[WOOF!] Improve the Comet pause mechanism

Protocol Development
1

Over the last few months, Compound has faced two major disruptions: the deprecation of wUSDM and the Elixir incident; last of which resulted in protocol-wide pauses, market uncertainty, and significant liquidity outflows.

At WOOF!, we strongly believe that incidents of this scale must not happen again. While we cannot fully guarantee the absence of future edge cases, we can significantly reduce their impact.

For this reason, we propose an improved and more granular pause mechanism that makes emergency responses safer, more flexible, and far less disruptive for users.

Current Pause Mechanism

function pause(
    bool supplyPaused,
    bool transferPaused,
    bool withdrawPaused,
    bool absorbPaused,
    bool buyPaused
) external override;

Pause mechanism

Pausing both supply and withdraw is effectively pausing the primary user lifecycle of the protocol: users cannot open new positions, adjust health factors, manage risk, or close existing positions.

  • supplyPaused halts all supply actions: supplying the base asset (earning yield) and supplying collateral (improving collateral factor/health factor).
  • withdrawPaused halts all withdrawal actions: withdrawing collateral from an active position or withdrawing the base asset (borrowing liquidity).

Improved Pause Mechanism

The extended pause system provides granular control over three main operation categories:

1. Supply Operations

  • Base Supply: pauseBaseSupply(bool) - Controls base asset supply globally
  • Collateral Supply: pauseCollateralSupply(bool) - Controls all collateral supply globally
  • Per-Asset Collateral Supply: pauseCollateralAssetSupply(uint24 assetIndex, bool) - Controls supply for a specific collateral asset by index

2. Withdraw Operations

  • Lenders Withdraw: pauseLendersWithdraw(bool) - Pauses withdrawals for lenders (positive balance accounts)
  • Borrowers Withdraw: pauseBorrowersWithdraw(bool) - Pauses withdrawals for borrowers (negative balance accounts)
  • Collateral Withdraw: pauseCollateralWithdraw(bool) - Controls all collateral withdrawals globally
  • Per-Asset Collateral Withdraw: pauseCollateralAssetWithdraw(uint24 assetIndex, bool) - Controls withdrawals for a specific collateral asset

3. Transfer Operations

  • Lenders Transfer: pauseLendersTransfer(bool) - Pauses transfers for lenders
  • Borrowers Transfer: pauseBorrowersTransfer(bool) - Pauses transfers for borrowers
  • Collateral Transfer: pauseCollateralTransfer(bool) - Controls all collateral transfers globally
  • Per-Asset Collateral Transfer: pauseCollateralAssetTransfer(uint24 assetIndex, bool) - Controls transfers for a specific collateral asset

Implementation Details

Separation from Legacy Pause

The extended pause mechanisms operate independently from the legacy coarse pause flags (pause() function). Both pause layers are checked, with extended pause flags serving as additional gates on top of the existing pause system.

Architecture

  • Extension Layer (CometExt / CometExtAssetList): Exposes pause control functions that can be called by Governor or Pause Guardian
  • Core Layer (CometWithExtendedAssetList): Enforces pause checks in the actual operation flows (supply, withdraw, transfer)

Access Control

All extended pause functions are protected by the onlyGovernorOrPauseGuardian modifier, ensuring only authorized roles can toggle pause states.

Safety Features

  1. Idempotency Protection: Attempting to set an already-set pause status reverts with OffsetStatusAlreadySet or CollateralAssetOffsetStatusAlreadySet errors
  2. Asset Index Validation: Per-asset pause functions validate asset indices and revert with InvalidAssetIndex for invalid inputs
  3. Event Emissions: Each pause toggle emits a corresponding event for transparency and monitoring

Storage

Extended pause flags are stored in:

  • extendedPauseFlags(uint24): Global flags for base/collateral operations
  • collateralsWithdrawPauseFlags(uint24): Per-asset flags for collateral withdrawals
  • collateralsSupplyPauseFlags(uint24): Per-asset flags for collateral supply
  • collateralsTransferPauseFlags(uint24): Per-asset flags for collateral transfers

Current project status

The development is nearly complete and currently in its final review stage before being handed off to the security team for audit. Because of this timeline, we kindly ask the community to prioritise its review, especially since this improvement clearly enhances the flexibility and resilience of the market structure.

Next Steps

  • Community feedback and suggestions
  • Input from key stakeholders: Gauntlet, security teams; optionally Platonia and the Foundation
5 Likes