import layout is used (e.g. import "dss-interfaces/dss/VatAbstract.sol";)
- Static Interfaces
  - No unused static interfaces
  - Declared static interface not present in the dss-interfaces, OTHERWISE should be imported from there
  - Interface matches deployed contract using cast interface <contract_address> command
  - Interface naming style should match with Like suffix (e.g. VatLike)
    - EXCEPTION: known interface naming exceptions
  - Each static interface declare only functions actually used in the spell code
IF variable declarations are present in the spell
- IF precision units are present
  - ~~Precision units used in the spell match their defined values:~~
    - WAD = 10 ** 18
    - RAY = 10 ** 27
    - RAD = 10 ** 45
  - ~~Precision units match with Numerical Ranges~~
  - ~~Each variable visibility is declared as internal~~
  - ~~Each variable state mutability is declared as constant~~
- IF math units are present
  - ~~Match their defined values:~~
    - HUNDRED = 10 ** 2
    - THOUSAND = 10 ** 3
    - MILLION = 10 ** 6
    - BILLION = 10 ** 9
  - ~~Match with config~~
  - ~~Each variable visibility is declared as internal~~
  - ~~Each variable state mutability is declared as constant~~
- IF rates are present
  - ~~Rates match generated locally via make rates pct=<pct> (e.g. pct=0.75, for 0.75%)~~
  - ~~Rates match IPFS document~~
  - ~~Rate variable name conforms to X_PT_Y_Z_PCT_RATE (e.g. ZERO_PT_SEVEN_FIVE_PCT_RATE for 0.75%)~~
  - ~~Rate variable visibility declared as internal~~
  - ~~Rate variable state mutability declared as constant~~
- IF timestamps are present
  - ~~Comment above timestamp states full date including UTC timezone~~
  - ~~Timestamp converts back to the correct date~~
  - ~~Timestamp converts back to the UTC timezone~~
  - ~~Variable naming matches MMM_DD_YYYY (e.g. JAN_01_2023 for 2023-01-01)~~
  - ~~Time of day makes logical sense in the context of timestamp usage (i.e. 23:59:59 UTC for the final day of something, 00:00:00 UTC for the first day of something)~~
  - ~~Each variable visibility is declared as internal~~
  - ~~Each variable state mutability is declared as constant~~
IF new contract is present in the spell (not yet on chainlog or new to chainlog)
- ~~Source code is verified on etherscan~~
- ~~Compilation optimizations match deployment settings defined in the source code repo~~
- ~~GNU AGPLv3 license~~
- ~~Every maker-related constructor argument matches chainlog (e.g. vat, dai, dog, ...)~~
- IF new contract have concept of wards or access control
  - ~~Ensure PAUSE_PROXY address was relied (wards(PAUSE_PROXY) is 1)~~
  - ~~Ensure that contract deployer address was denied (wards(deployer) is 0)~~
  - Ensure MCD_ESM address is already relied OR being relied (wards(MCD_ESM) is 1) in this spell (as approved by Governance Facilitators, in order to allow de-authing the pause proxy during Emergency Shutdown, via denyProxy)
  - ~~Ensure that there are no other Rely events except for PAUSE_PROXY and MCD_ESM (using a block explorer like etherscan)~~
- ~~Source code matches corresponding github source code (e.g. diffcheck via vscode code --diff etherscan.sol github.sol)~~
- ~~Deployer address is included into addresses_deployers.sol~~
IF core system parameter changes are present in the instructions
- IF stability fee (jug.ilk.duty) is updated
  - ~~(DssExecLib.setIlkStabilityFee(ilk, rate, doDrip)) is used~~
  - ~~Comment matches pattern // Increase ILK-A Stability Fee by X.XX% from X.XX% to X.XX%~~
- IF Dai Savings Rate (pot.dsr) is updated
  - ~~(DssExecLib.setDSR(rate, doDrip)) is used~~
  - ~~Comment matches pattern // Increase DSR by X.XX% from X.XX% to X.XX%~~
  - ~~Double check that rate match make rates pct=<pct> (e.g. pct=0.75, for 0.75%)~~
  - ~~Double check that rate match IPFS document~~
- ~~IF spotter.ilk.mat is updated, (DssExecLib.setIlkLiquidationRatio(ilk, pct_bps)) is used~~
- ~~IF dog.ilk.hole is updated, (DssExecLib.setIlkMaxLiquidationAmount(ilk, amount)) is used~~
- ~~IF vat.ilk.dust is updated, (DssExecLib.setIlkMinVaultAmount(ilk, amount)) is used~~
- ~~IF dog.ilk.chop is updated, (DssExecLib.setIlkLiquidationPenalty(ilk, pct_bps)) is used~~
- ~~IF clip.buf is updated, (DssExecLib.setStartingPriceMultiplicativeFactor(ilk, pct_bps)) is used~~
- ~~IF clipperMom.clip.tolerance is updated, (DssExecLib.setLiquidationBreakerPriceTolerance(clip, pct_bps)) is used~~
- ~~IF clip.tail is updated, (DssExecLib.setAuctionTimeBeforeReset(ilk, duration)) is used~~
- ~~IF clip.cusp is updated, (DssExecLib.setAuctionPermittedDrop(ilk, pct_bps)) is used~~
- ~~IF clip.chip is updated, (DssExecLib.setKeeperIncentivePercent(ilk, pct_bps)) is used~~
- ~~IF clip.tip is updated, (DssExecLib.setKeeperIncentiveFlatRate(ilk, amount)) is used~~
- ~~IF calc.tau is updated, (DssExecLib.setLinearDecrease(calc, duration)) is used~~
- ~~IF calc.cut or calc.step are updated, DssExecLib.setStairstepExponentialDecrease(calc, duration, pct_bps) is used~~
IF debt ceiling changes are present in the instructions
- IF adjusted collateral type (ilk) have AutoLine enabled (MCD_IAM_AUTO_LINE)
  - IF collateral debt ceiling requested to be 0
    - ~~Collateral is removed from AutoLine (MCD_IAM_AUTO_LINE) via DssExecLib.removeIlkFromAutoLine(ilk)~~
    - ~~The instruction to remove from AutoLine (MCD_IAM_AUTO_LINE) is present in the Exec Sheet~~
    - ~~Collateral debt ceiling is set to 0 via DssExecLib.setIlkDebtCeiling(ilk, amount)~~
    - ~~Global debt ceiling (vat.Line) is updated accordingly, UNLESS specifically instructed not to~~
  - IF AutoLine parameters are updated
    - ~~EITHER is used, depending on the instruction:~~
      - DssExecLib.setIlkAutoLineDebtCeiling(ilk, amount)
      - DssExecLib.setIlkAutoLineParameters(ilk, amount, gap, ttl)
- IF collateral debt ceiling (vat.ilk.line) is updated
  - ~~Collateral type (ilk) have AutoLine disabled previously or in the spell~~
  - ~~EITHER is used, depending on the instruction:~~
  - ~~Global debt ceiling (vat.Line) is updated accordingly, UNLESS specifically instructed not to, via EITHER:~~
    - global set to true in increaseIlkDebtCeiling/decreaseIlkDebtCeiling
    - DssExecLib.setGlobalDebtCeiling(amount)
    - DssExecLib.increaseGlobalDebtCeiling(amount)
    - DssExecLib.decreaseGlobalDebtCeiling(amount)
IF additional dependencies (i.e. ./src/dependencies/ directory) are present:
- ~~IF the dependencies contracts/libraries have been audited~~
  - ~~Each contract/library exactly matches (i.e. diff check) the source code of the latest audited version~~
- ~~OTHERWISE obtain the permalink to the relevant repository from a trusted party (i.e. Gov Facilitators)~~
  - ~~Each contract/library exactly matches (i.e. diff check) the source code from the permalink~~
IF onboarding is present
- ~~Insert and follow the relevant checklists below:~~
IF PSM migration, onboarding or offboarding is present:
- ~~Insert and follow the relevant checklists below:~~
  - PSM Checklists
IF collateral offboarding is present in the spell
- 1st stage collateral offboarding
  - ~~Collateral type (ilk) is removed from AutoLine (MCD_IAM_AUTO_LINE) IF currently enabled~~
  - ~~Collateral debt ceiling (vat.ilk.line) is set to 0~~
  - ~~Global debt ceiling (vat.Line) decreased by the total amount of offboarded ilks~~
- 2nd stage collateral offboarding
  - ~~All actions from the 1st stage offboarding are previously taken (EITHER in the current or past spells – check the archive)~~
  - ~~Collateral liquidation penalty (chop) is set to 0 IF requested by governance~~
  - ~~Flat keeper incentive (tip) is set to 0 IF requested by governance~~
  - ~~Relative keeper incentive (chip) is set to 0 IF requested by governance~~
  - ~~Max liquidation amount (hole) is adjusted via DssExecLib.setIlkMaxLiquidationAmount(ilk, amount) IF requested by governance~~
  - ~~Relevant clipper contract (MCD_CLIP_) is active (i.e. stopped is 0)~~
  - ~~Liquidations are triggered via (depending on governance instruction):~~
    - EITHER liquidation ratio (spotter.ilk.mat) being set very high in the spell (using DssExecLib.setValue(DssExecLib.spotter(), ilk, "mat", ratio))
    - OR via enabling linear interpolation (DssExecLib.linearInterpolation(name, target, ilk, what, startTime, start, end, duration))
      - ~~Ensure name format matches "XXX-X Offboarding"~~
      - ~~Ensure target matches DssExecLib.spotter() address~~
      - ~~Ensure ilk format matches collateral type (ilk) name ("XXX-X")~~
      - ~~Ensure what matches string "mat"~~
      - ~~Ensure startTime matches block.timestamp~~
      - ~~Ensure start uses variable CURRENT_XXX_A_MAT~~
      - ~~Ensure start matches current spotter.ilk.mat value~~
      - ~~Ensure end uses variable TARGET_XXX_A_MAT~~
      - ~~Ensure end value matches the instruction~~
      - ~~Ensure end allows liquidation of all remaining vaults (end is bigger than collateral_type_collateralization_ratio * risk_multiplier_factor)~~
      - ~~Ensure duration matches the instruction~~
  - ~~Spotter price is updated via DssExecLib.updateCollateralPrice(ilk) IF collateral have no running oracle (i.e. relevant PIP_ contract have outdated zzz value)~~
  - ~~Spotter price is updated after all other actions~~
  - ~~Offboarding is tested at least via _checkIlkClipper helper~~
IF RWA updates are present
- IF doc is updated
  - ~~_updateDoc helper is copied one-to-one from the archive and defined above actions~~
  - ~~_updateDoc(ilk, doc) is called in the spell~~
- IF debt ceiling is updated
  - IF AutoLine update is requested by the Exec Sheet
    - ~~Parameters are set via DssExecLib.setIlkAutoLineParameters(ilk, amount, gap, ttl) or DssExecLib.setIlkAutoLineDebtCeiling(ilk, amount)~~
  - IF regular debt ceiling (vat.ilk.line) update is requested by the Exec Sheet
    - ~~Collateral type (ilk) have AutoLine disabled previously or in the spell~~
    - ~~Debt ceiling (vat.ilk.line) is updated, via EITHER:~~
    - ~~Global debt ceiling (vat.Line) is updated accordingly, UNLESS specifically instructed not to, via EITHER:~~
      - global set to true in increaseIlkDebtCeiling/decreaseIlkDebtCeiling
      - DssExecLib.setGlobalDebtCeiling(amount)
      - DssExecLib.increaseGlobalDebtCeiling(amount)
      - DssExecLib.decreaseGlobalDebtCeiling(amount)
  - ~~Liquidation oracle price is bumped via RwaLiquidationOracleLike(MIP21_LIQUIDATION_ORACLE).bump(ilk, val) pattern~~
    - ~~Comment above bump explains val computation via // Note: the formula is: "debt_ceiling * [ (1 + rwa_stability_fee ) ^ (minimum_deal_duration_in_years) ] * liquidation_ratio"~~
    - ~~Comment above bump provides locally executable formula (e.g. // bc -l <<< 'scale=18; 50000000 * e(l(1.07) * (3342/365)) * 1.00' | cast --to-wei)~~
      - ~~The formula matches the example provided above~~
      - ~~debt_ceiling in the executable formula matches new debt ceiling set in the spell or the maximum possible debt ceiling in case of the enabled AutoLine~~
      - ~~rwa_stability_fee in the executable formula matches stability fee of the specified RWA found on chain~~
      - ~~minimum_deal_duration_in_years in the executable formula matches number found in the Exec Sheet of the spell containing relevant RWA onboarding~~
      - ~~liquidation_ratio in the executable formula matches liquidation ratio of the specified RWA found on chain~~
      - ~~Executing formula locally provides integer number that matches the val in the spell~~
    - ~~val makes sense in context of the rate mechanism~~
  - IF multiple RWA ilks are being combined into one, val calculation is done once per ilk and added to make the total, with separate executable formulas provided in comments. The existing val value can be retrieved by calling read() on PIP_RWAXX and converting the result into decimal
  - ~~Oracle price is updated via DssExecLib.updateCollateralPrice(ilk)~~
  - IF soft liquidation explicitly requested to be triggered (via .tell(ilk)) AND debt ceiling is 0 (OR is being set to 0 in the current spell)
    - ~~RwaLiquidationOracle.tell(ilk) call is present~~
    - IF RWAXX_A_INPUT_CONDUIT is an instance of TinlakeMgr (it is a Centrifuge integration), additional TinlakeMgr.tell() call is present (in order to prevent further TIN redemptions in the Centrifuge pool)
IF payments are present in the spell
- IF MKR transfers are present
  - Recipient address in the instruction is in the checksummed format
  - Recipient address matches Exec Sheet
  - Recipient address variable name matches one found in addresses_wallets.sol
  - Transfer amount matches Exec Sheet
  - Transfer amount is specified with (at least) 2 decimals using ether keyword
  - IF ether keyword is used, comment is present on the same line // Note: ether is a keyword helper, only MKR is transferred here
  - The transfers are tested via testMKRPayments test
  - Sum of all MKR transfers tested in testMKRPayments matches number in the Exec Sheet
- IF DAI surplus buffer transfers are present
  - Recipient address in the instruction is in the checksummed format
  - Recipient address matches Exec Sheet
  - Recipient address variable name matches one found in addresses_wallets.sol
  - Transfer amount matches Exec Sheet
  - The transfers are tested via testDAIPayments test
  - Sum of all DAI transfers tested in testDAIPayments matches number in the Exec Sheet
- IF MKR or DAI streams (DssVest) are created
  - ~~VestAbstract interface is imported from dss-interfaces/dss/VestAbstract.sol~~
  - ~~restrict is used for each stream, UNLESS otherwise explicitly stated in the Exec Sheet~~
  - ~~usr (Vest recipient address) matches Exec Sheet~~
  - ~~usr address in the instruction is in the checksummed format~~
  - ~~usr address variable name match one found in addresses_wallets.sol~~
  - ~~tot (Total stream amount) matches Exec Sheet~~
  - ~~IF ether keyword is used, comment is present on the same line // Note: ether is a keyword helper, only MKR is transferred here~~
  - ~~IF vest amount is expressed in 'per year' or similar in the Exec Sheet, account for leap days~~
  - ~~bgn (Vest start timestamp) matches Exec Sheet~~
  - ~~tau is expressed as bgn - fin (i.e. MONTH_DD_YYYY - MONTH_DD_YYYY)~~
  - ~~fin (Vest end timestamp) matches Exec Sheet~~
  - ~~eta (Vest cliff duration) matches the following logic~~
    - IF eta is explicitly specified in the Exec Sheet, then the values match
    - IF eta and clf (Cliff end timestamp) are not specified in the Exec Sheet, then eta is 0
    - IF clf is specified, but clf <= bgn, then eta is 0
    - IF clf is specified and clf > bgn, eta is expressed as clf - bgn (i.e. MONTH_DD_YYYY - MONTH_DD_YYYY)
  - ~~IF mgr (Vest manager address) is specified in the Exec Sheet, matches the value, OTHERWISE matches address(0)~~
  - ~~Ensure that max vesting rate (cap) is enough for the new streams~~
    - The maximum vesting rate (tot divided by tau) <= the maximum vest streaming rate (cap)
    - The maximum vesting rate (tot divided by tau) > the maximum vest streaming rate (cap)
    - Calculate new cap value equal to 10% greater than the new maximum vesting rate, then round new cap up with 2 significant figure precision (i.e. 2446 becomes 2500)
  - IF max vesting rate (cap) is changed in the spell
    - ~~Governance facilitators were notified~~
    - ~~Exec Sheet contain explicit instruction~~
    - ~~Exec Sheet contain explicit instruction~~
  - IF MKR stream (DssVestTransferrable) is present
    - ~~Vest contract's MKR allowance increased by the cumulative total (the sum of all tot values)~~
    - ~~Ensure allowance increase follows archive patterns~~
  - ~~Tested via testVestDAI or testVestMKR~~
- IF MKR or DAI vest termination (Yank) is present
  - ~~Yanked stream ID matches Exec Sheet~~
  - ~~MCD_VEST_MKR_TREASURY chainlog address is used for MKR stream yank~~
  - ~~MCD_VEST_DAI chainlog address is used for DAI stream yank~~
  - ~~Tested via testYankDAI or testYankMKR~~
IF SubDAO-related content is present
- IF SubDAO provides SubProxy spell address
  - SubDAO spell address matches Exec Sheet
  - Executed via ProxyLike(SUBDAO_PROXY).exec(SUBDAO_SPELL, abi.encodeWithSignature("execute()"));
  - Execution is NOT delegate call
  - ~~IF SubDAO spell deployer is a smart contract (e.g. multisig or factory), ensure the deployer address is in addresses_deployers.sol as an entry~~
  - ⚠️ Ensure that SubDAO spell have enough gas and does not revert with "out of gas" error inside simulation. Note: low level call gas estimation is not done by our scripts
    ⚠️ This can be tested on Tenderly testnet
- IF SubDAO provides instructions to be executed by the main spell (i.e. that will operate within Pause Proxy DelegateCall context)
  - ~~No SubDAO contract being interacted with is authed on a core contract like vat, etc. (Check comprehensively where the risk is high)~~
  - ~~SubDAO contract licensing and optimizations generally do not matter (except where they pose a security risk)~~
  - ~~SubDAO contracts and all libraries / dependencies have verified source code (Blocking)~~
  - Upgradable SubDAO contracts
    - ~~Upgradable contracts have the PAUSE_PROXY as their admin (i.e. the party that can upgrade)~~
    - ~~Any upgradable SubDAO contracts with an admin that is not PAUSE_PROXY are not authed on any core contracts (Blocking)~~
  - All SubDAO content addresses (i.e. provided contract addresses or EOAs) present in the Maker Core spell are present in the Exec Sheet and are correct. SubDAO addresses being authed or given any permissions MUST be in the Exec Sheet. SubDAO addresses being called must be confirmed by the SubDAO spell team.
  - ~~IF addresses not PR'ed in by the SubDAO team (use git blame for example), SubDAO content addresses all have inline comment for provenance or source being OKed by SubDAO~~
  - ~~SubDAO actions match Exec Sheet (only where inline with main spell code) and do not affect core contracts~~
  - ~~Core contract knock-on actions (such as offboarding or setting DC to 0) are present in the exec and match the code~~
  - ~~External calls for SubDAO content are NOT delegate call~~
  - ~~Code does not have untoward behavior within the scope of Maker Core Contracts (e.g. up to the SubDAO proxy)~~
IF external contracts calls are present (Not SubDAOs, e.g. Starknet)
- ~~Target Contract doesn't block spell execution~~
- ~~External call is NOT delegatecall~~
- ~~Target Contract doesn't have permissions on the Vat~~
- ~~Target Contract doesn't do anything untoward (e.g. interacting with unsafe contracts)~~
- ~~Contracts deployed via CREATE2 (e.g. if it looks like a vanity address) do not have selfdestruct in their code~~
- ~~MCD Pause Proxy doesn't give any approvals~~
- ~~All possible actions of the Target Contract are documented~~
- ~~Target contract is not upgradable~~
- ~~Target Contract is included in the ChainLog~~
- ~~Test Coverage is comprehensive~~
IF spell interacts with ChainLog
- ~~ChainLog version is incremented based on update type~~
  - Major -> New Vat (++.0.0)
  - Minor -> Core Module (DSS) Update (e.g. Flapper) (0.++.0)
  - Patch -> Collateral addition or addition/modification (0.0.++)
- ~~New addresses are added to the addresses_mainnet.sol~~
- ~~Changes are tested via testChainlogIntegrity and testChainlogValues~~
Ensure every spell variable is declared as public/internal
Ensure immutable visibility is only used when fetching addresses from the ChainLog via DssExecLib.getChangelogAddress(key) and constant is used instead for static addresses
- Fetch addresses as type address and wrap with Like suffix interfaces inline (when making calls), UNLESS archive patterns permit otherwise (Such as MKR)
- Use the DssExecLib Core Address Helpers where possible (e.g. DssExecLib.vat())
- Where addresses are fetched from the ChainLog, the variable name must match the value of the ChainLog key for that address (e.g. MCD_VAT rather than vat), except where the archive pattern differs from this pattern (e.g. MKR)
Tests
- Ensure that the DssExecLib.address file is not being modified by the spell PR
- Check all CI tests are passing as at the latest commit
  Insert most recent commit hash where CI was passing
  c662de8
- Ensure every test function is declared as public
  - IF the test needs to run, it MUST NOT have the skipped modifier; OTHERWISE, it MUST have the skipped modifier
- Ensure each spell action has sufficient test coverage
  List actions for which coverage was checked here
  - Launch Project - 9535993 DAI - 0x3C5142F28567E6a0F172fd0BaaF1f2847f49D02F
    - tested via testDAIPayments
  - Launch Project - 2630.00 MKR - 0x3C5142F28567E6a0F172fd0BaaF1f2847f49D02F
    - tested via testMKRPayments
  - Trigger Spark Proxy Spell at 0x668C84584Ef8EeEd6BFb4FFB2a4Fa03231F8b241
    - tested via testSparkSpellIsExecuted
- Ensure that any other env variable does not affect execution of the tests (for example, by inspecting the output of printenv | grep "FOUNDRY_\|DAPP_")
- Check all tests are passing locally using make test
  - Ensure every test listed in the coverage item above is present in the logs and with the [PASS] prefix.

_Insert your local test logs here_
[SKIP] testBytecodeMatches() (gas: 0)
[PASS] testCastCost() (gas: 793580)
[PASS] testCastOnTime() (gas: 790476)
[SKIP] testChainlogIntegrity() (gas: 0)
[PASS] testChainlogValues() (gas: 9298656)
[SKIP] testCollateralIntegrations() (gas: 0)
[PASS] testContractSize() (gas: 11117)
[PASS] testDAIPayments() (gas: 861558)
[SKIP] testDaoResolutions() (gas: 0)
[PASS] testDeployCost() (gas: 1616608)
[SKIP] testEsmAuth() (gas: 0)
[PASS] testGeneral() (gas: 26669737)
[SKIP] testIlkClipper() (gas: 0)
[SKIP] testL2ArbitrumSpell() (gas: 0)
[SKIP] testL2OptimismSpell() (gas: 0)
[SKIP] testLerpSurplusBuffer() (gas: 0)
[PASS] testLitePSMs() (gas: 1823560)
[PASS] testMKRPayments() (gas: 810847)
[SKIP] testMedianizers() (gas: 0)
[SKIP] testNewIlkRegistryValues() (gas: 0)
[PASS] testNextCastTime() (gas: 446524)
[SKIP] testOSMs() (gas: 0)
[SKIP] testOffboardings() (gas: 0)
[PASS] testOfficeHours() (gas: 496256)
[SKIP] testOracleList() (gas: 0)
[PASS] testPSMs() (gas: 2139860)
[SKIP] testRemoveChainlogValues() (gas: 0)
[PASS] testRevertIfNotScheduled() (gas: 17618)
[PASS] testSparkSpellIsExecuted() (gas: 796393)
[PASS] testUseEta() (gas: 352708)
[SKIP] testVestDAI() (gas: 0)
[SKIP] testVestMKR() (gas: 0)
[SKIP] testYankDAI() (gas: 0)
[SKIP] testYankMKR() (gas: 0)

Pre-Deployment Stage

oddaf · 2024-09-03T13:37:01Z

TLDR: Good to deploy

Mainnet Executive Spell Review Checklist

Development Stage

Preparation
- Exec Sheet for the specified date is found in the "Executive Vote Implementation Process" google sheet
  Insert URL to the specific sheet here
- Using Exec Sheet URL from the above, read spell instructions from the Exec Sheet and list them below
  List all instructions announced in the Exec Sheet
  - Launch Project Funding
    Launch Project - 9535993 DAI - 0x3C5142F28567E6a0F172fd0BaaF1f2847f49D02F
    Launch Project - 2630.00 MKR - 0x3C5142F28567E6a0F172fd0BaaF1f2847f49D02F
  - Spark Proxy Spell
    Trigger Spark Proxy Spell at 0x668C84584Ef8EeEd6BFb4FFB2a4Fa03231F8b241
Base checks
- Current solc version 0.8.16
- Office hours is true IF spell introduces a major change that can affect external parties (e.g.: keepers are affected in case of collateral offboarding) OTHERWISE explicitly set to false
- Office hours value matches the Exec Sheet
- 30 days spell expiry set in the constructor (block.timestamp + 30 days)
Spell description
- Description follows the format TARGET_DATE MakerDAO Executive Spell | Hash: EXEC_DOC_HASH
- TARGET_DATE in the description matches the target date
- Accompanying comment above spell description follows the format // Hash: cast keccak -- "$(wget 'EXEC_DOC_URL' -q -O - 2>/dev/null)"
Comments inside the spell
- Every Section text from the Exec Sheet is copied to the spell code as a comment surrounded by the set of dashes (E.g. // ----- Section text -----)
- Every Instruction text from the Exec Sheet is copied to the spell code as // Instruction text
- Every Instruction text have newline above it
- ~~IF an instruction can not be taken, it should have explanation under the instruction prefixed with // Note: (e.g.: // Note: Payments are skipped on goerli)~~
- ~~IF action in the spell doesn't have relevant instruction (e.g.: chainlog version bump), the necessity of it is explained in the comment above prefixed with // Note:~~
- Every proof url from the Exec Sheet, such as Reasoning URL and Authority URL is present in the spell code under relevant section or instruction (depending on which row the url is present)
- Every proof url from the Exec Sheet, such as Reasoning URL and Authority URL have prefix derived from the url itself
  - // Executive Vote: if URL starts with https://vote.makerdao.com/executive/
  - // Poll: if URL starts with https://vote.makerdao.com/polling/
  - // Forum: if URL starts with https://forum.makerdao.com/t/
  - // MIP: if URL starts with https://mips.makerdao.com/mips/details/

Dependency checks

Update Foundry by running foundryup

Reinstall libraries by running rm -rf ./lib && git submodule update --init --recursive

Insert checked out submodule paths here
Submodule path 'lib/dss-exec-lib': checked out '69b658f35d8618272cd139dfc18c5713caf6b96b'
Submodule path 'lib/dss-exec-lib/lib/dss-interfaces': checked out '9bfd7afadd1f8c217ef05850b2555691786286cb'
Submodule path 'lib/dss-exec-lib/lib/forge-std': checked out '0aa99eb8456693c015350c5e6c4f442ebe912f77'
Submodule path 'lib/dss-exec-lib/lib/forge-std/lib/ds-test': checked out 'cd98eff28324bfac652e63a239a60632a761790b'
Submodule path 'lib/dss-test': checked out '36ff4adbcb35760614e0d2df864026991c23d028'
Submodule path 'lib/dss-test/lib/dss-interfaces': checked out '9bfd7afadd1f8c217ef05850b2555691786286cb'
Submodule path 'lib/dss-test/lib/forge-std': checked out '155d547c449afa8715f538d69454b83944117811'
Submodule path 'lib/dss-test/lib/forge-std/lib/ds-test': checked out 'e282159d5170298eb2455a6c05280ab5a73a4ef0'

IF submodule upgrades are present, make sure dss-exec-lib is synced as well
git submodule hash of dss-exec-lib (run git submodule status) matches the latest release version or newer
- ⚠️ Version does not match the latest release, latest master branch commit was used instead. This has been done in all recent spells. Diff between the versions: https://github.com/makerdao/dss-exec-lib/compare/c0d3c6c..69b658f
dss-interfaces library used inside lib/dss-exec-lib matches submodule used inside lib/dss-test

IF interfaces are present in the spell
- Interfaces imported from dss-interfaces
  - No unused dss-interfaces
  - Only single import layout is used (e.g. import "dss-interfaces/dss/VatAbstract.sol";)
- Static Interfaces
  - No unused static interfaces
  - Declared static interface not present in the dss-interfaces, OTHERWISE should be imported from there
  - Interface matches deployed contract using cast interface <contract_address> command
  - Interface naming style should match with Like suffix (e.g. VatLike)
    - EXCEPTION: known interface naming exceptions
  - Each static interface declare only functions actually used in the spell code
~~IF variable declarations are present in the spell~~
- ~~IF precision units are present~~
  - ~~Precision units used in the spell match their defined values:~~
    - ~~WAD = 10 ** 18~~
    - ~~RAY = 10 ** 27~~
    - ~~RAD = 10 ** 45~~
  - ~~Precision units match with Numerical Ranges~~
  - ~~Each variable visibility is declared as internal~~
  - ~~Each variable state mutability is declared as constant~~
- ~~IF math units are present~~
  - ~~Match their defined values:~~
    - ~~HUNDRED = 10 ** 2~~
    - ~~THOUSAND = 10 ** 3~~
    - ~~MILLION = 10 ** 6~~
    - ~~BILLION = 10 ** 9~~
  - ~~Match with config~~
  - ~~Each variable visibility is declared as internal~~
  - ~~Each variable state mutability is declared as constant~~
- ~~IF rates are present~~
  - ~~Rates match generated locally via make rates pct=<pct> (e.g. pct=0.75, for 0.75%)~~
  - ~~Rates match IPFS document~~
  - ~~Rate variable name conforms to X_PT_Y_Z_PCT_RATE (e.g. ZERO_PT_SEVEN_FIVE_PCT_RATE for 0.75%)~~
  - ~~Rate variable visibility declared as internal~~
  - ~~Rate variable state mutability declared as constant~~
- ~~IF timestamps are present~~
  - ~~Comment above timestamp states full date including UTC timezone~~
  - ~~Timestamp converts back to the correct date~~
  - ~~Timestamp converts back to the UTC timezone~~
  - ~~Variable naming matches MMM_DD_YYYY (e.g. JAN_01_2023 for 2023-01-01)~~
  - ~~Time of day makes logical sense in the context of timestamp usage (i.e. 23:59:59 UTC for the final day of something, 00:00:00 UTC for the first day of something)~~
  - ~~Each variable visibility is declared as internal~~
  - ~~Each variable state mutability is declared as constant~~
~~IF new contract is present in the spell (not yet on chainlog or new to chainlog)~~
- ~~Source code is verified on etherscan~~
- ~~Compilation optimizations match deployment settings defined in the source code repo~~
- ~~GNU AGPLv3 license~~
- ~~Every maker-related constructor argument matches chainlog (e.g. vat, dai, dog, ...)~~
- ~~IF new contract have concept of wards or access control~~
  - ~~Ensure PAUSE_PROXY address was relied (wards(PAUSE_PROXY) is 1)~~
  - ~~Ensure that contract deployer address was denied (wards(deployer) is 0)~~
  - Ensure MCD_ESM address is already relied OR being relied (wards(MCD_ESM) is 1) in this spell (as approved by Governance Facilitators, in order to allow de-authing the pause proxy during Emergency Shutdown, via denyProxy)
  - ~~Ensure that there are no other Rely events except for PAUSE_PROXY and MCD_ESM (using a block explorer like etherscan)~~
- ~~Source code matches corresponding github source code (e.g. diffcheck via vscode code --diff etherscan.sol github.sol)~~
- ~~Deployer address is included into addresses_deployers.sol~~
~~IF core system parameter changes are present in the instructions~~
- ~~IF stability fee (jug.ilk.duty) is updated~~
  - ~~(DssExecLib.setIlkStabilityFee(ilk, rate, doDrip)) is used~~
  - ~~Comment matches pattern // Increase ILK-A Stability Fee by X.XX% from X.XX% to X.XX%~~
- ~~IF Dai Savings Rate (pot.dsr) is updated~~
  - ~~(DssExecLib.setDSR(rate, doDrip)) is used~~
  - ~~Comment matches pattern // Increase DSR by X.XX% from X.XX% to X.XX%~~
  - ~~Double check that rate match make rates pct=<pct> (e.g. pct=0.75, for 0.75%)~~
  - ~~Double check that rate match IPFS document~~
- ~~IF spotter.ilk.mat is updated, (DssExecLib.setIlkLiquidationRatio(ilk, pct_bps)) is used~~
- ~~IF dog.ilk.hole is updated, (DssExecLib.setIlkMaxLiquidationAmount(ilk, amount)) is used~~
- ~~IF vat.ilk.dust is updated, (DssExecLib.setIlkMinVaultAmount(ilk, amount)) is used~~
- ~~IF dog.ilk.chop is updated, (DssExecLib.setIlkLiquidationPenalty(ilk, pct_bps)) is used~~
- ~~IF clip.buf is updated, (DssExecLib.setStartingPriceMultiplicativeFactor(ilk, pct_bps)) is used~~
- ~~IF clipperMom.clip.tolerance is updated, (DssExecLib.setLiquidationBreakerPriceTolerance(clip, pct_bps)) is used~~
- ~~IF clip.tail is updated, (DssExecLib.setAuctionTimeBeforeReset(ilk, duration)) is used~~
- ~~IF clip.cusp is updated, (DssExecLib.setAuctionPermittedDrop(ilk, pct_bps)) is used~~
- ~~IF clip.chip is updated, (DssExecLib.setKeeperIncentivePercent(ilk, pct_bps)) is used~~
- ~~IF clip.tip is updated, (DssExecLib.setKeeperIncentiveFlatRate(ilk, amount)) is used~~
- ~~IF calc.tau is updated, (DssExecLib.setLinearDecrease(calc, duration)) is used~~
- ~~IF calc.cut or calc.step are updated, DssExecLib.setStairstepExponentialDecrease(calc, duration, pct_bps) is used~~
~~IF debt ceiling changes are present in the instructions~~
- ~~IF adjusted collateral type (ilk) have AutoLine enabled (MCD_IAM_AUTO_LINE)~~
  - ~~IF collateral debt ceiling requested to be 0~~
    - ~~Collateral is removed from AutoLine (MCD_IAM_AUTO_LINE) via DssExecLib.removeIlkFromAutoLine(ilk)~~
    - ~~The instruction to remove from AutoLine (MCD_IAM_AUTO_LINE) is present in the Exec Sheet~~
    - ~~Collateral debt ceiling is set to 0 via DssExecLib.setIlkDebtCeiling(ilk, amount)~~
    - ~~Global debt ceiling (vat.Line) is updated accordingly, UNLESS specifically instructed not to~~
  - ~~IF AutoLine parameters are updated~~
    - ~~EITHER is used, depending on the instruction:~~
      - ~~DssExecLib.setIlkAutoLineDebtCeiling(ilk, amount)~~
      - ~~DssExecLib.setIlkAutoLineParameters(ilk, amount, gap, ttl)~~
- ~~IF collateral debt ceiling (vat.ilk.line) is updated~~
  - ~~Collateral type (ilk) have AutoLine disabled previously or in the spell~~
  - ~~EITHER is used, depending on the instruction:~~
  - ~~Global debt ceiling (vat.Line) is updated accordingly, UNLESS specifically instructed not to, via EITHER:~~
    - ~~global set to true in increaseIlkDebtCeiling/decreaseIlkDebtCeiling~~
    - ~~DssExecLib.setGlobalDebtCeiling(amount)~~
    - ~~DssExecLib.increaseGlobalDebtCeiling(amount)~~
    - ~~DssExecLib.decreaseGlobalDebtCeiling(amount)~~
~~IF additional dependencies (i.e. ./src/dependencies/ directory) are present:~~
- ~~IF the dependencies contracts/libraries have been audited~~
  - ~~Each contract/library exactly matches (i.e. diff check) the source code of the latest audited version~~
- ~~OTHERWISE obtain the permalink to the relevant repository from a trusted party (i.e. Gov Facilitators)~~
  - ~~Each contract/library exactly matches (i.e. diff check) the source code from the permalink~~
~~IF onboarding is present~~
- ~~Insert and follow the relevant checklists below:~~
  - ~~Collateral Onboarding~~
  - ~~RWA Onboarding~~
  - ~~Teleport Onboarding~~
~~IF PSM migration, onboarding or offboarding is present:~~
- ~~Insert and follow the relevant checklists below:~~
  - ~~PSM Checklists~~
~~IF collateral offboarding is present in the spell~~
- ~~1st stage collateral offboarding~~
  - ~~Collateral type (ilk) is removed from AutoLine (MCD_IAM_AUTO_LINE) IF currently enabled~~
  - ~~Collateral debt ceiling (vat.ilk.line) is set to 0~~
  - ~~Global debt ceiling (vat.Line) decreased by the total amount of offboarded ilks~~
- ~~2nd stage collateral offboarding~~
  - ~~All actions from the 1st stage offboarding are previously taken (EITHER in the current or past spells – check the archive)~~
  - ~~Collateral liquidation penalty (chop) is set to 0 IF requested by governance~~
  - ~~Flat keeper incentive (tip) is set to 0 IF requested by governance~~
  - ~~Relative keeper incentive (chip) is set to 0 IF requested by governance~~
  - ~~Max liquidation amount (hole) is adjusted via DssExecLib.setIlkMaxLiquidationAmount(ilk, amount) IF requested by governance~~
  - ~~Relevant clipper contract (MCD_CLIP_) is active (i.e. stopped is 0)~~
  - ~~Liquidations are triggered via (depending on governance instruction):~~
    - ~~EITHER liquidation ratio (spotter.ilk.mat) being set very high in the spell (using DssExecLib.setValue(DssExecLib.spotter(), ilk, "mat", ratio))~~
    - ~~OR via enabling linear interpolation (DssExecLib.linearInterpolation(name, target, ilk, what, startTime, start, end, duration))~~
      - ~~Ensure name format matches "XXX-X Offboarding"~~
      - ~~Ensure target matches DssExecLib.spotter() address~~
      - ~~Ensure ilk format matches collateral type (ilk) name ("XXX-X")~~
      - ~~Ensure what matches string "mat"~~
      - ~~Ensure startTime matches block.timestamp~~
      - ~~Ensure start uses variable CURRENT_XXX_A_MAT~~
      - ~~Ensure start matches current spotter.ilk.mat value~~
      - ~~Ensure end uses variable TARGET_XXX_A_MAT~~
      - ~~Ensure end value matches the instruction~~
      - ~~Ensure end allows liquidation of all remaining vaults (end is bigger than collateral_type_collateralization_ratio * risk_multiplier_factor)~~
      - ~~Ensure duration matches the instruction~~
  - ~~Spotter price is updated via DssExecLib.updateCollateralPrice(ilk) IF collateral have no running oracle (i.e. relevant PIP_ contract have outdated zzz value)~~
  - ~~Spotter price is updated after all other actions~~
  - ~~Offboarding is tested at least via _checkIlkClipper helper~~
~~IF RWA updates are present~~
- ~~IF doc is updated~~
  - ~~_updateDoc helper is copied one-to-one from the archive and defined above actions~~
  - ~~_updateDoc(ilk, doc) is called in the spell~~
- ~~IF debt ceiling is updated~~
  - ~~IF AutoLine update is requested by the Exec Sheet~~
    - ~~Parameters are set via DssExecLib.setIlkAutoLineParameters(ilk, amount, gap, ttl) or DssExecLib.setIlkAutoLineDebtCeiling(ilk, amount)~~
  - ~~IF regular debt ceiling (vat.ilk.line) update is requested by the Exec Sheet~~
    - ~~Collateral type (ilk) have AutoLine disabled previously or in the spell~~
    - ~~Debt ceiling (vat.ilk.line) is updated, via EITHER:~~
    - ~~Global debt ceiling (vat.Line) is updated accordingly, UNLESS specifically instructed not to, via EITHER:~~
      - ~~global set to true in increaseIlkDebtCeiling/decreaseIlkDebtCeiling~~
      - ~~DssExecLib.setGlobalDebtCeiling(amount)~~
      - ~~DssExecLib.increaseGlobalDebtCeiling(amount)~~
      - ~~DssExecLib.decreaseGlobalDebtCeiling(amount)~~
  - ~~Liquidation oracle price is bumped via RwaLiquidationOracleLike(MIP21_LIQUIDATION_ORACLE).bump(ilk, val) pattern~~
    - ~~Comment above bump explains val computation via // Note: the formula is: "debt_ceiling * [ (1 + rwa_stability_fee ) ^ (minimum_deal_duration_in_years) ] * liquidation_ratio"~~
    - ~~Comment above bump provides locally executable formula (e.g. // bc -l <<< 'scale=18; 50000000 * e(l(1.07) * (3342/365)) * 1.00' | cast --to-wei)~~
      - ~~The formula matches the example provided above~~
      - ~~debt_ceiling in the executable formula matches new debt ceiling set in the spell or the maximum possible debt ceiling in case of the enabled AutoLine~~
      - ~~rwa_stability_fee in the executable formula matches stability fee of the specified RWA found on chain~~
      - ~~minimum_deal_duration_in_years in the executable formula matches number found in the Exec Sheet of the spell containing relevant RWA onboarding~~
      - ~~liquidation_ratio in the executable formula matches liquidation ratio of the specified RWA found on chain~~
      - ~~Executing formula locally provides integer number that matches the val in the spell~~
    - ~~val makes sense in context of the rate mechanism~~
  - IF multiple RWA ilks are being combined into one, val calculation is done once per ilk and added to make the total, with separate executable formulas provided in comments. The existing val value can be retrieved by calling read() on PIP_RWAXX and converting the result into decimal
  - ~~Oracle price is updated via DssExecLib.updateCollateralPrice(ilk)~~
  - ~~IF soft liquidation explicitly requested to be triggered (via .tell(ilk)) AND debt ceiling is 0 (OR is being set to 0 in the current spell)~~
    - ~~RwaLiquidationOracle.tell(ilk) call is present~~
    - IF RWAXX_A_INPUT_CONDUIT is an instance of TinlakeMgr (it is a Centrifuge integration), additional TinlakeMgr.tell() call is present (in order to prevent further TIN redemptions in the Centrifuge pool)
IF payments are present in the spell
- IF MKR transfers are present
  - Recipient address in the instruction is in the checksummed format
  - Recipient address matches Exec Sheet
  - Recipient address variable name matches one found in addresses_wallets.sol
  - Transfer amount matches Exec Sheet
  - Transfer amount is specified with (at least) 2 decimals using ether keyword
  - IF ether keyword is used, comment is present on the same line // Note: ether is a keyword helper, only MKR is transferred here
  - The transfers are tested via testMKRPayments test
  - Sum of all MKR transfers tested in testMKRPayments matches number in the Exec Sheet
- IF DAI surplus buffer transfers are present
  - Recipient address in the instruction is in the checksummed format
  - Recipient address matches Exec Sheet
  - Recipient address variable name matches one found in addresses_wallets.sol
  - Transfer amount matches Exec Sheet
  - The transfers are tested via testDAIPayments test
  - Sum of all DAI transfers tested in testDAIPayments matches number in the Exec Sheet
- ~~IF MKR or DAI streams (DssVest) are created~~
  - ~~VestAbstract interface is imported from dss-interfaces/dss/VestAbstract.sol~~
  - ~~restrict is used for each stream, UNLESS otherwise explicitly stated in the Exec Sheet~~
  - ~~usr (Vest recipient address) matches Exec Sheet~~
  - ~~usr address in the instruction is in the checksummed format~~
  - ~~usr address variable name match one found in addresses_wallets.sol~~
  - ~~tot (Total stream amount) matches Exec Sheet~~
  - ~~IF ether keyword is used, comment is present on the same line // Note: ether is a keyword helper, only MKR is transferred here~~
  - ~~IF vest amount is expressed in 'per year' or similar in the Exec Sheet, account for leap days~~
  - ~~bgn (Vest start timestamp) matches Exec Sheet~~
  - ~~tau is expressed as bgn - fin (i.e. MONTH_DD_YYYY - MONTH_DD_YYYY)~~
  - ~~fin (Vest end timestamp) matches Exec Sheet~~
  - ~~eta (Vest cliff duration) matches the following logic~~
    - ~~IF eta is explicitly specified in the Exec Sheet, then the values match~~
    - ~~IF eta and clf (Cliff end timestamp) are not specified in the Exec Sheet, then eta is 0~~
    - ~~IF clf is specified, but clf <= bgn, then eta is 0~~
    - ~~IF clf is specified and clf > bgn, eta is expressed as clf - bgn (i.e. MONTH_DD_YYYY - MONTH_DD_YYYY)~~
  - ~~IF mgr (Vest manager address) is specified in the Exec Sheet, matches the value, OTHERWISE matches address(0)~~
  - ~~Ensure that max vesting rate (cap) is enough for the new streams~~
    - ~~The maximum vesting rate (tot divided by tau) <= the maximum vest streaming rate (cap)~~
    - ~~The maximum vesting rate (tot divided by tau) > the maximum vest streaming rate (cap)~~
    - ~~Calculate new cap value equal to 10% greater than the new maximum vesting rate, then round new cap up with 2 significant figure precision (i.e. 2446 becomes 2500)~~
  - ~~IF max vesting rate (cap) is changed in the spell~~
    - ~~Governance facilitators were notified~~
    - ~~Exec Sheet contain explicit instruction~~
    - ~~Exec Sheet contain explicit instruction~~
  - ~~IF MKR stream (DssVestTransferrable) is present~~
    - ~~Vest contract's MKR allowance increased by the cumulative total (the sum of all tot values)~~
    - ~~Ensure allowance increase follows archive patterns~~
  - ~~Tested via testVestDAI or testVestMKR~~
- ~~IF MKR or DAI vest termination (Yank) is present~~
  - ~~Yanked stream ID matches Exec Sheet~~
  - ~~MCD_VEST_MKR_TREASURY chainlog address is used for MKR stream yank~~
  - ~~MCD_VEST_DAI chainlog address is used for DAI stream yank~~
  - ~~Tested via testYankDAI or testYankMKR~~
IF SubDAO-related content is present
- IF SubDAO provides SubProxy spell address
  - SubDAO spell address matches Exec Sheet
  - Executed via ProxyLike(SUBDAO_PROXY).exec(SUBDAO_SPELL, abi.encodeWithSignature("execute()"));
  - Execution is NOT delegate call
  - IF SubDAO spell deployer is a smart contract (e.g. multisig or factory), ensure the deployer address is in addresses_deployers.sol as an entry
  - Ensure that SubDAO spell have enough gas and does not revert with "out of gas" error inside simulation. Note: low level call gas estimation is not done by our scripts
- ~~IF SubDAO provides instructions to be executed by the main spell (i.e. that will operate within Pause Proxy DelegateCall context)~~
  - ~~No SubDAO contract being interacted with is authed on a core contract like vat, etc. (Check comprehensively where the risk is high)~~
  - ~~SubDAO contract licensing and optimizations generally do not matter (except where they pose a security risk)~~
  - ~~SubDAO contracts and all libraries / dependencies have verified source code (Blocking)~~
  - ~~Upgradable SubDAO contracts~~
    - ~~Upgradable contracts have the PAUSE_PROXY as their admin (i.e. the party that can upgrade)~~
    - ~~Any upgradable SubDAO contracts with an admin that is not PAUSE_PROXY are not authed on any core contracts (Blocking)~~
  - All SubDAO content addresses (i.e. provided contract addresses or EOAs) present in the Maker Core spell are present in the Exec Sheet and are correct. SubDAO addresses being authed or given any permissions MUST be in the Exec Sheet. SubDAO addresses being called must be confirmed by the SubDAO spell team.
  - ~~IF addresses not PR'ed in by the SubDAO team (use git blame for example), SubDAO content addresses all have inline comment for provenance or source being OKed by SubDAO~~
  - ~~SubDAO actions match Exec Sheet (only where inline with main spell code) and do not affect core contracts~~
  - ~~Core contract knock-on actions (such as offboarding or setting DC to 0) are present in the exec and match the code~~
  - ~~External calls for SubDAO content are NOT delegate call~~
  - ~~Code does not have untoward behavior within the scope of Maker Core Contracts (e.g. up to the SubDAO proxy)~~
~~IF external contracts calls are present (Not SubDAOs, e.g. Starknet)~~
- ~~Target Contract doesn't block spell execution~~
- ~~External call is NOT delegatecall~~
- ~~Target Contract doesn't have permissions on the Vat~~
- ~~Target Contract doesn't do anything untoward (e.g. interacting with unsafe contracts)~~
- ~~Contracts deployed via CREATE2 (e.g. if it looks like a vanity address) do not have selfdestruct in their code~~
- ~~MCD Pause Proxy doesn't give any approvals~~
- ~~All possible actions of the Target Contract are documented~~
- ~~Target contract is not upgradable~~
- ~~Target Contract is included in the ChainLog~~
- ~~Test Coverage is comprehensive~~
~~IF spell interacts with ChainLog~~
- ~~ChainLog version is incremented based on update type~~
  - ~~Major -> New Vat (++.0.0)~~
  - ~~Minor -> Core Module (DSS) Update (e.g. Flapper) (0.++.0)~~
  - ~~Patch -> Collateral addition or addition/modification (0.0.++)~~
- ~~New addresses are added to the addresses_mainnet.sol~~
- ~~Changes are tested via testChainlogIntegrity and testChainlogValues~~
Ensure every spell variable is declared as public/internal
Ensure immutable visibility is only used when fetching addresses from the ChainLog via DssExecLib.getChangelogAddress(key) and constant is used instead for static addresses
- Fetch addresses as type address and wrap with Like suffix interfaces inline (when making calls), UNLESS archive patterns permit otherwise (Such as MKR)
- Use the DssExecLib Core Address Helpers where possible (e.g. DssExecLib.vat())
- Where addresses are fetched from the ChainLog, the variable name must match the value of the ChainLog key for that address (e.g. MCD_VAT rather than vat), except where the archive pattern differs from this pattern (e.g. MKR)
Tests
- Ensure that the DssExecLib.address file is not being modified by the spell PR
- Check all CI tests are passing as at the latest commit
  Insert most recent commit hash where CI was passing
  c662de8
- Ensure every test function is declared as public
  - IF the test needs to run, it MUST NOT have the skipped modifier; OTHERWISE, it MUST have the skipped modifier
- Ensure each spell action has sufficient test coverage
  List actions for which coverage was checked here
  - Launch Project Funding
    Launch Project - 9535993 DAI - 0x3C5142F28567E6a0F172fd0BaaF1f2847f49D02F: testestDAIPaymentst
    Launch Project - 2630.00 MKR - 0x3C5142F28567E6a0F172fd0BaaF1f2847f49D02F: testMKRPayments
  - Spark Proxy Spell
    Trigger Spark Proxy Spell at 0x668C84584Ef8EeEd6BFb4FFB2a4Fa03231F8b241: testSparkSpellIsExecuted
- Ensure that any other env variable does not affect execution of the tests (for example, by inspecting the output of printenv | grep "FOUNDRY_\|DAPP_")
- Check all tests are passing locally using make test
  - Ensure every test listed in the coverage item above is present in the logs and with the [PASS] prefix.

_Insert your local test logs here_
./scripts/test-dssspell-forge.sh no-match="" match="" block=""
Using DssExecLib at: 0x8De6DDbCd5053d32292AAA0D2105A32d108484a6
[⠒] Compiling...
[⠒] Compiling 5 files with Solc 0.8.16
[⠆] Solc 0.8.16 finished in 6.04s
Compiler run successful!

Ran 2 tests for src/test/starknet.t.sol:StarknetTests
[PASS] testStarknet() (gas: 936788)
[PASS] testStarknetSpell() (gas: 2324)
Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 33.39s (29.44s CPU time)

Ran 34 tests for src/DssSpell.t.sol:DssSpellTest
[SKIP] testBytecodeMatches() (gas: 0)
[PASS] testCastCost() (gas: 793942)
[PASS] testCastOnTime() (gas: 790838)
[SKIP] testChainlogIntegrity() (gas: 0)
[PASS] testChainlogValues() (gas: 9299018)
[SKIP] testCollateralIntegrations() (gas: 0)
[PASS] testContractSize() (gas: 11117)
[PASS] testDAIPayments() (gas: 862160)
[SKIP] testDaoResolutions() (gas: 0)
[PASS] testDeployCost() (gas: 1629041)
[SKIP] testEsmAuth() (gas: 0)
[PASS] testGeneral() (gas: 26684362)
[SKIP] testIlkClipper() (gas: 0)
[SKIP] testL2ArbitrumSpell() (gas: 0)
[SKIP] testL2OptimismSpell() (gas: 0)
[SKIP] testLerpSurplusBuffer() (gas: 0)
[PASS] testLitePSMs() (gas: 1823922)
[PASS] testMKRPayments() (gas: 811209)
[SKIP] testMedianizers() (gas: 0)
[SKIP] testNewIlkRegistryValues() (gas: 0)
[PASS] testNextCastTime() (gas: 446524)
[SKIP] testOSMs() (gas: 0)
[SKIP] testOffboardings() (gas: 0)
[PASS] testOfficeHours() (gas: 495662)
[SKIP] testOracleList() (gas: 0)
[PASS] testPSMs() (gas: 2140149)
[SKIP] testRemoveChainlogValues() (gas: 0)
[PASS] testRevertIfNotScheduled() (gas: 17618)
[PASS] testSparkSpellIsExecuted() (gas: 796755)
[PASS] testUseEta() (gas: 352708)
[SKIP] testVestDAI() (gas: 0)
[SKIP] testVestMKR() (gas: 0)
[SKIP] testYankDAI() (gas: 0)
[SKIP] testYankMKR() (gas: 0)
Suite result: ok. 15 passed; 0 failed; 19 skipped; finished in 391.70s (830.52s CPU time)

Ran 2 test suites in 392.44s (425.09s CPU time): 17 tests passed, 0 failed, 19 skipped (36 total tests)

Pre-Deployment Stage

SidestreamIcedMango · 2024-09-03T16:24:39Z

The spell is deployed to: 0x900c952c676595DdB392FA6349aD5f0674a67Eeb
Tenderly testnet: https://dashboard.tenderly.co/explorer/vnet/1587fb86-ad6a-4e4a-846f-a5b53531012a

oddaf · 2024-09-03T20:41:08Z

TLDR: Good to handover

Deployed Stage

Source code settings
- Deployed spell is verified on etherscan
- Optimization enabled: false UNLESS the contract size is too big AND all mitigation strategies (i.e.: removing revert strings) have failed
- Default evmVersion
- GNU AGPLv3 license
Source code validity
- Deployed spell code matches source on github. (can be checked via make diff-deployed-spell or manually)
  - ⚠️ Script fails, manual inspection shows code matches.
- No new changes are made after previously given "good to deploy"
Deployed spell Etherscan checks
- Automated checks via make check-deployed-spell
  - Verified
  - Valid license
  - Version matches
  - Optimizations are disabled
  - dss-exec-lib library address used (under 'Libraries Used') matches the hardcoded local DssExecLib.address file
  - deployed_spell_created matches deployment timestamp
  - deployed_spell_block matches deployment block number
- Manual checks
  - Ensure make deploy-info tx=<tx> matches config
    - deployed_spell_created timestamp
    - deployed_spell_block block number
  - Check again that the PR did not modify the DssExecLib.address file (e.g. look under the 'Files Changed' PR tab, etc.)
  - Ensure Etherscan Libraries Used matches DssExecLib Latest Release
  - (For your tests to be accurate) git submodule hash matches dss-exec-lib latest release's tag commit and inspect diffs if doesn't match to ensure expected behaviour (Currently Non-Critical pending the next DssExecLib release, double check that the ExecLib used by the contract matches the latest release)
    - ⚠️ Version does not match the latest release, latest master branch commit was used instead. This has been done in all recent spells. Diff between the versions: https://github.com/makerdao/dss-exec-lib/compare/c0d3c6c..69b658f
Tenderly Testnet checks
- A testnet with the name matching spell description is found at maker dashboard
  - ⚠️ The testnet can't be found on maker dashboard. A high number of testnets have been created after, and Tenderly does not have pagination, so the one for the Spell is likely hidden. Testnet (confirmed public) provided in the Github PR: https://dashboard.tenderly.co/explorer/vnet/1587fb86-ad6a-4e4a-846f-a5b53531012a/transactions
- The testnet name is unique (previous testnets does not have the same name)
- Cast transaction is set to the correct "receiver" (matches deployed spell address)
- All actions are executed in the transaction trace
- No reverts are present that block execution
- No out-of-gas errors are present
Archive checks
- make diff-archive-spell for current date or make diff-archive-spell date="YYYY-MM-DD"
- Ensure date corresponds to target Exec Doc date
Tests
- Ensure that the DssExecLib.address file is not being modified by the spell PR
- Check all CI tests are passing as at the latest commit
  Insert most recent commit hash where CI was passing
  24f8b34
- Ensure that any other env variable does not affect execution of the tests (for example, by inspecting the output of printenv | grep "FOUNDRY_\|DAPP_")
- Check all tests are passing locally using make test

_Insert your local test logs here_
./scripts/test-dssspell-forge.sh no-match="" match="" block=""
Using DssExecLib at: 0x8De6DDbCd5053d32292AAA0D2105A32d108484a6
[⠒] Compiling...
[⠒] Compiling 108 files with Solc 0.8.16
[⠰] Solc 0.8.16 finished in 6.10s
Compiler run successful!

Ran 2 tests for src/test/starknet.t.sol:StarknetTests
[PASS] testStarknet() (gas: 936354)
[PASS] testStarknetSpell() (gas: 2324)
Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 35.98s (32.97s CPU time)

Ran 34 tests for src/DssSpell.t.sol:DssSpellTest
[PASS] testBytecodeMatches() (gas: 1641642)
[PASS] testCastCost() (gas: 793508)
[PASS] testCastOnTime() (gas: 790404)
[SKIP] testChainlogIntegrity() (gas: 0)
[PASS] testChainlogValues() (gas: 9298584)
[SKIP] testCollateralIntegrations() (gas: 0)
[SKIP] testContractSize() (gas: 0)
[PASS] testDAIPayments() (gas: 861783)
[SKIP] testDaoResolutions() (gas: 0)
[SKIP] testDeployCost() (gas: 0)
[SKIP] testEsmAuth() (gas: 0)
[PASS] testGeneral() (gas: 26686025)
[SKIP] testIlkClipper() (gas: 0)
[SKIP] testL2ArbitrumSpell() (gas: 0)
[SKIP] testL2OptimismSpell() (gas: 0)
[SKIP] testLerpSurplusBuffer() (gas: 0)
[PASS] testLitePSMs() (gas: 1786141)
[PASS] testMKRPayments() (gas: 810775)
[SKIP] testMedianizers() (gas: 0)
[SKIP] testNewIlkRegistryValues() (gas: 0)
[PASS] testNextCastTime() (gas: 446524)
[SKIP] testOSMs() (gas: 0)
[SKIP] testOffboardings() (gas: 0)
[PASS] testOfficeHours() (gas: 495662)
[SKIP] testOracleList() (gas: 0)
[PASS] testPSMs() (gas: 2139802)
[SKIP] testRemoveChainlogValues() (gas: 0)
[PASS] testRevertIfNotScheduled() (gas: 17618)
[PASS] testSparkSpellIsExecuted() (gas: 796321)
[PASS] testUseEta() (gas: 352708)
[SKIP] testVestDAI() (gas: 0)
[SKIP] testVestMKR() (gas: 0)
[SKIP] testYankDAI() (gas: 0)
[SKIP] testYankMKR() (gas: 0)
Suite result: ok. 14 passed; 0 failed; 20 skipped; finished in 441.55s (923.44s CPU time)

Ran 2 test suites in 442.41s (477.54s CPU time): 16 tests passed, 0 failed, 20 skipped (36 total tests)

SidestreamStrongStrawberry · 2024-09-04T07:12:27Z

Good to handover

Deployed Stage

Source code settings
- Deployed spell is verified on etherscan
- Optimization enabled: false UNLESS the contract size is too big AND all mitigation strategies (i.e.: removing revert strings) have failed
- Default evmVersion
- GNU AGPLv3 license
Source code validity
- Deployed spell code matches source on github. (can be checked via make diff-deployed-spell or manually)
- No new changes are made after previously given "good to deploy"
Deployed spell Etherscan checks
- Automated checks via make check-deployed-spell
  - Verified
  - Valid license
  - Version matches
  - Optimizations are disabled
  - dss-exec-lib library address used (under 'Libraries Used') matches the hardcoded local DssExecLib.address file
  - deployed_spell_created matches deployment timestamp
  - deployed_spell_block matches deployment block number
- Manual checks
  - Ensure make deploy-info tx=<tx> matches config
    - deployed_spell_created timestamp
    - deployed_spell_block block number
  - Check again that the PR did not modify the DssExecLib.address file (e.g. look under the 'Files Changed' PR tab, etc.)
  - Ensure Etherscan Libraries Used matches DssExecLib Latest Release
  - (For your tests to be accurate) git submodule hash matches dss-exec-lib latest release's tag commit and inspect diffs if doesn't match to ensure expected behaviour (Currently Non-Critical pending the next DssExecLib release, double check that the ExecLib used by the contract matches the latest release)
    ⚠️ The hash doesn't match as in the previous spells.
    Hash of latest release v0.0.9: c0d3c6c6244468ddab9767de6f853122723fafda
    git submodule lib/dss-exec-lib: 69b658f35d8618272cd139dfc18c5713caf6b96b
    diff check: changes are not related to current spell
Tenderly Testnet checks
- A testnet with the name matching spell description is found at maker dashboard
  ⚠️ The testnet doesn't show up in the provided link as there are many testnet created afterwards and tenderly doesn't show all the previous ones. But manually checked that provided testnet is publicly accessible
- The testnet name is unique (previous testnets does not have the same name)
- Cast transaction is set to the correct "receiver" (matches deployed spell address)
- All actions are executed in the transaction trace
- No reverts are present that block execution
- No out-of-gas errors are present
Archive checks
- make diff-archive-spell for current date or make diff-archive-spell date="YYYY-MM-DD"
- Ensure date corresponds to target Exec Doc date
Tests
- Ensure that the DssExecLib.address file is not being modified by the spell PR
- Check all CI tests are passing as at the latest commit
  Insert most recent commit hash where CI was passing
  24f8b34
- Ensure that any other env variable does not affect execution of the tests (for example, by inspecting the output of printenv | grep "FOUNDRY_\|DAPP_")
- Check all tests are passing locally using make test

_Insert your local test logs here_
./scripts/test-dssspell-forge.sh no-match="" match="" block=""
Using DssExecLib at: 0x8De6DDbCd5053d32292AAA0D2105A32d108484a6
[⠊] Compiling...
No files changed, compilation skipped

Ran 2 tests for src/test/starknet.t.sol:StarknetTests
[PASS] testStarknet() (gas: 936990)
[PASS] testStarknetSpell() (gas: 2324)
Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 29.20s (27.07s CPU time)

Ran 34 tests for src/DssSpell.t.sol:DssSpellTest
[PASS] testBytecodeMatches() (gas: 1641642)
[PASS] testCastCost() (gas: 794144)
[PASS] testCastOnTime() (gas: 791040)
[SKIP] testChainlogIntegrity() (gas: 0)
[PASS] testChainlogValues() (gas: 9299220)
[SKIP] testCollateralIntegrations() (gas: 0)
[SKIP] testContractSize() (gas: 0)
[PASS] testDAIPayments() (gas: 861959)
[SKIP] testDaoResolutions() (gas: 0)
[SKIP] testDeployCost() (gas: 0)
[SKIP] testEsmAuth() (gas: 0)
[PASS] testGeneral() (gas: 26686661)
[SKIP] testIlkClipper() (gas: 0)
[SKIP] testL2ArbitrumSpell() (gas: 0)
[SKIP] testL2OptimismSpell() (gas: 0)
[SKIP] testLerpSurplusBuffer() (gas: 0)
[PASS] testLitePSMs() (gas: 1824124)
[PASS] testMKRPayments() (gas: 811411)
[SKIP] testMedianizers() (gas: 0)
[SKIP] testNewIlkRegistryValues() (gas: 0)
[PASS] testNextCastTime() (gas: 446524)
[SKIP] testOSMs() (gas: 0)
[SKIP] testOffboardings() (gas: 0)
[PASS] testOfficeHours() (gas: 495662)
[SKIP] testOracleList() (gas: 0)
[PASS] testPSMs() (gas: 2140311)
[SKIP] testRemoveChainlogValues() (gas: 0)
[PASS] testRevertIfNotScheduled() (gas: 17618)
[PASS] testSparkSpellIsExecuted() (gas: 796957)
[PASS] testUseEta() (gas: 352708)
[SKIP] testVestDAI() (gas: 0)
[SKIP] testVestMKR() (gas: 0)
[SKIP] testYankDAI() (gas: 0)
[SKIP] testYankMKR() (gas: 0)
Suite result: ok. 14 passed; 0 failed; 20 skipped; finished in 354.36s (802.26s CPU time)

Ran 2 test suites in 354.92s (383.56s CPU time): 16 tests passed, 0 failed, 20 skipped (36 total tests)

oddaf

Handover and Merge Stage

Check that the spell address posted by the crafter in new-spells is correct
Confirm the address in the new-spells channel (via a separate "reply to" message, restating the address to avoid edits)
- Wait until responsible governance facilitator confirms handover in new-spells
Ensure that no changes were made to the code since the spell was deployed and archived
Approve spell PR for merge via 'Approve' review option

SidestreamStrongStrawberry

Good to merge :)

Handover and Merge Stage

Check that the spell address posted by the crafter in new-spells is correct
Confirm the address in the new-spells channel (via a separate "reply to" message, restating the address to avoid edits)
- Wait until responsible governance facilitator confirms handover in new-spells
Ensure that no changes were made to the code since the spell was deployed and archved
Approve spell PR for merge via 'Approve' review option

SidestreamIcedMango added 5 commits September 2, 2024 13:09

cleanup

9685cfc

base spell

b99027c

added spell contents

6b4bc71

added exec doc info, removed dependencies folder

3414a8f

updated starknet core implementation address

c662de8

SidestreamIcedMango self-assigned this Sep 2, 2024

SidestreamIcedMango requested review from SidestreamStrongStrawberry and oddaf September 2, 2024 16:24

SidestreamIcedMango added 2 commits September 3, 2024 18:17

added deployed spell info

68a0ea1

archived spell

24f8b34

oddaf approved these changes Sep 4, 2024

View reviewed changes

SidestreamStrongStrawberry approved these changes Sep 4, 2024

View reviewed changes

amusingaxl merged commit 87487cd into master Sep 4, 2024
3 checks passed

amusingaxl deleted the 2024-09-05 branch September 4, 2024 23:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Mainnet spell 2024-09-05 #423

Mainnet spell 2024-09-05 #423

SidestreamIcedMango commented Sep 2, 2024

SidestreamStrongStrawberry commented Sep 3, 2024

oddaf commented Sep 3, 2024

Launch Project Funding

Spark Proxy Spell

SidestreamIcedMango commented Sep 3, 2024

oddaf commented Sep 3, 2024

SidestreamStrongStrawberry commented Sep 4, 2024

oddaf left a comment

SidestreamStrongStrawberry left a comment

Mainnet spell 2024-09-05 #423

Mainnet spell 2024-09-05 #423

Conversation

SidestreamIcedMango commented Sep 2, 2024

Description

Contribution Checklist

Checklist

SidestreamStrongStrawberry commented Sep 3, 2024

Development Stage

Pre-Deployment Stage

oddaf commented Sep 3, 2024

Mainnet Executive Spell Review Checklist

Development Stage

Pre-Deployment Stage

Launch Project Funding

Spark Proxy Spell

SidestreamIcedMango commented Sep 3, 2024

oddaf commented Sep 3, 2024

Deployed Stage

SidestreamStrongStrawberry commented Sep 4, 2024

Deployed Stage

oddaf left a comment

Choose a reason for hiding this comment

Handover and Merge Stage

SidestreamStrongStrawberry left a comment

Choose a reason for hiding this comment

Handover and Merge Stage