Curvance
  • Protocol Overview
    • Click Less, Earn More
    • Protocol Architecture
    • Asset Types
    • Liquidity Markets
      • Borrowing
      • Liquidations
      • Interest Rates
      • Oracles
      • Collateral Caps
      • Bad Debt Socialization
    • Application Specific Sequencing
    • New Age Liquidity Mining
      • Protocols
    • How Are New Assets Integrated
    • Plugin System
    • Universal Account Balance
    • Token Approval Management
    • Lending Risks
  • Security
    • Security and Audits
  • Miscellaneous
    • RPCs and Testnet Stability
    • Glossary
    • TL;DR
      • Customer Types and Benefits
    • Brand Assets
    • Weblinks
    • Disclaimer
    • Frequently Asked Questions
  • Developer Docs
    • Overview
    • Quick Start Guides
      • Atlas Fastlane Auctions (coming soon)
      • Plugin Integration
        • List of Delegable Actions
      • Loans & Collateral
        • Lend Assets
        • Deposit into pTokens
        • Withdraw Loans
        • Withdraw pTokens
      • Borrowing & Repayment
        • Borrow
        • Repaying Debt
      • Leverage
        • Leveraging
        • Deleveraging
    • Lending Protocol
      • Market Manager
      • Position Tokens (pToken)
      • Earn Tokens (eTokens)
      • Dynamic Interest Rate Model
      • Universal Balance
    • Position Management
      • Leverage
      • Deleverage / Fold
    • Dynamic Liquidation Engine (DLE)
      • Orderflow Auction System
      • Bad Debt Socialization
    • Plugin & Delegation System
      • Transfer Lock Mechanism
      • Delegable Actions
    • Cross-Chain Functionality
      • Messaging Hub
      • Fee Manager
      • Reward Manager
    • Auxiliary Functionality
Powered by GitBook
On this page
  • Overview
  • Core Components
  • Data Flow & State Management
  • Integration Points
Export as PDF
  1. Developer Docs

Plugin & Delegation System

Be Careful When Delegating Actions

When you grant delegation permissions to an external address or contract, you are authorizing that entity to perform actions on your behalf within the Curvance Protocol. This permission should only be granted to thoroughly vetted and trusted entities.

Potential Risks

  • Financial Control: Delegates can execute operations that directly impact your assets and positions.

  • Denial of Service: A malicious delegate could repeatedly execute operations that delay critical actions such as asset redemption.

  • Unexpected Behavior: Even well-intentioned delegates might behave unexpectedly if their contracts contain bugs or vulnerabilities.

  • Position Manipulation: In leveraged positions, delegates can adjust your risk exposure through actions like leveraging and deleveraging.

Overview

The Curvance Plugin Architecture is a modular system that enables authorized third-party contracts or addresses to perform actions on behalf of users. This architecture enhances capital efficiency and user experience by enabling the development of automation tools, complex trading strategies, and cross-chain operations, all without requiring direct user interaction at each step.

Core Components

The Plugin Architecture is built around three primary components:

  1. ActionRegistry: Base library that manages user configuration for delegation and transfer permissions

  2. PluginDelegable: Abstract contract that implements delegate approval functionality

  3. Central Registry: Core hub that inherits from ActionRegistry and serves as the source of truth

Data Flow & State Management

User Configuration State Machine

Each user has a configuration record in the ActionRegistry that tracks:

UserConfig {
    uint208 lockCooldown;               // Duration of transfer/delegation cooldown
    uint40 transferEnabledTimestamp;    // When transfers become enabled
    bool transferDisabled;              // Transfer lock status
    uint208 approvalIndex;              // Approval index for delegate revocation
    uint40 delegationEnabledTimestamp;  // When delegations become enabled  
    bool delegationDisabled;            // Delegation status
}

This state record facilitates two key security mechanisms:

  1. Transfer locking: Controls whether a user's tokens can be transferred.

  2. Delegation control: Controls whether a user can approve new delegates.

Delegation Approval System

Delegations are tracked in a nested mapping structure:

owner => approvalIndex => delegate => isApproved

This design creates a three-dimensional relationship:

  • The token/rights owner.

  • Their current approval index (a security counter).

  • Each delegate address.

  • Whether that delegate is approved to act on behalf of the owner.

Security State Transitions

Approval Index Mechanism

The approval index serves as a master revocation system. When a user increments their approval index:

  1. All previously approved delegates are instantly revoked..

  2. New delegations must be established at the new index

Transfer & Delegation Cooldown

The system implements protective cooldown periods:

  1. Disabled → Enabled: When a user re-enables transfers or delegation capability, a cooldown period applies before the action takes effect.

  2. Cooldown Reduction: If a user decreases their cooldown period, the system automatically enforces the previous cooldown period.

This prevents attackers from social engineering users to rapidly disable protections.

Integration Points

Contracts that integrate with the Plugin Architecture:

  1. Inherit from PluginDelegable.

  2. Implement permission checks using _checkDelegate() for delegate-initiated operations.

  3. Reference the Central Registry for user configuration state.

The architecture is utilized by core protocol components including token contracts (pTokens, eTokens) and position management systems, allowing for complex operations like automated liquidation protection, cross-chain rebalancing, and advanced trading strategies.

PreviousBad Debt SocializationNextTransfer Lock Mechanism

Last updated 1 month ago