HOT Manager

setManager: Changes the manager of the HOT contract.
setSigner: Changes the signer of the HOT contract.
setMaxTokenVolumes: Changes the maximum token volumes available for a single HOT quote.
setMaxAllowedQuotes: Updates the maximum number of HOT quotes allowed in a single block.
setMaxOracleDeviationBips: Sets the maximum allowed deviation between AMM and Oracle price.
setPause: Sets the pause flag, which instantly pauses all critical functions except withdrawals.

All HOT manager functions except setPause should be placed under an appropriate timelock. LPs should verify that they are comfortable with the timelock value before depositing into the pool.
The manager acts like a guardian over the security parameters of the pool. This role should be controlled by a neutral, independent entity, completely separate from the signer and liquidityProvider roles.
The manager should actively monitor HOT transactions and pause the pool if any malicious activity is observed.
The maxAllowedQuotes variable should be set to relatively low values considering the signer's needs and the chain's block time. Higher maxAllowedQuotes values could allow the signer to sign a malicious HOT and drain some portion of LP funds in a single block. In most practical systems, a maxAllowedQuotes > 5 should not be needed.
The maxTokenVolumes values should be set to relatively low values, proportional to the reserves in the pool. It should be updated regularly as the reserves increase or decrease.
The maxOracleDeviationBips variable should be set to a relatively low value, considering the token pair's volatility and the oracle's latency.

If bounds are set incorrectly, then at least two known attacks could become possible:

Last updated 4 months ago