BIP 0004: Emergency Deposit Pause Feature

Authors:

Introduction:

BabelFish is an aggregator of USD-pegged stablecoins. While the stablecoins that are added to the aggregator are vetted to filter thro1ugh only what the community considers among the strongest USD-pegged stablecoins, it is still possible that one of these stablecoins is compromised after they are added to the aggregator. A particularly bad problem that can happen is that a stablecoin is compromised in such a way that its supply is inflated beyond the value of its backing collateral, causing the stablecoin to become partially unbacked. For example, the stablecoin issuer might go rogue or have their minting key compromised, or the smart contract used to mint the stablecoin could have a vulnerability exploited.

BabelFish needs a mechanism for responding to these events as quickly as possible to prevent the compromised stablecoin from being used to drain all of the other stablecoins in the aggregator. We can use the USD price of the stablecoin as a proxy for risk. If the USD price of a given stablecoin drops too much for a long enough period of time, this will indicate that there is a serious risk that deserves a response. The response should allow a long enough period of time to confirm that the price drop is not a temporary glitch, but not so long that a compromised stablecoin could come across the bridge and drain the XUSD aggregator.

Out of scope

There are three situations that could cause a stablecoin to be inflated beyond its backing collateral value where we are unable to respond in time, and are therefore out of scope here:
  • Rootstock-based stablecoins (since we would not have any time to respond to a problem)
  • Stablecoins that are compromised but do not have an external USD price feed.
  • Bridged stablecoins that are compromised due to malfunctioning or compromised bridge signers, bridge contracts, or bridge token contracts.

Implementation

There are two parts to the solution: a smart contract change, and an off-chain Keeper node that could be run on one or more servers.

Smart contract change implementation requirements

  • Using a GovernorAdmin proposal, FISH Bitocracy should be able to:

    • Add one or more Rootstock addresses to an “emergency deposit pauser list”.
    • Remove one or more Rootstock addresses from the “emergency deposit pauser” list.
    • Un-pause any emergency deposit pause that is active.
  • Addresses on the emergency deposit pauser list should have the power to submit an “emergency deposit pause” transaction that will immediately pause deposits of one or more of the stablecoins in the BabelFish XUSD aggregator.

  • BabelFish XUSD aggregator deployments:

    • Mainnet: 0x1440d19436bEeaF8517896bffB957a88EC95a00F
    • Testnet: 0xca8b437d9d586b938CE000e765476A0594856b51

Keeper node implementation requirements