Credit Configurator

The CreditConfiguratorV3 is the administrative gateway for the Credit Suite. It validates parameter changes and propagates them to the Credit Manager and Credit Facade. Importantly, it does not store configuration state itself - it acts as a validation layer.

Architecture

User/DAO -> CreditConfiguratorV3 (validation) -> CreditManagerV3/CreditFacadeV3 (state)

The Configurator ensures all changes are valid before forwarding them to the appropriate contract. This separation allows for:

  • Centralized validation logic

  • Consistent access control

  • Audit trail through events


Token & Risk Management

Adding Collateral Tokens

function addCollateralToken(address token, uint16 liquidationThreshold);

Validation:

  • Token must be valid ERC-20

  • Must have price feed in PriceOracle

  • Must be quoted in PoolQuotaKeeper

  • LT cannot exceed underlying's LT

For Phantom Tokens:

  • The deposited (underlying) token must already exist as collateral

  • Phantom token represents staked/wrapped position

Adjusting Liquidation Thresholds

Ramping allows gradual LT changes over time, preventing sudden liquidation cascades when risk parameters are adjusted.

Forbidding/Allowing Tokens

Function
Access
Use Case

forbidToken(address token)

Pausable Admins

Emergency: mark token as risky

allowToken(address token)

Configurator

Restore normal token status

Forbidden tokens still count toward collateral (with safe pricing) but have restrictions on quota increases and balance changes.


Fee Management

Configurable Fees

Parameter
Description

feeLiquidation

DAO fee on standard liquidations

liquidationPremium

Reward for liquidators

feeLiquidationExpired

Higher DAO fee for expired accounts

liquidationPremiumExpired

Higher reward for expired liquidations

Constraints:

  • feeLiquidation <= liquidationPremium

  • feeLiquidationExpired <= feeLiquidation

  • liquidationPremium + feeLiquidation < 100%

  • Fee sum must remain constant (prevents sudden changes)

The relationship ensures liquidators are always incentivized and the protocol takes a smaller cut than the liquidator reward.


Borrowing Limits

Debt Bounds

Validation:

  • minDebt <= maxDebt

  • maxDebt * maxEnabledTokens <= minDebt * 100 (safety ratio)

  • USD value of minDebt must be non-zero

The safety ratio ensures accounts aren't opened with tiny debt that would be uneconomical to liquidate.

Per-Block Multiplier

forbidBorrowing() is an emergency action available to Pausable Admins. It immediately halts all new borrowing without requiring a DAO vote.


Adapter Management

Allowing Adapters

Validation:

  • Adapter must implement creditManager() returning this Credit Manager

  • Adapter must implement targetContract() returning the DeFi protocol

  • Cannot target the Facade or Manager itself

Registration:

  • Creates bidirectional mapping: adapter <-> targetContract

  • Credit Account can only call whitelisted adapters

  • Each target protocol has exactly one adapter


System Upgrades

Oracle Updates

Allows switching to a new price oracle implementation. The new oracle must support all currently configured collateral tokens.

Facade Migration

When migrateParams is true, debt limits and other Facade parameters are copied to the new contract. This enables upgrading the user-facing interface while preserving configuration.

Configurator Upgrade

Transfers configurator role to a new contract. Used when the validation logic itself needs updating.


Access Control Model

Role Hierarchy

Role
Capabilities

Configurator

All structural changes: tokens, fees, adapters, debt limits, upgrades

Pausable Admin

Emergency actions: forbidToken, forbidBorrowing (no DAO vote required)

Cross-Contract Verification

The Credit Manager and Facade verify that configuration calls come from the registered Configurator:

This prevents unauthorized parameter changes even if an attacker gains access to admin keys for other contracts.

chevron-rightSourceshashtag

Last updated