Governance

Introduction

We believe that the best way to scale a DeFi protocol is via progressive decentralization. Hifi is ultimately a startup, and we have to deal with uncertainty when it comes to:

  1. Product/ market fit

  2. Smart contract security

Achieving both is no easy feat. This is why in the first release of the protocol (internally referred to as "Battersea"), the focus won't be on decentralizing governance.

Product/ Market Fit

Our contracts are not upgradeable, but that doesn't mean that we're not looking to improve the protocol through migrations. Being able to unilaterally make decisions about the next migration will speed up the development process and will enable us to get to a point where lots of people enjoy our fixed-rate lending products.

Smart Contract Security

Smart contracts are a powerful technology, but the fact that they are immutable once deployed brings risks. We hedge against these risks in the following ways:

  1. Enforce caps on how much debt can be taken on by borrowers.

  2. Have the ability to pause most operations (except for collateral withdrawals).

With time, the protocol will become more resilient and safe to use. We will subsequently remove the limits.

Fintroller Permissions

In the first release of the protocol, the Fintroller contract is the de-facto administrator. All other contracts have a storage property that links to an instance of a Fintroller.

The Fintroller plays five important roles:

  1. Whitelists specific fyTokens, which are indexed by our subgraph.

  2. Sets the debt ceiling for each whitelisted fyToken.

  3. Sets the liquidation incentive that users earn when liquidating a vault.

  4. Decides which operations are permitted/ paused on a specific fyToken.

  5. Chooses what oracle to use for pulling price data.

Note that by default, all fyTokens operations are permitted (borrow, repay borrow, liquidate borrow, etc.). It is only if and when we discover a vulnerability that we may take recourse to the pausing functionality. Furthermore, note that in any case the Fintroller is not able to pause collateral withdrawals from the BalanceSheet.

Multisig

The developers of the protocol are currently in control of the following multisig wallet:

Which is the administrator of the Fintroller contract. With time, we will transition to a system whereby any user of the protocol can cast their opinion in the governance of Hifi.