There are a selection of risk management policies that, if enabled, restrict your product from trading if certain conditions are met. They are permanent until the next protocol upgrade.
The following configurations should be handled with caution as they can severely limit Vault management activity. If you have any questions about using any of the below policies, come and discuss them with us.
All risk management policies aside from Flash Loan Protection can be found in the modal that appears after clicking theAdd a Policy (optional) button.
Flash Loan Protection (strongly recommended)
This policy sets a minimum time between deposits and withdrawals to prevent against flash loan attacks. It should never be zero (unless you have a really whacky use-case in mind we haven't thought of!). We recommend that you set this time lock to 24 hours to secure against expensive and sophisticated attacks. At a very minimum though, we would expect this to be set to 1 second.
Note: The primary goal for this policy is to protect against flash loan attacks, in which case a 1 second time lock would be an acceptable protection to use between deposit sand withdrawals. However, we can not rule out the possibility of price oracles being attacked for a more prolonged period of time. Whilst we trust that our oracle provider (Chainlink) takes a lot of precautions in the quality of the price it procures - liquidity is constantly changing in the underlying assets at any time and with it the cost to manipulate a price feed. As a matter of precaution against more expensive and prolonged attacks on the price of an assets, we would therefore recommend Managers use a time lock of 24 hours.
Adapter Whitelist (optional)
This policy enables the Vault to limit their usage to certain pre-specified adapters (eg. Synthetix). Note that usage of any DeFi protocol adapter not in an adapter whitelist will be restricted. There are cases that this could be beneficial (eg. a synth-only product) but it can also be crippling (eg. If Synthetix upgrades to v3, Portfolio Manager cannot access v3 until the subsequent Enzyme release).
Adapter Blacklist (optional)
This policy prevents the Vault from using certain adapters. Note that this policy should be used with caution as it can severely limit Vault management activity until the subsequent protocol release. There are cases that this could be beneficial (eg. if you want to make a point that your Vault doesn't interact with a certain adapter (integration) which you thinks has a bad reputation).
Asset Whitelist (optional)
This policy permits the Vault Manager to create a sub-universe of assets from the available asset universe. Once an asset whitelist is curated, the Vault Manager will only be allowed to buy in and hold any asset which is part of the contract’s whitelist.
Asset Blacklist (optional)
This policy enables the Vault Manager to create a list of assets which are not actively available for trading by the fund.