Shared Safety Module Functionality

A Shared Safety Module is an external module that allows many individual Safety Modules to coordinate, so they can share risk by pooling reserve assets.

When a Safety Module is part of a Shared Safety Module, its ISharedSafetyModule sharedSafetyModule storage variable will be a non-zero address that is the associated SharedSafetyModule contract. If sharedSafetyModule == address(0), the Safety Module is not part of Shared Safety Module.

Specifying A Shared Safety Module

Setting a Shared Safety Module follows a three-step process, where the last two steps are similar to configuration changes (see Manage a Safety Module):

1. The Safety Module owner first sets a proposedSharedSafetyModule by calling:

/// @notice Used to set the proposed SharedSafetyModule.
/// @param proposedSharedSafetyModule_ The new proposed SharedSafetyModule.
/// @dev Only the owner can call this function.
function setProposedSharedSafetyModule(ISharedSafetyModule proposedSharedSafetyModule_) external onlyOwner {

1. The proposedSharedSafetyModule is allowed to queue itself by calling:

/// @notice Used to queue an update to this SafetyModule's SharedSafetyModule.
/// @dev Only the proposed SharedSafetyModule can call this function.
function queueSharedSafetyModule() external onlyProposedSharedSafetyModule;

1. The queued sharedSafetyModule can get applied by the proposedSharedSafetyModule after the config update delay has elapsed and within the config update grace period with SafetyModule.finalizeSharedSafetyModule:

/// @notice Finalizes an update SharedSafetyModule for the SafetyModule.
/// @dev Only the proposed SharedSafetyModule can call this function.
function finalizeSharedSafetyModule() external onlyProposedSharedSafetyModule;

The delay period allows Safety Module depositors to withdraw in case they do not wish to be part of the specified Shared Safety Module.

Shared Safety Module Privileges

A Shared Safety Module is given certain privileges with respect to the Safety Module, explained below.

Triggering the Safety Module

A Shared Safety Module is allowed to unilaterally trigger the Safety Module:

/// @notice Used to trigger the SafetyModule if it is part of a SharedSafetyModule.
/// @dev Only the SharedSafetyModule can call this function.
function sharedSafetyModuleTrigger() external onlySharedSafetyModule;

This allows the Safety Module to get triggered, in case, a sister Safety Module in the Shared Safety Module is triggered.

Note that whenever a Safety Module is triggered, while it is part of a Shared Safety Module, the payout handler for that trigger is set to be the sharedSafetyModule address.

Updating Safety Module Configurations

The Shared Safety Module assumes the traditional role of the owner in Safety Module update configurations. Specifically, it is authorized to call SafetyModule.updateConfigs:

/// @notice Signal an update to the safety module configs. Existing queued updates are overwritten.
/// @param configUpdates_ The new configs. Includes:
/// - reservePoolConfigs: The array of new reserve pool configs, sorted by associated ID. The array may also
/// include config for new reserve pools.
/// - triggerConfigUpdates: The array of trigger config updates. It only needs to include config for updates to
/// existing triggers or new triggers.
/// - delaysConfig: The new delays config.
/// @dev Only the SharedSafetyModule can call this function, if it is set. Else, only the owner can call this
/// function.
function updateConfigs(UpdateConfigsCalldataParams calldata configUpdates_)
    external
    onlySharedSafetyModuleIfSetElseOwner;

Configuration updates that occur while a Safety Module is part of a Shared Safety Module have two unique features:

• The Shared Safety Module's config update delay and config update grace period are used

• Only the sharedSafetyModule is authorized to call SafetyModule.finalizeUpdateConfigs instead of anyone

Resetting The Shared Safety Module

The Shared Safety Module is the only address authorized to reset the sharedSafetyModule to address(0):

/// @notice Used to trigger the SafetyModule if it is part of a SharedSafetyModule.
/// @dev Only the SharedSafetyModule can call this function.
function resetSharedSafetyModule() external onlySharedSafetyModule;

This is intended to be used when the Safety Module leaves the Shared Safety Module.