Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
@dolomite-exchange/dolomite-margin
Advanced tools
Ethereum Smart Contracts and TypeScript library used for the DolomiteMargin trading protocol
Ethereum Smart Contracts and TypeScript library used for the Dolomite Trading Protocol. Currently used by app.dolomite.io
Most of the changes made to the protocol are auxiliary and don't impact the core contracts. These core changes are
rooted in fixing a bug with the protocol and making the process of adding a large number of markets much more gas
efficient. Prior to the changes, adding a large number of markets, around 10+, would result in an n
increase in gas
consumption, since all markets needed to be read into memory. With the changes outlined below, now only the necessary
markets are loaded into memory. This allows the protocol to support potentially hundreds of markets in the same
deployment,
which will allow DolomiteMargin to become one of the most flexible and largest (in terms of number of non-isolated
markets)
margin systems in DeFi. The detailed changes are outlined below:
0.5.7
to 0.5.16
.getPartialRoundHalfUp
function that's used when converting between Wei
& Par
values. The reason for
this change is that there would be truncation issues when using getPartial
or getPartialRoundUp
, which would lead
to lossy conversions to and from Wei
and Par
that would be incorrect by 1 unit.numberOfMarketsWithDebt
field to Account.Storage, which makes checking
collateralization for accounts that do not have an active borrow much more gas efficient. If numberOfMarketsWithDebt
is 0
, state.isCollateralized(...)
always returns true
. Else, it does the normal collateralization check.marketsWithNonZeroBalanceSet
which function as an enumerable hash set. Its implementation mimics
Open Zeppelin's
with adjustments made to support only the uint256
type (for gas efficiency's sake).
O(1)
time, a user's active markets, for reading markets into memory
in OperationImpl. These markets are needed at the end of each
transaction for checking the user's collateralization. It's understood that reading this user's array into memory
can be more costly gas-wise than the old algorithm, but as the number of markets listed grows to the tens or
hundreds, the new algorithm will be much more efficient.address
and second
by a uint256
account number). Through UI patterns and organizing the protocol such that a lot of these markets (
at scale) won't be for ordinary use by end-users, the protocol will fight against these DOS attacks.uint256
variable.
Once populated, the bitmap is read into an array that's pre-sorted in O(m)
, where m
represents the number of
items in the bitmap, not the total length of it (where the length equals the number of total bits, 256).
O(1)
time using crafty bit math. Then, since the
final array that the bitmap is read into is sorted, it can be searched in later parts
of OperationImpl in O(log(n))
time, and iterated in it entirety
in O(m)
, where m
represents the number of items.contracts/protocol/impl
and are named after the action(s) they represent.DolomiteMargin
.specialAutoTraders
mapping (address => bool)
. If it is, interactions
with DolomiteMargin must be done through a global operator.maxSupplyWei
and maxBorrowWei
fields in the Market
struct in Storage.
DolomiteMargin
such that
there isn't enough liquidity to perform timely liquidations.
maxSupplyWei
or maxBorrowWei
is set that is higher than the current TVL, all new actions involving that
currency must lower the TVL or keep it the same (not accounting for any increase in Wei
value that occurs from
users paying the borrow rate on that asset).earningsRateOverride
to the Market
struct so a particular market can fine-tune the fees paid to the protocol
for borrowing.accountMaxNumberOfMarketsWithBalances
to RiskParams
which limits how many assets a user can hold in the same
account index.
32
, meaning a user could use up to 32 unique
assets within the same margin account.oracleSentinel
to RiskParams
which allows DolomiteMargin to disable borrowing or liquidations when the
sequencer is down for a L2.accountRiskOverrideSetterMap
to RiskParams
which allows an address to override the default margin ratio,
margin ratio premium, liquidation spread, and liquidation spread premium for a given market.
interestRateMax
to RiskLimits
to prevent the interest rate from ever being too high.
Documentation can be found at docs.dolomite.io.
npm i @dolomite-exchange/dolomite-margin
https://docs.dolomite.io/#/contracts?id=arbitrum-mainnet
https://docs.dolomite.io/#/contracts?id=arbitrum-rinkeby
The original DolomiteMargin smart contracts were audited independently by both Zeppelin Solutions and Bramah Systems.
Zeppelin Solutions Audit Report
Some changes discussed above were audited by SECBIT Labs. We plan on performing at least one more audit of the system before the new Recyclable feature is used in production.
[SECBIT Audit Report](./docs/Dolomite Margin - SECBIT - 2021-08-02.pdf)
All production smart contracts are tested and have the vast majority of line and branch coverage.
This repository uses solidity-coverage to generate code coverage reports.
To run code coverage, first start an instance of the local RPC using npm run coverage_node
Then, run test coverage script in a separate terminal instance: npm run coverage
. Note, this script takes a long time
to execute!
The disclosure of security vulnerabilities helps us ensure the security of all DolomiteMargin users.
How to report a security vulnerability?
If you believe you’ve found a security vulnerability in one of our contracts or platforms, send it to us by emailing security@dolomite.io. Please include the following details with your report:
A description of the location and potential impact of the vulnerability.
A detailed description of the steps required to reproduce the vulnerability.
Scope
Any vulnerability not previously disclosed by us or our independent auditors in their reports.
Guidelines
We require that all reporters:
Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.
Use the identified communication channels to report vulnerability information to us.
Keep information about any vulnerabilities you’ve discovered confidential between yourself and Dolomite until we’ve had 30 days to resolve the issue.
If you follow these guidelines when reporting an issue to us, we commit to:
Not pursue or support any legal action related to your findings.
Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission).
Grant a monetary reward based on the OWASP risk assessment methodology.
Requires a running docker engine.
npm run build
npm run build:js
Requires a running docker engine.
Start test node:
docker-compose up
Deploy contracts to test node & run tests:
npm test
Just run tests (contracts must already be deployed to test node):
npm run test_only
Just deploy contracts to test node:
npm run deploy_test
You may open a pull request with any added or modified code. The pull request should state the rationale behind any changes or the motivation behind any additions. All pull requests should contain adequate test coverage too.
Corey Caplan
@coreycaplan3
corey@dolomite.io
Adam Knuckey
@aknuck
adam@dolomite.io
FAQs
Ethereum Smart Contracts and TypeScript library used for the DolomiteMargin trading protocol
The npm package @dolomite-exchange/dolomite-margin receives a total of 14 weekly downloads. As such, @dolomite-exchange/dolomite-margin popularity was classified as not popular.
We found that @dolomite-exchange/dolomite-margin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.