[EP 4.5] [Executable] Endowment permissions to karpatkey - Update #3


This proposal introduces new actions and strategies to the Endowment with the aim of enhancing diversification and adapting to current market conditions. Notable additions include ETH-neutral strategies involving Liquid Staking Protocols and established Money Markets.


Following the successful approval of E.P. 4.2, the second tranche of the Endowment was funded with 16,000 ETH. Community feedback during the E.P. 4.2 voting window indicated a desire to reduce exposure to Lido due to concerns about centralization risks in the network. While diversifying ETH-neutral holdings was already underway, the need for further diversification and divestment from Lido became clear during community discussions and the last Meta-gov call before the vote’s closure. Consequently, karpatkey and @steakhouse proposed a 20% cap on Lido’s maximum allocation within the ETH-neutral portfolio, set to be achieved by month-end. This proposal’s goal is to introduce new strategies for deploying the remaining 80% of the funds as well as other minor maintenance actions.


Permissions to be added in this proposal:

  1. Deposit ETH on Compound v3;
  2. Deposit ETH or WETH on AAVE v3;
  3. Deposit ETH or WETH on Spark Protocol;
  4. Stake (and unstake) ETH on Stader;
  5. Stake (and unstake) ETH on Ankr;
  6. Removal of CowSwap permissions;
  7. Removal of SushiSwap permissions*;
  8. Addition of an alternative getReward() for Aura pools;
  9. Swaps:
    1. rETH <> WETH on Balancer;
    2. rETH <> WETH on Uniswap v3;
    3. ankrETH <> wstETH on Balancer;
    4. ETHx <> WETH on Balancer;
    5. ankrETH <> ETH on Curve;
    6. ETHx <> WETH on Pancake Swap

*edited on 2023-11-03

Auditing Process

We are releasing an updated version of the "Preset Permissions - ENS Endowment’’ document, highlighting all permissions granted to karpatkey, with proposed additions marked in green and revocations in red. We encourage community members with technical expertise to review and provide feedback on the preset update payload.

In the auditing realm, significant progress has been made, with a new version of the Zodiac Roles Modifier app developed by Gnosis Guild. When fully operational, this app will allow users to input a payload and check the before-and-after status of permissions presets, enhancing the auditing process.

Furthermore, we’re actively engaged in collaborative efforts with potential partners to create a user-friendly audit report, enhancing openess for all stakeholders involved in the process. In our commitment to transparency, we’re taking an additional step by offering a self-audit report. This report sheds light on our internal procedures for assessing proposed permissions and changes, providing further insight into our practices.


Proposed Actions Overview

1. Deposit ETH on Compound v3

Compound v3 stands as one of DeFi’s pillars, celebrated for its battle-tested reliability. In this latest iteration, Compound has honed its focus on three core pillars: security, capital efficiency, and user experience. It’s important to note that Compound v3 is actively phasing out its predecessor, v2, with a well-structured transition plan for its user base. The protocol’s commitment to security is reinforced by audits from respected firms such as OpenZeppelin and ChainSecurity.

As of the date of this proposal, ~45,000 ETH are deposited in Compound v3, offering an Annual Percentage Rate (APR) of 3.29%, inclusive of COMP token rewards.

2. Deposit ETH or WETH on AAVE v3

AAVE v3 represents another cornerstone of the decentralised money market ecosystem. Since its deployment on mainnet in January 2023, AAVE v3 has steadily gained traction across multiple networks. This version introduces a range of features designed to enhance capital efficiency and decentralisation, complemented by sophisticated risk management tools.

AAVE’s commitment to security is evident through comprehensive audits conducted by prominent firms, including Trail of Bits, ABDK, Peckshield, OpenZeppelin, SigmaPrime, and formal verification by Certora. Notably, AAVE v3 currently holds a substantial ~409,000 ETH, and participants can expect anAnnual Percentage Yield (APY) of 1.91%.

3. Deposit ETH or WETH on Spark Protocol

Spark Protocol, a product stemming from MakerDAO, has made waves in the DeFi landscape by offering users the unique ability to both borrow and supply various assets, including ETH, stETH, DAI, and sDAI. This innovation significantly bolsters the accessibility and utility of the DAI ecosystem, providing users with competitive lending rates. At the time of this writing, Spark holds ~63,000 ETH.

Despite an expected APY of 1.13%, which may appear lower than some other options, it’s worth highlighting that ETH deposits on Spark qualify for a share of the future SPK airdrop, potentially adding substantial value over time.

4. Stake (and unstake) ETH on Stader

The Stader Protocol, developed by Stader Labs, represents a non-custodial liquid staking solution that strives for the delicate balance of superior user experience, staking yield, DeFi integrations, and scalability. Its multi-pool architecture incorporates both permissioned and permissionless staked pools, with plans to introduce a Distributed Validation Technology (DVT) pool in the near future.

Stader’s considerable $175M staked across 7 blockchains, with approximately $71M on mainnet alone, positions it as an attractive alternative for diversifying the Endowment’s Liquid Staking Token (LST) holdings. Its LST, ETHx, has enough liquidity to execute a 2,000 ETHx (~$3.5M) swap for ETH with less than 1% slippage - as verified through simulations on CowSwap and 1inch.

From a security standpoint, Stader has undergone rigorous audits by firms such as Halborn, Sigma Prime, and Code4rena. Additionally, Stader’s commitment to security is underlined by a $1,000,000 bug bounty program hosted on ImmuneFi.

5. Stake (and unstake) ETH on Ankr

Ankr Protocol, through its Ankr Staking platform, has played a pioneering role in liquid staking solutions, offering a novel approach to staking assets on the blockchain. Initially launched as aETHb/c and later rebranded as ankrETH, this platform has consistently aimed to promote decentralisation within its staking offerings. In this regard, Ankr has collaborated with SSV.network to integrate Distributed Validator Technology (DVT), enhancing the decentralization and security of its Liquid Staking protocol.

Ankr boasts a Total Value Locked (TVL) equivalent of $81M in staked ETH on mainnet, although its liquid staking solutions are available on 7 blockchains. According to simulations run on CowSwap and 1inch, 1700 ankrETH ($3.4M), the protocol’s LST, can be seamlessly swapped for ETH with less than 1% slippage. Security remains a paramount concern, with audits conducted by firms such as Beosin, Peckshield, Salus, and Veridise. Ankr’s commitment to security is further reinforced by an active $500,000 bug bounty program on ImmuneFi.

6. Remove CowSwap permissions

A recent protocol update rendered permission #16 - Add swapping options on Cow Swap- granted on E.P 4.1 incompatible with the Zodiac Role Modifier setup we employ for non-custodial management of the Endowment. As a result, we are eliminating the previously granted permissions until a new version of the CowswapOrderSigner contract is deployed.

7. Remove SushiSwap permissions*

The initial proposal aimed to upgrade the SushiSwap Router to the most recent version. However, following an in-depth technical review by @nick.eth, a decision was made to revoke all permissions granted to SushiSwap. This course of action was taken because, despite the limitations placed on the tokensIn and tokensOut parameters, the swap routes remained unconstrained, thereby creating the potential for arbitrary swap routes used by the asset manager. Given that SushiSwap serves merely as an auxiliary swap protocol for the Endowment, its removal is unlikely to cause any disruption.

8. Add alternative getReward() to claim rewards on Aura pools

This alternative method enables users to claim both base and extra rewards from Aura pools simultaneously. For example, in the case of a wstETH - WETH pool receiving rewards in the form of BAL, AURA, but also incentivised with LDO, this method allows users to collect all accumulated rewards in a single step, distinguishing it from the conventional whitelisted approach.

9. Swaps

To optimise liquidity during token swaps, we’re adding these swapping routes:

  • rETH <> WETH on Balancer;
  • rETH <> WETH on Uniswap v3;
  • ankrETH <> wstETH on Balancer;
  • ETHx <> WETH on Balancer;
  • ankrETH <> ETH on Curve;
  • ETHx <> WETH on Pancake Swap.

I have audited this and can confirm it matches the self-audit and description.


This is now live for voting onchain