VenusProtocol
diff --git a/‎.gitbook/assets/riskSteward.png‎
755 KB b/‎.gitbook/assets/riskSteward.png‎
755 KB
diff --git a/‎risk/risk-oracle-and-risk-stewards.md‎
Lines changed: 66 additions & 0 deletions b/‎risk/risk-oracle-and-risk-stewards.md‎
Lines changed: 66 additions & 0 deletions
diff --git a/‎technical-reference/reference-governance/MarketCapsRiskSteward.md‎
Lines changed: 112 additions & 0 deletions b/‎technical-reference/reference-governance/MarketCapsRiskSteward.md‎
Lines changed: 112 additions & 0 deletions
diff --git a/‎technical-reference/reference-governance/RiskStewardReceiver.md‎
Lines changed: 201 additions & 0 deletions b/‎technical-reference/reference-governance/RiskStewardReceiver.md‎
Lines changed: 201 additions & 0 deletions
@@ -0,0 +1,66 @@
+# Risk Stewards & Risk Oracles
+
+## Overview
+
+Venus Protocol incorporates Risk Oracles and Risk Stewards to ensure risk parameters remain up-to-date, resilient, and aligned with real-time market conditions—all while preserving decentralized governance. Previously, Venus relied on manually created VIPs to apply risk updates based on Chaos Labs recommendations. With the introduction of the Risk Steward and its on-chain receiver, this process is now automated through a secure and permissioned mechanism. In the initial phase, only market cap-related parameters—specifically supply caps and borrow caps—will be updated automatically, improving responsiveness and operational efficiency.
+
+---
+
+## Chaos Labs Risk Oracle
+
+The **Chaos Labs Risk Oracle** is a system designed to continuously analyze market conditions—such as price volatility, liquidity, asset utilization, and liquidation events—and generate risk parameter recommendations tailored to the Venus Protocol.
+
+### Key Benefits:
+
+- **Real-time updates** to key parameters like supply and borrow caps
+- **Automated adjustments** to ensure optimal lending and borrowing rates
+- **More responsive risk management** with lower latency
+- **Reduced operational overhead** for the Venus community
+
+The Risk Oracle makes Venus more adaptable while ensuring parameters remain within safe and governance-approved limits.
+
+---
+
+## Risk Steward
+
+A **Risk Steward** is an on-chain smart contract that executes risk parameter updates on behalf of the protocol, based on recommendations from the Risk Oracle. Venus has introduced this role to bridge off-chain risk intelligence with on-chain execution in a controlled, transparent way.
+
+### Role of the Risk Steward:
+
+- Reads values from the Risk Oracle during execution
+- Updates only pre-approved risk parameters (e.g., supply caps, borrow caps)
+- Operates within limits set by Venus governance
+- Cannot modify critical protocol settings such as interest rate models, market listings, or governance controls
+
+This structure ensures **faster, automated adjustments** without compromising community control.
+
+---
+
+## How It Works
+
+1. **Data Source**: Chaos Labs publishes updated recommendations via the Risk Oracle.
+2. **Keeper Role**: A Keeper bot observes changes and initiates transactions to update Venus Protocol’s parameters.
+3. **Validation**: During execution, Venus contracts read and apply new values **only if they are within predefined safety bounds**.
+4. **Challenge Window**:  Critical updates, which will be introduced in an upcoming phase, will go through governance and can be **challenged or vetoed** during a defined challenge window before they take effect.
+
+## Governance & Control
+
+Importantly, this system does **not bypass protocol governance**. All automated updates happen within constraints defined and approved by the Venus community.
+
+Any change made through the Risk Oracle follows an **optimistic governance model**:
+
+This process **preserves decentralization** while enabling faster, safer protocol maintenance.
+
+---
+
+## What’s Next
+
+Initially, the integration focuses on automating supply and borrow cap updates. Over time, additional parameters may be supported as part of a gradual rollout, always subject to DAO approval and governance-defined constraints.
+
+---
+
+## Learn More
+
+- [Chaos Labs: Risk Oracles — Real-Time Risk Management for DeFi](https://chaoslabs.xyz/posts/risk-oracles-real-time-risk-management-for-defi)  
+- [Venus Community Proposal: Integrate Chaos Labs Risk Oracle](https://community.venus.io/t/integrate-chaos-labs-risk-oracle-to-venus-protocol/4569)
+
@@ -0,0 +1,112 @@
+# MarketCapsRiskSteward
+Contract that can update supply and borrow caps received from RiskStewardReceiver. Requires that the update is within the max delta.
+Expects the new value to be an encoded uint256 value of un padded bytes.
+
+# Solidity API
+
+### maxDeltaBps
+
+The max delta bps for the update relative to the current value
+
+```solidity
+uint256 maxDeltaBps
+```
+
+- - -
+
+### CORE_POOL_COMPTROLLER
+
+Address of the CorePoolComptroller used for selecting the correct comptroller abi
+
+```solidity
+contract ICorePoolComptroller CORE_POOL_COMPTROLLER
+```
+
+- - -
+
+### RISK_STEWARD_RECEIVER
+
+Address of the RiskStewardReceiver used to validate incoming updates
+
+```solidity
+contract IRiskStewardReceiver RISK_STEWARD_RECEIVER
+```
+
+- - -
+
+### SUPPLY_CAP
+
+The update type for supply caps
+
+```solidity
+string SUPPLY_CAP
+```
+
+- - -
+
+### BORROW_CAP
+
+The update type for borrow caps
+
+```solidity
+string BORROW_CAP
+```
+
+- - -
+
+### setMaxDeltaBps
+
+Sets the max delta bps
+
+```solidity
+function setMaxDeltaBps(uint256 maxDeltaBps_) external
+```
+
+#### Parameters
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| maxDeltaBps_ | uint256 | The new max delta bps |
+
+#### 📅 Events
+* Emits MaxDeltaBpsUpdated with the old and new max delta bps
+
+#### ⛔️ Access Requirements
+* Controlled by AccessControlManager
+
+#### ❌ Errors
+* InvalidMaxDeltaBps if the max delta bps is 0 or greater than MAX_BPS
+
+- - -
+
+### processUpdate
+
+Processes a market cap update from the RiskStewardReceiver.
+Validates that the update is within range and then directly update the market supply or borrow cap on the market's comptroller.
+RiskParameterUpdate shape is as follows:
+ * newValue - encoded uint256 value of un padded bytes
+ * previousValue - encoded uint256 value of un padded bytes
+ * updateType - supplyCap | borrowCap
+ * additionalData - encoded bytes of (address underlying, uint16 destChainId)
+
+```solidity
+function processUpdate(struct RiskParameterUpdate update) external
+```
+
+#### Parameters
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| update | struct RiskParameterUpdate | RiskParameterUpdate update to process. |
+
+#### 📅 Events
+* Emits SupplyCapUpdated or BorrowCapUpdated depending on the update with the market and new cap
+
+#### ⛔️ Access Requirements
+* Only callable by the RiskStewardReceiver
+
+#### ❌ Errors
+* OnlyRiskStewardReceiver Thrown if the sender is not the RiskStewardReceiver
+* UnsupportedUpdateType Thrown if the update type is not supported
+* UpdateNotInRange Thrown if the update is not within the allowed range
+
+- - -
+
@@ -0,0 +1,201 @@
+# RiskStewardReceiver
+Contract that can read updates from the Chaos Labs Risk Oracle, validate them, and push them to the correct RiskSteward.
+
+# Solidity API
+
+### riskParameterConfigs
+
+Mapping of supported risk configurations and their validation parameters
+
+```solidity
+mapping(string => struct RiskParamConfig) riskParameterConfigs
+```
+
+- - -
+
+### RISK_ORACLE
+
+Whitelisted oracle address to receive updates from
+
+```solidity
+contract IRiskOracle RISK_ORACLE
+```
+
+- - -
+
+### lastProcessedTime
+
+Mapping of market and update type to last update timestamp. Used for debouncing updates.
+
+```solidity
+mapping(bytes => uint256) lastProcessedTime
+```
+
+- - -
+
+### processedUpdates
+
+Mapping of processed updates. Used to prevent re-execution
+
+```solidity
+mapping(uint256 => bool) processedUpdates
+```
+
+- - -
+
+### UPDATE_EXPIRATION_TIME
+
+Time before a submitted update is considered stale
+
+```solidity
+uint256 UPDATE_EXPIRATION_TIME
+```
+
+- - -
+
+### initialize
+
+Initializes the contract as ownable, pausable, and access controlled
+
+```solidity
+function initialize(address accessControlManager_) external
+```
+
+#### Parameters
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| accessControlManager_ | address | The address of the access control manager |
+
+- - -
+
+### pause
+
+Pauses processing of updates
+
+```solidity
+function pause() external
+```
+
+#### ⛔️ Access Requirements
+* Controlled by AccessControlManager
+
+- - -
+
+### unpause
+
+Unpauses processing of updates
+
+```solidity
+function unpause() external
+```
+
+#### ⛔️ Access Requirements
+* Controlled by AccessControlManager
+
+- - -
+
+### setRiskParameterConfig
+
+Sets the risk parameter config for a given update type
+
+```solidity
+function setRiskParameterConfig(string updateType, address riskSteward, uint256 debounce) external
+```
+
+#### Parameters
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| updateType | string | The type of update to configure |
+| riskSteward | address | The address for the risk steward contract responsible for processing the update |
+| debounce | uint256 | The debounce period for the update |
+
+#### 📅 Events
+* Emits RiskParameterConfigSet with the update type, previous risk steward, new risk steward, previous debounce,
+* new debounce, previous active status, and new active status
+
+#### ⛔️ Access Requirements
+* Controlled by AccessControlManager
+
+#### ❌ Errors
+* Throws UnsupportedUpdateType if the update type is an empty string
+* Throws InvalidDebounce if the debounce is 0
+* Throws ZeroAddressNotAllowed if the risk steward address is zero
+
+- - -
+
+### toggleConfigActive
+
+Toggles the active status of a risk parameter config
+
+```solidity
+function toggleConfigActive(string updateType) external
+```
+
+#### Parameters
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| updateType | string | The type of update to toggle on or off |
+
+#### 📅 Events
+* Emits ToggleConfigActive with the update type and the new active status
+
+#### ⛔️ Access Requirements
+* Controlled by AccessControlManager
+
+#### ❌ Errors
+* Throws UnsupportedUpdateType if the update type is not supported
+
+- - -
+
+### processUpdateById
+
+Processes an update by its ID. Will validate that the update configuration is active, is not expired, unprocessed, and that the debounce period has passed.
+Validated updates will be processed by the associated risk steward contract which will perform update specific validations and apply validated updates.
+
+```solidity
+function processUpdateById(uint256 updateId) external
+```
+
+#### Parameters
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| updateId | uint256 | The ID of the update to process |
+
+#### 📅 Events
+* Emits RiskParameterUpdated with the update ID
+
+#### ❌ Errors
+* Throws ConfigNotActive if the config is not active
+* Throws UpdateIsExpired if the update is expired
+* Throws ConfigAlreadyProcessed if the update has already been processed
+* Throws UpdateTooFrequent if the update is too frequent
+
+- - -
+
+### processUpdateByParameterAndMarket
+
+Processes the latest update for a given parameter and market. Will validate that the update configuration is active, is not expired,
+unprocessed, and that the debounce period has passed.
+Validated updates will be processed by the associated risk steward contract which will perform update specific validations and apply validated updates.
+
+```solidity
+function processUpdateByParameterAndMarket(string updateType, address market) external
+```
+
+#### Parameters
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| updateType | string | The type of update to process |
+| market | address | The market to process the update for |
+
+#### 📅 Events
+* Emits RiskParameterUpdated with the update ID
+
+#### ❌ Errors
+* Throws ConfigNotActive if the config is not active
+* Throws UpdateIsExpired if the update is expired
+* Throws ConfigAlreadyProcessed if the update has already been processed
+* Throws UpdateTooFrequent if the update is too frequent
+
+- - -
+