Membrane Whitelisted Address for Deployment of Stablecoin Protocol contracts

Membrane Whitelisted Address for Deployment of CDP Stablecoin Protocol

This proposal grants the address osmo1988s5h45qwkaqch8km4ceagw2e08vdw28mwk4n the ability to upload CosmWasm contracts to Osmosis without needing further governance approval for each upload. This address is managed by @brane_trix.

Contracts

This proposal would allow upload of Membrane’s CDP, Governance & Launch contracts. The main CDP contracts that influence capital have been audited by Oak Security with a grant by OGP.

The launch contract initiates a Lockdrop that distributes 10% of MBRN supply, creates MBRN & CDT (the stable) OSMO LPs, incentivizes the CDT pool with 2M MBRN over a year & acquires the MBRN LP as POL. This ensures MBRN has liquidity to absorb any bad debt auctions that the protocol experiences, acting as a foundation for CDT user solvency from the jump.

Permissions

This proposal only signals approval for the initial Membrane contracts and their potential upgrades.

About Membrane

Membrane was founded in response to the survival of Terra’s collapse and is focused on creating a robust, user-first debt token as the foundation of the protocol’s economy. Cosmos still needs a resilient decentralized stablecoin & Osmosis is the best place to launch it.

With a founding team of 1 it is imperative to reduce central control of the protocol as well as decentralizing the value created by it, which is the leading incentive to enable delegatible governance power/commission & distributing a larger % of supply early on.

Docs: What is Membrane? - Membrane Docs
Github: Membrane · GitHub
Twitter: https://twitter.com/insaneinthembrn
Discord: Membrane

Pre-Requisites

• Testing is still being conducted on testnet until at minimum 9/22.
• This pull request being merged and added into the next osmosis-std version to enable the incentive creation (MsgCreateGuage incorrect type · Issue #88 · osmosis-labs/osmosis-rust · GitHub)
• A proposer to submit this proposal for Membrane as I don’t have the required OSMO necessary to submit.

Target On-Chain Date: TBD

Yes:

• I have been reading your code the whole time.
• Audits
• deep contextual understanding of your market
• no feeling of “stuff is hidden”

Thanks for all the work you put in.

Yes, I have been following your progress for a while!

Excited to see membrane coming online soon.

I guess you can find a proposer rather sooner than later

Is there a need for new incentives for the CDT pool? Can’t we use the current external reward for that purpose?

This would be using the current external incentive mechanism, there is just an issue with the code.

Thanks for the very quick response!

How does the external incentive for MBRN work different than compared to what all kind of other projects have already done?

It’s not different, just incentivizing 14 day locks for the LP. It likely still works on chain using manual methods but this is deployed using a smart contract which requires using osmosis-std.

Ok, and it needs to be done with a smart contract because of the other things being used as well (like POL) or due to potential automation?

Otherwise I fail to see the use of uploading the same feature as smart contract while it is already proven with the current on-chain method.

The entire smart contract is to automate the entire setup of Membrane’s system.

The point of allowing Osmosis smart contract’s to use Osmosis functionality is fairly simple, without it you wouldn’t be able to programmtically swap, LP, etc meaning no vaults (Quasar/Apollo), no routers, and whatever else people would build.

In our case, not having it in a smart contract would mean Membrane governance mints MBRN to a multi-sig that would then need to do it manually, which adds unnecessary risk & friction to everyone involved.

It is moving in the right direction ^^

There’s a bug in the liquidation queue contract that would allow an attacker to claim liquidated collateral belonging to all bidders

could u expand on this?

Fixed thanks to hans

Thank you very much for stepping in here.

Code reviewers for smart-contracts are widely undervalued I guess.

Thanks!

Hi all,

I’m Vini (@unl1k3ly), the managing director of SCV-Security.

I just want to further clarify this vulnerability as SCV were the ones that identified the problematic code during an audit on a client of ours. We knew Kujira were running the same underlying component and We initiated the responsible disclosure to them at the time. @Codehans identified and kindly reported the same problematic component to the Membrane team as it was missed during the audit engaged by OGP.

I feel this note is important to raise since SCV is also trying to participate in the OGP securing Osmosis projects launching on-chain along with Osmosis stack.

Cheers