LogoLogo
AddressesAuditsGitHub
  • 📥Introduction
  • 🌀Products
    • Introduction
    • Best Yield
      • Overview
      • Guides
        • Deposit funds on BY
        • Redeem funds on BY
      • FAQs
    • Yield Tranches
      • Overview
      • Adaptive Yield Split
      • Security
        • Covered risks
      • Guides
        • Deposit funds on YTs
        • Redeem funds on YTs
        • Live YTs guides
          • Lido stETH
      • FAQs
    • Fee structure
    • Get involved
      • Integrators program
      • Institutions program
  • 💻Developers
    • Introduction
    • Networks and codebase
      • Ethereum mainnet
      • Polygon
      • Kovan testnet
      • ERC-4626 standard
    • Best Yield
      • Architecture
      • Deployed contracts
        • Ethereum
        • Optimism
      • Interface
      • Methods
        • mintIdleToken
        • redeemIdleToken
        • redeemInterestBearingTokens
        • rebalance
        • tokenPrice
        • tokenPriceWithFee
        • getAPRs
        • getAvgApr
        • userAvgPrices
        • getGovTokensAmounts
        • getAllocations
        • getGovTokens
        • getAllAvailableTokens
        • getProtocolTokenToGov
      • Edge cases
      • Security management policy
      • Get integrated as yield source
      • Get user earnings
    • Yield Tranches
      • Architecture
      • Deployed contracts
        • Ethereum
        • Polygon zkEVM
        • Optimism
      • Interface
      • Methods
        • AAStaking
        • BBStaking
        • AATranche
        • BBTranche
        • depositAA
        • depositAARef
        • depositBB
        • depositBBRef
        • fee
        • getApr
        • getContractValue
        • getCurrentAARatio
        • getIncentiveTokens
        • lastNAVAA
        • lastNAVBB
        • strategy
        • strategyToken
        • token
        • trancheAPRSplitRatio
        • tranchePrice
        • virtualPrice
        • withdrawAA
        • withdrawBB
      • Integration example
      • Edge cases
      • Security management policy
      • Subgraph
    • API
    • Security
      • Hats Finance vault
      • Hypernative monitoring
      • Immunefi bug bounty
      • Integration Standard Requirements
      • Risk Framework
      • Smart contract audits
  • 🏛️Governance
    • Introduction
    • Idle DAO
      • Governance process
        • Governance forum
        • Governance dashboard
        • Snapshot IDLE
        • Snapshot stkIDLE
      • Idle Leagues
        • Communication League
        • Development League
        • Treasury League
        • Leagues contributors
      • Treasury
        • Reports
      • Governance guides
        • How to monitor off-chain voting pools
        • How to propose an IIP
        • How to create an on-chain proposal
        • How to delegate votes
        • How to vote for an IIP
      • FAQs
    • IDLE token
      • Distribution
      • Use cases
        • Lending, borrowing & collateral
        • DEXs liquidity provision
      • Buybacks
      • Delegates
      • CoinGecko
    • IDLE staking
      • Prime staking
        • Examples
      • Staking integration
      • Guides
        • How to stake your IDLE
        • How to vote in Gauges
        • How to boost your $IDLE rewards
        • How to give VEV
  • 🗂️Other
    • Brand assets
    • Guides
      • How to see IDLE in your wallet
      • Deposit funds through Idle
      • Deposit funds through smart contracts
      • Redeem funds through Idle
      • Redeem funds through smart contracts
    • FAQs
    • Glossary
    • Resources
    • Archive
      • 👇Get in touch
        • 🏛️Governance Forum
        • 🏆Idle Grants Program
        • 👾Discord
        • 🐦Twitter
      • Gauges
        • Architecture
        • Deployed contracts
        • Gauges repository
        • stkIDLE repository
      • Gauges
        • Gauges integration
        • FAQs
      • Boost
      • DEXs liquidity provison
      • Risk Adjusted (deprecated)
      • Deployed contracts
      • Idle Smart Treasury (deprecated)
      • Ethereum LP staking (deprecated)
      • Polygon LP staking (deprecated)
      • Flash Loans (deprecated)
      • QuickSwap cxETH-WETH
      • Integrate PYTs
      • Idle Grants program
      • Idle on Polygon
        • Add Polygon network to MetaMask
        • Bridge $IDLE to Polygon
        • Deposit funds on Polygon
        • Add liquidity to $IDLE pools
        • Stake IDLE LP tokens on Polygon
Powered by GitBook

Ecosystem

  • Website
  • App
  • Governance
  • Brand assets

Developers

  • Feedback
  • GitHub
  • Bug bounty
  • Audits

Community

  • Blog
  • Twitter
  • Telegram
  • Discord

Analytics

  • Stats
  • Dune
  • DeFiLlama
  • CoinGecko
On this page
  • Best Yield vaults
  • Additional functions

Was this helpful?

  1. Developers
  2. Best Yield

Security management policy

Developers > Best Yield > Security management policy

Last updated 1 year ago

Was this helpful?

Best Yield vaults

IdleTokenV4, the factory contract for the Best Yield strategy is an upgradable contract that uses . Its upgradability is owned by the Timelock contract, which is controlled by IDLE token holders (as described in the section).

Each Best Yield strategy consists of a proxy that points to a shared implementation of IdleTokenV4 contracts. The implementation for each strategy can be upgraded through a shared Proxy Admin which is .

The owner of the Proxy Admin and of Best Yield strategy's proxy is the Timelock contract which is owned by the GovernorBravo, controlled by IDLE holders.

There are a few administrative privileges that the Timelock have besides the ability to upgrade IdleTokenV4 implementation logic:

  • It can change Idle wrappers (IdleCompound, IdleAave, ...) and associated assets supported for lending protocols;

  • It can add and or remove governance tokens supported for distribution;

  • fee and feeAddresscan be updated. The fee is capped and can be at most 10% of the interest earned currently;

  • It can set maxUnlentPerc, i.e. a percentage of unlent funds used for cheap redemption (currently 1% of all deposited assets).

Additional functions

As part of the Security Management policy, there are 2 more functions with different privileges on the IdleToken contract

mintIdleToken and rebalance can be paused during emergency situations, while redeemIdleToken and redeemInterestBearingTokens will always be available.

Product
Guardian

Senior BY vaults

Junior BY vaults

where

  • Idle Labs multisig has a 2/4 threshold

  • Treasury League multisig has a 3/6 threshold

  • Development League multisig has a 3/6 threshold

  • Hypernative pauser multisig has a 2/5 threshold

The guardian can be changed at any time by the governance with a proposal.

The address designated to submit new allocations is currently set to .

The Rebalancer can be changed at any time by the governance with a proposal.

For the Best Yield vaults, there is also the openRebalance available that allows anyone to submit new allocations, currently disabled for security reasons.

multisig and pauser multisig

multisig, multisig and pauser multisig

💻
OpenZeppelin upgradability pattern
governance process
0x7740792812A00510b50022D84e5c4AC390e01417
0xaDa343Cb6820F4f5001749892f6CAA9920129F2A
0xFb3bD022D5DAcF95eE28a6B07825D4Ff9C5b3814
0xe8eA8bAE250028a8709A3841E0Ae1a44820d677b
0xBaeCba470C229984b75BC860EFe8e97AE082Bb9f
0xB3C8e5534F0063545CBbb7Ce86854Bf42dB8872B
Idle Labs
Hypernative
Treasury League
Development League
Hypernative