rwaUSD: Overcollateralizing
Last updated
Was this helpful?
Last updated
Was this helpful?
The user can get rwaUSD by overcollateralizing their LUMIA.
This option is implemented through the Lumia rwaUSD CDP Protocol.
Lumia rwaUSD CDP is a decentralized lending protocol, extending the .
It is customized for Lumia to enable LUMIA token holders to use their tokens as collateral for borrowing the rwaUSD stablecoin.
Later on, we plan to whitelist and support different types of tokenized RWAs as collateral, with different collateralization ratios.
It works fairly simply: The user deposits whitelisted assets as collateral into a smart contract called vault, allowing them to mint and withdraw RWAs. In order to avoid liquidation, vaults must maintain a required (HF) determined by our data-driven risk model.
The protocol is implemented as a set of smart contracts.
The smart contracts implementing the protocol are:
API3MarketPriceFeed () — Adapter; gets the latest WLUMIA price from the market, with a 24h price update threshold.
AuctionManager () — Manages the auction where the liquidated user funds are sold to cover the user's debt.
LastResortLiquidation () — Manages collateral and bad debt distribution. Initiates the liquidation process when the user's collateral goes under the min threshold to the amount of minted rwaUSD; this leads to selling the user's collateralized assets in an auction to cover the debt.
LiquidationRouter () — Handles liquidation and redistribution of collaterals and debts in the system.
Mintable Token Owner () — Implements the owner of the rwaUSD mintable token contract.
OwnerProxy () — Allows the main owner to add fine-grained permissions to other operators (addresses).
SmartVaultProxy () — Enables the execution of whitelisted methods authorized by the proxy owner across all smart vaults.
Smart Vault Deployer () — Deploys new instances of the Vault contract.
TokenToPriceFeed () — Gets the latest market price for a specified token. Controls price feed configurations.
rwaUSD mintable token () — Burns/mints rwaUSD for the user.
VaultBorrowRate () — Calculates the borrow rate for a specified Vault.
VaultExtraSettings () — Manages extra settings for a Vault instance: maximum redeemable percentage, debt treshold, redemption fee kickback.
VaultFactory () — Manages the creation, configuration, and operations of Vaults with collateral and borrowing functionality.
VaultFactoryZapper () — Facilitates the creation of Vaults and manages their operations.
VaultFactoryHelperV2 () — Provides various functions to retrieve information about vaults in a vault factory.
WLUMIA token () — Burns/mints the wrapped LUMIA token for the user.
Also, the following diagrams refer to the unit test and outlines, in broader details, the workflow and interaction:
The following methods require owner privileges across the Lumia rwaUSD CDP Protocol.
Owner can configure core auction parameters.
setVaultFactory(address _vaultFactory): Updates the vault factory address
setAuctionDuration(uint256 _auctionDuration): Sets the duration for auctions
setLowestHF(uint256 _lowestHF): Sets the lowest acceptable health factor
Manages collateral and bad debt distribution.
addAllowed(address _allowed): Adds an address to the allowed operators list
removeAllowed(address _allowed): Removes an address from the allowed operators list
withdrawCollateral(address _collateral, uint256 _amount, address _to): Withdraws collateral to specified address
distributeBadDebt(address _vault, uint256 _amount): Distributes bad debt to a specific vault
Controls price feed configurations.
setTokenPriceFeed(address _token, address _priceFeed, uint256 _mcr, uint256 _mlr, uint256 _borrowRate, uint256 _decimals):
Sets or updates price feed parameters for a token
Controls Minimal Collateral Ratio (MCR)
Sets Minimal Liquidation Ratio (MLR)
Defines borrowing rates
transferOwnership(address newOwner): Transfers ownership of the contract
Core configuration of the vault system.
setMaxTokensPerVault(uint256 _maxTokensPerVault): Maximum tokens allowed per vault
setPriceFeed(address _priceFeed): Updates the price feed contract address
setRedemptionRate(uint256 _redemptionRate): Sets the redemption fee rate
setBorrowRate(address _borrowRate): Sets the contract address for calculating borrow rates
setRedemptionHealthFactorLimit(uint256 _redemptionHealthFactorLimit): Sets minimum health factor for redemptions
setBorrowFeeRecipient(address _borrowFeeRecipient): Sets address receiving borrowing fees
setRedemptionFeeRecipient(address _redemptionFeeRecipient): Sets address receiving redemption fees
setDebtCeiling(uint256 _debtCeiling): Sets maximum total debt allowed in the system
setMaxDebtPerWindow(uint256 _maxDebtPerWindow): Sets maximum debt that can be taken in a time window
setDebtWindowSize(uint256 _debtWindowSize): Sets the size of the time window for debt limits
setCollateralCapacity(address _collateral, uint256 _capacity): Sets maximum amount of a specific collateral type
setLiquidationRouter(address _liquidationRouter): Updates the liquidation router address
setVaultDeployer(address _vaultDeployer): Sets the contract responsible for deploying new vaults
Controls additional vault parameters.
setMaxRedeemablePercentage(uint256 _debtTreshold, uint256 _maxRedeemablePercentage): Sets maximum redeemable percentage and debt threshold
setRedemptionKickback(uint256 _redemptionKickback): Sets redemption fee kickback rate
Manages permissions for smart vault operations.
addPermission(address targetAddress, bytes4 targetSignature): Whitelists method calls
removePermission(address targetAddress, bytes4 targetSignature): Removes whitelisted methods
setRewardFee(uint16 _newRewardFee): Sets reward fee percentage
setRewardCollector(address newRewardCollector): Updates reward collector address
transferOwnership(address newOwner): Transfers ownership of the contract
Manages fine-grained permissions.
addPermission(address caller, address targetAddress, bytes4 targetSignature): Grants specific call permissions
removePermission(uint256 permissionHash): Revokes specific permissions
executeOwner(address target, string memory func, bytes memory data): Executes privileged calls
Controls token minting privileges.
transferTokenOwnership(address _newOwner): Transfers token ownership
addMinter(address _newMinter): Adds new minting privileges
revokeMinter(address _minter): Revokes minting privileges
Manages fee distribution.
claimRewards(address[] tokenFrom, address[] tokenTo, bool[] stable, uint256 amountOutMin): Claims and swaps rewards
forceWithdraw(address[] tokenFrom, address to): Emergency withdrawal of tokens
setfeeReceiver(address _feeReceiver): Updates fee receiver address
setRouter(address _router): Updates the router contract address used for swaps
setVaultFactory(address _vaultFactory): Updates the vault factory address
setA3AToken(address _a3aToken): Sets the A3A token address
setSlashingDuration(uint256 _round, uint256 _duration): Sets duration for a slashing round
setSlashingRate(uint256 _round, uint256 _rate): Sets rate for a slashing round
setSlashingReturnForStabilityPool(uint256 _slashingReturnForStabilityPool): Sets percentage of slashed tokens returned to stability pool
setStabilityPool(address _stabilityPool): Sets the stability pool address
setVaultFactory(address _vaultFactory): Updates the vault factory address
setFactory(address _factory): Sets the factory contract address
setStable(address _stable): Sets the stable token address
setA3aToken(address _a3aToken): Sets the A3A token address
setVaultFactory(address _vaultFactory): Updates the vault factory address
setStabilityPool(address _stabilityPool): Sets the stability pool address
setAuctionManager(address _auctionManager): Sets the auction manager address
setLastResortLiquidation(address _lastResortLiquidation): Sets the last resort liquidation address
Ownership Transfer
Most contracts inherit from OpenZeppelin's Ownable
Use transferOwnership() carefully as it transfers all privileges
Consider using multi-sig wallets for ownership
Every contract that inherits from Ownable includes a transferOwnership(address newOwner) method
This method should be used with extreme caution as it transfers complete control of the contract
The OwnerProxy contract provides a way to delegate specific contract method permissions to different addresses. This allows for fine-grained access control beyond simple ownership.
Adding Permissions (Owner only)
Example:
Revoking Permissions (Owner only)
For Whitelisted Operators
Example:
For Owner Only
Only the owner can call this method
No permission check is performed
Can execute any method on any contract
Permissions are stored as hashes combining caller, target, and method signature
Each permission must be explicitly granted
Permissions can be revoked individually
Owner can execute any method without needing explicit permission
When Granting Permissions
Verify the target contract address carefully
Double-check method signatures
Test permissions with small operations first
When Executing Methods
Verify encoded parameters before execution
Use helper functions to encode data correctly
Keep track of granted permissions
Security Considerations
Maintain a list of all granted permissions
Regularly audit active permissions
Remove unused permissions promptly
Consider using timelock for sensitive operations
To better understand the interaction of smart contracts and the flow, rely on the showing the whole flow.
For more information, see the .
