1 of 100

Venus Protocol

Getting Started

Overview

Launched in 2020, Venus Protocol (a.k.a. “Venus”) pushed the edges of decentralized finance through its composition of two pre-existing solutions and deployment on BNB chain, lowering the barrier to entry for millions of new users around the globe. By combining the stablecoin minting facility introduced by Maker and algorithmic money markets developed by Compound, Venus simplified the user experience and provided core capabilities that enabled decentralized finance to flourish in a single application. As a result, Venus found remarkable success and quickly rose to be one of the most widely used decentralized applications in web3.

The latest iteration of Venus Protocol, the most trusted and battle-tested lending and borrowing protocol on the BNB Chain, builds on prior successes and lessons learned to improve in 3 key areas:

Risk management
Decentralization
User experience

In doing so, Venus continues to push the boundaries of what's possible within the realm of decentralized finance.

FAQ

What is Venus Protocol?

Venus Protocol is a trusted decentralized finance lending and borrowing protocol that's deployed on the BNB Chain. Initially launched in 2020, it combines the stablecoin minting facility of Maker and the algorithmic money markets developed by Compound, providing a simplified user experience and core capabilities in a single application.

What's New?

E-Mode

Only available on BNB Chain Core Pool.

Overview

The Venus Protocol introduces E-Mode (Efficiency Mode) to the BNB Chain Core Pool, a new feature designed to boost capital efficiency for specific asset pools, such as stablecoins or ETH-based tokens. It also aims to isolate risk within these pools while reusing liquidity from the Core Pool.

E-Mode allows users to activate specialized pools within the Core Pool, each with customized risk settings. By selecting an E-Mode pool, your eligible assets follow optimized parameters for collateral factor (CF) and liquidation threshold (LT), which are increased, while the liquidation incentive (LI) is decreased, making borrowing more efficient and cost-effective while keeping risks contained.

What’s Changed

To support E-Mode, the Core Pool itself has been enhanced with new risk mechanics:

Liquidation Threshold (LT) Support – Similar to isolated pools, LT is now used to determine liquidation conditions, separate from CF.
Per-Market Liquidation Incentive (LI) – LI is no longer global; each market has its own incentive, configurable by Governance.
User-Specific Risk Factors – Effective CF, LT, and LI now depend on the user’s selected E-Mode pool, giving each user a tailored borrowing and collateral profile.

Architecture Overview

E-Mode operates as a lightweight overlay on the Core Pool, enabling per-user risk management without moving funds to separate pools.

Core Pool (poolId = 0): The default pool for all users. Supports per-market LIs and LT, even for non-E-Mode users.
E-Mode Pools (poolId > 0): Each pool defines a set of assets (e.g., Stablecoin Pool, ETH Pool) with customized CF, LT, and LI for each asset in the pool. Users select a pool to activate its risk parameters.
Pool-Market: Markets are tracked per pool, allowing pool-specific overrides while preserving Core Pool compatibility.

This architecture ensures flexibility, backward compatibility, and gas efficiency, while giving users higher borrowing efficiency and better risk isolation.

Impact on Users

No Action Needed – Users remain in the Core Pool by default. Their positions continue to function normally without switching to E-Mode.
Optional Upgrade – By entering an E-Mode pool, your account will use its risk settings for approved assets.
Note: Improved Risk Mechanics – Even without switching, Core Pool users now benefit from per-market liquidation incentives (LI) and liquidation threshold (LT) support, making liquidation calculations and account health evaluations more precise.

Impact on Liquidators

E-Mode introduces more precision and flexibility for liquidators in the Core Pool:

Per-Market Liquidation Incentives – Liquidation incentives (LI) are now set on a per-market basis rather than being global. Before liquidating, liquidators should check the LI for each asset. If a user is in an E-Mode pool and uses collateral that isn’t enabled in that pool, the LI for that asset can be zero.
Liquidation Thresholds (LT) – LT now determines when accounts can be liquidated, replacing the older CF-based check for liquidations.
User-Specific Risk Factors – Effective CF, LT, and LI can vary per user depending on their E-Mode pool, making liquidation decisions more targeted and strategic.

This gives liquidators smarter targeting, higher transparency, and better reward optimization across markets.

How It Works

Default in the Core Pool All users start in the Core Pool and can continue their positions normally.
Select an E-Mode Pool Explore available pools (e.g., Stablecoin) via the Venus App or Venus Lens.
Check Your Borrows Borrowed assets must be approved in the selected pool. Repay any disallowed assets first.
Check Core Pool Fallback Each E-Mode pool has a flag allowCorePoolFallback

For a detailed technical explanation, including implementation and user examples, check out the .

Isolated Pools

Overview

Isolated Pools are made up of separate collections of assets with tailored risk management configurations. This design offers users broader opportunities to manage risk and allocate assets to earn yield. Moreover, it prevents hypothetical failures from affecting the liquidity of the entire protocol as they are confined to isolated markets.

Isolated Pools also offer custom rewards for each market in the pool, incentivizing users accordingly.

Reward Distributor

Overview

The Venus Reward Distributor allows for the configuration and management of rewards for lenders and borrowers, dependent on the user's activity within the associated markets. The addition of one or more reward distributors to a pool is facilitated through the addRewardsDistributor feature, enhancing the protocol's capability to customize distribution rates on a per-market basis.

In the Venus Protocol V4, the reward system has been upgraded to allow for rewards per market and lending activity, as well as the support for multiple reward tokens. This revamp serves to provide further incentives and yield opportunities for users.

Token Converter

Overview

Protocol revenues, sourced from reserve interests and liquidations, are processed through the module. Once allocated, these underlying tokens are subsequently sent to various Token Converters, each transforming the received income into specific tokens, automating and optimizing this conversion process.

Stable Rate Borrowing

To be released

Overview:

Stable Rate Borrowing is a distinctive feature of the Venus Protocol that provides an alternative to variable interest rate loans. Stable-rate loans set their interest rates at issuance until a rebalancing event occurs. This approach shields users who borrow at a stable rate from being affected by individual actions of other users and large fluctuations in the market.

Rate Determination:

The interest rates for stable and variable rate borrowing are determined based on several calculations involving parameters such as utilization rate, stable loan adoption rate, and total supply. For instance, the stable interest rate will include a base premium plus an additional premium that depends on the stable loan adoption rate.

Model Parameters:

The model parameters involved in the calculations include slopes for the variable interest rate, a base rate per block, the optimal utilization rate (kink), a reserve factor, base premium, and other parameters related to stable loan borrowing.

Rebalancing Conditions:

The fixed rate of a stable loan persists until certain rebalancing conditions are met. These conditions involve the utilization rate and the comparison between the market average borrow rate and the variable borrow rate. The stable rate provides predictability for the borrower but may come at a cost of higher interest rates compared to the variable rate.

Governance

VIPs

Overview

Venus Protocol's governance relies on participants locking XVS tokens into a vault to acquire voting power for Venus Improvement Proposals (VIPs). A 48-hour timelock period after voting ensures transparency and protection against malicious proposals. However, the initial model's rigidity prompted the introduction of a new governance structure in Venus V4. This upgraded model incorporates fast-track VIPs, role-based access control, and a fine-grained pause mechanism for enhanced flexibility and timely adjustments.

Governance Upgrade

Venus V4 introduces an improved governance structure with the following components:

Fast-track and Critical VIPs
Role-based access control
Fine-grained pause

Fast-track and Critical Improvement Proposals

Venus Governance has now categorized VIPs into three types: Normal, Fast-track, and Critical.

Normal VIPs encompass significant updates like contract upgrades or changes in access controls.
Fast-track VIPs deal with risk parameter adjustments such as interest rates or collateral factors.
Critical VIPs are utilized during emergencies demanding an immediate reaction.

Each VIP type has its unique proposal threshold, timelock, and voting periods, reflecting the potential risk and impact of the proposed changes.

The initial voting and delay periods for these types are as follows:

Normal VIP: 24 hour voting period + 48 hour delay (+ 48 hour delay to execute commands on networks other than BNB Chain)
Fast-track VIP: 24 hour voting period + 6 hour delay (+ 6 hour delay to execute commands on networks other than BNB Chain)
Critical VIP: 6 hour voting period + 1 hour delay (+ 1 hour delay to execute commands on networks other than BNB Chain)

Role-based Access Control

Venus V4 employs a separate Access Control Manager contract that validates access permissions rather than merely verifying the caller as an "admin". This allows certain actions to bypass voting, enabling them to take the fast-track or critical route, or even to be executed directly through a multisig by guardians. It can be particularly useful for implementing borrowing and supply caps, pausing specific market actions, or responding to rapid market fluctuations.

Fine-grained Pause

A fine-grained pause mechanism allows the pause guardian to individually halt any action on any market. Unlike previous versions, where the entire protocol was paused for damage control or protection against attacks, the updated model enables guardians to pause individual market actions like supply, borrow, and enabling collateral, offering greater control and flexibility.

Tokenomics

Overview

The Venus Protocol tokenomics have been reevaluated to optimize income distribution and cater to the protocol's present and future needs. of the Venus Protocol revenue distribution model addresses the need and optimizes the allocation between rewards, treasury reserves, a risk fund and BNB burns.

Risk

Interest Rate Model

Overview

Venus Protocol offers variable interest rates for markets using two different models: the Jump Rate Model and the Whitepaper Rate Model. Each market operates under one of these models with specifically set risk parameters at the market's inception. Notably, the community can update these parameters through the Governance process. Moreover, some markets feature a stable rate, introduced in Venus V4.

Risk Fund and Shortfall Handling

Overview

Venus Protocol manages risks of high volatility tokens with isolated pools. Each pool (Isolated Pools and the Core pool) has an associated risk fund receiving a percentage of the pool's income (interest and liquidation bonus) in USDT to prevent insolvency. The specific percentage is defined by the tokenomics of the project. The risk fund also covers bad debt in case of bankruptcy without a liquidator.

Risk fund

The risk fund concerns three main contracts:

ProtocolShareReserve
RiskFund
ReserveHelpers

These three contracts are designed to hold funds that have been accumulated from interest reserves and liquidation incentives, send a portion to the protocol treasury, and send the remainder to the RiskFund contract. When reduceReserves() is called in a vToken contract, all accumulated liquidation fees and interests reserves are sent to the ProtocolShareReserve contract. Once funds are transferred to the ProtocolShareReserve, anyone can call releaseFunds() to transfer 50% to the protocolIncome address and the other 50% to the riskFund contract. Once in the riskFund contract, the tokens can be swapped via PancakeSwap pairs to the convertible base asset, which can be updated by the authorized accounts. When tokens are converted to the convertibleBaseAsset, they can be used in the Shortfall contract to auction off the pool's bad debt. Note that just as each pool is isolated, the risk funds for each pool are also isolated: only the associated risk fund for a pool can be used when auctioning off the bad debt of the pool.

Shortfall

When a borrower's shortfall (total borrowed amount converted to USD is greater than the total supplied amount converted to USD) is detected in a market in the Isolated Pools, Venus halts the interest accrual, writes off the borrower's balance, and tracks the bad debt.

Shortfall is an auction contract designed to auction off the convertibleBaseAsset accumulated in RiskFund. The convertibleBaseAsset is auctioned in exchange for users paying off the pool's bad debt. An auction can be started by anyone once a pool's bad debt has reached a minimum value (see Shortfall.minimumPoolBadDebt()). This value is set and can be changed by the authorized accounts. If the pool’s bad debt exceeds the risk fund plus a 10% incentive, then the auction winner is determined by who will pay off the largest percentage of the pool's bad debt. The auction winner repays the bid percentage of the bad debt in exchange for the entire risk fund. Otherwise, if the risk fund covers the pool's bad debt plus the 10% incentive, then the auction winner is determined by who will take the smallest percentage of the risk fund in exchange for paying off all the pool's bad debt.

The main configurable (via VIP) parameters in the Shortfall contract , and their initial values, are:

minimumPoolBadDebt - Minimum USD bad debt in the pool to allow the initiation of an auction. Initial value set to 1,000 USD
waitForFirstBidder - Blocks to wait for first bidder. Initial value sets to 100 blocks
nextBidderBlockLimit - Time to wait for next bidder. Initial value set to 100 blocks

Availability:

Shortfall contract will be used only for the markets in the Isolated Pools.
The markets in the Core pool don't track the bad debt at the moment, so it cannot be reduced automatically.

Risk Management

Introduction

Venus Protocol is deeply committed to ensuring the highest level of security and risk management for our users. This section of the documentation outlines our comprehensive approach to risk management, emphasizing our continuous monitoring practices, partnerships for enhanced security, real-time alert systems, and ongoing risk assessments.

Risk Oracles and Risk Stewards

Overview

Venus Protocol incorporates Risk Oracles and Risk Stewards to ensure risk parameters remain up-to-date, resilient, and aligned with real-time market conditions—all while preserving decentralized governance. Previously, Venus relied on manually created VIPs to apply risk updates based on Chaos Labs recommendations. With the introduction of the Risk Steward and its on-chain receiver, this process is now automated through a secure and permissioned mechanism. In the initial phase, only market cap-related parameters—specifically supply caps and borrow caps—will be updated automatically, improving responsiveness and operational efficiency.

Tokens

XVS

Overview

XVS is the native token of Venus Protocol and serves as its governance token. By staking XVS tokens in the vault, users gain voting power proportionate to the amount staked. This voting power enables them to participate in the voting process for Venus Improvement Proposals (VIPs), thereby playing a critical role in the development and evolution of the Venus Protocol.

Furthermore, users who stake their XVS tokens in the vault have the potential to earn yield, creating an incentive for participation in the Venus governance process. This aligns the interests of XVS holders with the overall health and success of the Venus Protocol.

VAI

Overview

VAI is the primary stablecoin of the Venus Protocol. It is carefully designed and integrated with a series of stability mechanisms to maintain its peg to 1 USD.

Stability Fee and Optimised Minting

VAI sustains its value via a stability fee system. This fee is a charge that users incur when they repay their minted VAI. Calculated on a block-by-block basis, this fee gets added to the user's minted VAI balance. This fee system encourages users to either mint or burn VAI in response to its price fluctuations, thereby contributing to its stability.

The stability fee is determined through the following formula:

The baseRate is a fixed rate that users must always pay, while max(0, (1 - currentPriceOfVAI)) * floatingRate is a variable rate that users pay based on outstanding VAI. This incentivizes users to burn or mint VAI according to its price. The variable rate will always be greater or equal to zero, meaning the minimum stability fee will be the base rate.

Revenue generated from the stability fee serves as a financial cushion during extreme market conditions, such as bad debt scenarios.

VAIUnitroller

VAI Unitroller

This is the proxy contract for the VAIComptroller

Solidity API

_setPendingImplementation

Admin Functions **

_acceptImplementation

Accepts new implementation of comptroller. msg.sender must be pendingImplementation

Return Values

Name

Type

Description

_setPendingAdmin

Begins transfer of admin rights. The newPendingAdmin must call _acceptAdmin to finalize the transfer.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_acceptAdmin

Accepts transfer of admin rights. msg.sender must be pendingAdmin

Return Values

Name

Type

Description

Guides

Venus interface

Let's take a quick look at the Venus interface and the features available in each menu of the navigation bar.

Dashboard

In the center of the Dashboard interface, you will find the Supply and Borrow markets. You'll also notice a new column called 'Pool' which identifies the pool to which each market belongs. The Supply market allows you to lend your cryptocurrency assets and earn interest on them. You can choose which assets to supply and specify the amount you want to lend. On the other hand, the Borrow market allows you to borrow cryptocurrency assets by using your supplied assets as collateral. You can select the assets you want to borrow and specify the amount you need.

Account

The Account interface provides an overview of your supplied and borrowed assets. Here, you can keep track of your balances and monitor the status of your transactions.

Core Pool

The Core Pool interface is your hub for exploring all primary markets available. It allows you to click on each market to examine essential metrics such as 'Supply APY', 'Borrow APY', and 'Total Liquidity', among others. This interface centralizes all your lending and borrowing activities within the main markets.

Pools

The Pools interface allows you to explore all isolated pools available. You can click on each pool to view all the markets within it. In the markets, you can see various metrics such as 'Supply APY', 'Borrow APY', 'Total Liquidity', and more.

Vaults

The Vaults interface allows you to access and manage the vaults associated with Venus Protocol. Vaults are designed to provide users with automated strategies for optimizing their yields and managing their assets more efficiently.

Swap

The Swap interface enables you to swap one cryptocurrency for another within the Venus Protocol. You can exchange your assets conveniently and quickly.

History

In the History interface, you can review transaction history and track your previous activities on the Protocol.

Governance

The Governance interface provides access to Venus Protocol's governance features. Here, users can participate in voting and contribute to decision-making processes that shape the future of the protocol.

XVS

The XVS interface displays the current daily reward distribution rate for each of the protocol markets.

VAI

The VAI interface is where you can mint and manage the VAI stablecoin. VAI is created on Venus Protocol and is pegged to the value of one USD.

Governance

Vaults

Vaults within Venus Protocol provide a secure and efficient mechanism for users to stake their tokens, whether XVS or VAI, and earn passive income. This staking process allows users to actively participate in and contribute to the stability and security of the Venus ecosystem, while maximizing returns on their holdings.

Staking in XVS Vault

Navigate to the Venus app (app.venus.io) and connect your BNB Chain Wallet or other supported wallet apps.
On the left side of the screen, click on the 'Vault' tab.

XVS Bridge

Introduction

This guide provides step-by-step instructions on how to bridge XVS tokens from the BNB Chain to the Ethereum network.

Steps for Bridging XVS from BNB Chain to Ethereum

Borrowing VAI

Introduction

This guide provides step-by-step instructions on how to borrow VAI, the stablecoin of Venus Protocol, available exclusively for prime users. Borrowing involves using your account's total core pool collateral to secure the loan, and this tutorial will walk you through the VAI UI to accomplish this.

Steps for Borrowing VAI

Step 1: Access VAI Borrowing UI

Navigate to the Venus Protocol website and select the "VAI" option from the sidebar menu. This will take you to the VAI dashboard, where you can manage your borrowings and repayments.

Step 2: Connect Your Wallet

Click on the "Connect wallet" button in the top right corner of the VAI dashboard to connect your wallet. This is necessary to interact with the Venus Protocol and manage your VAI borrowings.

Step 3: Enter Borrow Amount

In the "Borrow" tab, enter the amount of VAI you wish to borrow in the provided field. You can also see your maximum borrow limit based on your account's total collateral. Ensure that the amount you wish to borrow does not exceed this limit.

Step 4: Review and Confirm Borrowing

After entering the desired amount, review the details of your borrowing transaction, including the collateral used and the borrow limit. Once you've confirmed that everything is correct, click on the "Borrow" button to initiate the transaction.

A wallet pop-up will appear, asking for your confirmation to proceed with the transaction. Confirm to finalize the borrowing process.

Repaying VAI Debt

Step 1: Navigate to Repay Tab

To repay your VAI debt, access the VAI dashboard again and select the "Repay" tab. This interface allows you to make repayments towards your borrowed VAI.

Step 2: Enter Repayment Amount

In the "Repay" tab, enter the amount of VAI you wish to repay. You can choose to repay part of your debt or the entire amount.

Step 3: Review and Confirm Repayment

Review your repayment details carefully. Once you are ready, click on the "Repay VAI" button to proceed. Confirm the transaction in your wallet pop-up to complete the repayment process.

Conclusion

Borrowing and repaying VAI on Venus Protocol is straightforward with the VAI UI. By following these steps and ensuring you have enough collateral, you can manage your stablecoin needs effectively. Always be mindful of your borrow limits and repayment responsibilities to maintain a healthy financial position within the protocol.

Gasless Transactions on zkSync

This guide will walk you through the steps to interact with Venus Protocol on ZKsync without needing ETH to cover gas fees, thanks to the integration of . All transactions will be sponsored, so you can focus on using the protocol without worrying about gas expenses.

Step-by-Step Guide

Import Positions

Introduction

This guide provides step-by-step instructions on how to import your supply positions from other DeFi platforms into the Venus Protocol.

Steps for importing supply positions from other DeFi platforms)

Enable E-mode

Want to try out e-mode?

Head to the Venus dApp () and ensure you are connected to the BNB Chain.

Click on the “E-mode” icon to view current e-mode groups.

Make sure your wallet is connected.

Click “Enable” in the e-mode group you would like to enable. Just like that, enjoy increased LTV on the assets listed in that e-mode group!

Technical reference

Technical articles

Capped Oracles

Some assets, such as Liquid Staking Tokens (LSTs), are closely tied to an underlying asset, often featuring an added growth component.

The exchange rate between an asset and its underlying is typically sourced from an onchain smart contract, which can be susceptible to manipulation. A capped oracle is a design mechanism that mitigates potential losses from such manipulation by limiting the rate at which the exchange rate is allowed to grow.

The capped oracle mechanism should be used for any asset whose price is derived through an intermediary token, where the exchange rate between the source asset and the intermediary is fetched onchain and includes a growth component.

At a high level, the capped oracle determines the maximum allowable exchange rate at the queried block based on a predefined growth rate. It then compares this with the current onchain exchange rate, and if the current rate exceeds the calculated maximum, it caps it to that maximum value.

Typically, the current maximum exchange rate at a given block is calculated by taking a historical exchange rate from a past block and applying a predefined per-second growth rate up to the current block timestamp. However, since the exchange rate may not grow consistently over time, the historical reference rate is periodically updated to ensure a more accurate and reliable maximum exchange rate.

The historical reference rate is periodically refreshed through a process called snapshotting. During this process, the new reference rate is set to the lower of the current onchain exchange rate or the maximum rate derived from the previous reference rate, helping maintain a more accurate and robust cap. Before querying an asset’s price from the capped oracle, the consumer should trigger the snapshotting process. If the configured interval has elapsed, a new snapshot will be taken.

Native Token Gateway

The NativeTokenGateway contract serves the purpose of facilitating seamless interaction with Wrapped Native Token markets, even for users who do not possess any Wrapped Native Tokens. It achieves this by allowing users to utilize the native currency in their wallets directly.

Overview

The Venus contracts deployed on the new networks do not directly support native currencies. For example on Ethereum instead of a native ether market there is a market for WETH. Wrapped Native Token markets address this limitation by facilitating the conversion of native currency into a format compatible with the ERC-20 standard.

To streamline user experience and eliminate the need for an additional transaction to convert native tokens into wrapped tokens, wrapping an unwrapping of native tokens is done behind the scenes when users interact with the market.

Two Kinks Interest Rate Curve

Overview

The 2-Kink Interest Rate Curve introduces a new model to optimize interest rates and utilization across Venus protocol markets. By incorporating two separate "kinks", this model aims to provide more flexible control over market dynamics, enhancing both the predictability and efficiency of APYs (Annual Percentage Yields) for borrowers and suppliers.

This design helps reduce the volatility of APYs during periods of high demand, such as during launchpool events, and encourages greater participation by offering more predictable costs and returns.

Core Pool

Comptroller

Diamond

DiamondConsolidated

This contract contains the functions defined in the different facets of the Diamond, plus the getters to the public variables. This contract cannot be deployed, due to its size. Its main purpose is to allow the easy generation of an ABI and the typechain to interact with the Unitroller contract in a simple way

Facets

FlashLoanFacet

This facet contract contains functions for flash loan operations

Solidity API

Prime

Vaults

XVS

XVSVaultProxy

XVS Vault Proxy

XVS Vault Proxy contract

Solidity API

_setPendingImplementation

Admin Functions **

_acceptImplementation

Accepts new implementation of XVS Vault. msg.sender must be pendingImplementation

Return Values

Name

Type

Description

_setPendingAdmin

Begins transfer of admin rights. The newPendingAdmin must call _acceptAdmin to finalize the transfer.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_acceptAdmin

Accepts transfer of admin rights. msg.sender must be pendingAdmin

Return Values

Name

Type

Description

XVSVaultTreasury

This contract stores XVS received from XVSVaultConverter and funds XVSVault

Solidity API

XVS_ADDRESS

The xvs token address

xvsVault

The xvsvault address

fundXVSVault

This function transfers funds to the XVS vault

Parameters

Name

Type

Description

📅 Events

FundsTransferredToXVSStore emits on success

⛔️ Access Requirements

Restricted by ACM

❌ Errors

InsufficientBalance is thrown when amount entered is greater than balance

sweepToken

This function sweep tokens from the contract

Parameters

Name

Type

Description

📅 Events

SweepToken emits on success

⛔️ Access Requirements

Restricted by ACM

VAI

VAIVaultProxy

VAI Vault Proxy

Proxy contract for the VAI Vault

Solidity API

_setPendingImplementation

Admin Functions **

_acceptImplementation

Accepts new implementation of VAI Vault. msg.sender must be pendingImplementation

Return Values

Name

Type

Description

_setPendingAdmin

Begins transfer of admin rights. The newPendingAdmin must call _acceptAdmin to finalize the transfer.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_acceptAdmin

Accepts transfer of admin rights. msg.sender must be pendingAdmin

Return Values

Name

Type

Description

InterestRateModels

InterestRateModelLens

Lens for querying interest rate model simulations

Solidity API

VTreasury

Contract for treasury all tokens as fee and transfer to governance

Solidity API

fallback

To receive BNB

withdrawTreasuryBEP20

Withdraw Treasury BEP20 Tokens, Only owner call it

Parameters

Name

Type

Description

withdrawTreasuryBNB

Withdraw Treasury BNB, Only owner call it

Parameters

Name

Type

Description

Isolated Pools

Comptroller

VenusERC4626

Diamond Comptroller in the Core pool

As features continued to be introduced to the Core Pool Comptroller contract, it grew to exceed the maximum allowable size of 24KB. In response to this challenge and to preemptively address similar issues in the future, a multifaceted diamond pattern was implemented.

The original comptroller was refactored using the EIP-2535 diamond pattern into distinct facets. This restructuring aligns the storage layout with that of the Comptroller proxy, streamlining the contract's organization and enhancing efficiency. As a consequence user interactions now trigger two delegate calls.

Venus Comptroller - Refactored to EIP 2535

The previous implementation of Venus used a transparent upgrade proxy delegate pattern. For the diamond proxy we needed a slightly different implementation of fallback function.

Comptroller proxy(Unitroller): https://bscscan.com/address/0xfd36e2c2a6789db23113685031d7f16329158384
Comptroller implementation before enabling the Diamond Proxy: https://bscscan.com/address/0x909dd16b24cef96c7be13065a9a0eaf8a126ffa5

The following diagram shows the previous design:

The Unitroller contract delegated calls to the Comptroller. The Comptroller had the storage layout defined by ComptrollerV12Storage, which extended the UnitrollerAdminStorage.

EIP - 2535 Overview

The Diamond Proxy pattern is widely used in Solidity development for its ability to separate concerns and improve code maintainability. It is often used in complex contracts that require multiple facets with shared functionality.

The Diamond Proxy pattern involves creating a "proxy" contract that acts as a single entry point for all functionality shared by multiple contracts. This allows contracts to share functionality without having to duplicate code in each contract.
Each contract that needs to share functionality with the proxy contract is referred to as a "facet." Facets are separate contracts that can be upgraded or modified independently of each other and the proxy contract.
The proxy contract delegates function calls to the correct facet contract based on the function selector. This allows the proxy contract to act as a single entry point for all shared functionality.

Enabling Venus Integration with the existing Unitroller - Diamond and Transparent proxy combination

Step 1: The first step was creating the Diamond proxy contract. This contract contains a mapping to hold the addresses of the facet contracts and a fallback function that delegates the function call to the appropriate facet.

Chained delegate calls are used. This means calldata is delegated from Unitroller to the Diamond contract and then a chained delegate call is made to a specific facet based on the function selector.

The Diamond contract checks for the facet address in the selectors-to-facet-address mapping (_selectorToFacetAndPosition internal variable) and then makes a delegate call to that facet address. Facets inherit the ComptrollerStorage (ComptrollerV13Storage) to access the state.

Step 2: Division of the comptroller into multiple facets based on separation of concerns.

Generally is used with the diamond pattern. Since the Core Pool contracts still use Solidity 0.5.16 this wasn't an option and storage is handled using the same pattern as the original comptroller, by inheriting storage contracts.

Comptroller storage contains the facet addresses, mapping of the function selectors to the facet address, and mapping of all selectors to the facet address.

User interaction with new diamond pattern

Users will continue to interact with the Unitroller proxy contract same as before with one significant difference. Now the Diamond proxy serves as the implementation contract for the Unitroller, and the Comptroller's implementation has been divided into multiple facets. These facets will function as the various components of the Diamond proxy.

Following a user's interaction with the Unitroller, the delegateCall operation will be directed towards the Diamond proxy. Once the delegateCall reaches the Diamond proxy, it will analyze the function selector and determine the appropriate facet address to which the delegateCall will be forwarded.

How will new Upgrades work?

Scenario: A new state variable is to be introduced for an upgrade, which is being used by all or few facets.

Add a new state variable in the comptrollerStorage by extending the storage to ComptrollerV14Storage just like new state is added to facets by extending the previous storage.

Scenario: Add a new facet to the Diamond or update the existing facet by add/replace/remove function selectors.

Deploy the facet with the functions/methods that need to be added to the Comptroller Implementation.

Execute the diamondCut method(admin access) to add the new facet to the comptrollerStorage.

To execute the diamondCut through VIP, the cut argument can be generated using the by customizing the generateCutParams to provide the correct actions on the provided function seletors.

Diamond proxy implementation for Core Pool Comptroller

The Comptroller of the core pool is divided into 4 facets and 2 parent contracts extended by the facets. Facets will receive the function call through a chained delegateCall from Unitroller, and each facet holds its own responsibility as explained below:

Facets

: This facet contains all the external pre-hook functions related to vToken.

: This facet contains all setter configuration functions.

: This facet provides market information including account activity in the market. It is also responsible for entering and exiting the market.

: This facet provides the external functions related to all claims and rewards of the protocol.

Parent contracts

: This contract contains functions related to access and checks.

XVSRewardsHelper: This contract contains the shared functions used by the RewardFacet and PolicyFacet.

The following diagram shows the inheritance and association relationships among the different contracts:

Contracts Overview

Venus Protocol contracts are divided in these repositories:

isolated-pools: Contains core contracts for isolated lending, including logic for supplying, borrowing, liquidations, pool and market deployments, and interest rate models.
oracle: This repo has contracts for oracles that we support as well as logic for validating prices returned from those oracles.
: The core protocol is located in this repo. It contains logic central to lending and borrowing of the core pool.
: The contracts used for proposing, voting and executing changes are kept in the `governance-contracts repo.
: The contracts use to bridge XVS to different networks.

Isolated Pools Contracts

There are 2 categories of isolated pools contracts:

Pool
Risk Management

Pool

Pool contracts can be divided into 4 categories:

Configuration
Logic
Miscellaneous

Configuration

Configuration contracts are used to deploy, configure, and manage pools.

Creating and managing pools is done by the . It can add markets to pools, update pool metadata, and return pool information.

Logic contracts

The contract is the central contract for each lending pool. It contains functionality central to borrowing activity in the pool like supplying and borrowing assets and liquidations. Configuration values for the pool such as the liquidation incentive, close factor, and collateral factor can also be set and retrieved from the comptroller. Account liquidity and positions can also be retrieved from the comptroller.

in isolated lending play an identical role as vTokens in the Core Pool. They represent a users supplied tokens to the protocol and can be redeemed (burned) for those tokens.

Miscellaneous contracts

Isolated Pools use additional contracts such as lenses, rewards, ect.

Users are rewarded for borrowing and lending activities with a reward tokens. The manages these distributions using a configurable rate.

To make querying pool data easier, Isolated Pools contains a that queries and formats pool data. These calls can be gas intensive so as a general rule of thumb this contract should not be used in transactions.

Risk Management

Lending comes with the inherent risk that borrows will not be able to repay their loan, which is a threat to the protocol's insolvency. Venus mitigates this risk with a . A percentage of protocol revenues is transferred to the RiskFund as it is accrued. When bad debt is detected, this fund can be auctioned off and used to cover the bad debt.

When bad deb is auctioned off the contract is responsible for running the action and paying the winner.

The acts as a treasury where each isolated pool can transfer their revenue.

Oracle Contracts

Venus Protocol implements secondary, primary and pivot oracles to create a validation and fallback strategy that avoids creating a single point of a failure by relying on a single source for prices. The contract is responsible for fetching and validating prices for a given vToken and managing which oracles are used for a particular vToken.

Oracles

is the primary oracle. If a token isn't support by Chainlink then prices will be fetched from a secondary oracle.

is used in the Classic model (Chainlink-compatible interface) as a pivot oracle to validate prices returned by main and fallback oracles.

contract is responsible for fetching token prices from the Binance oracle. It is used as a secondary oracle.

is used as a pivot oracle to validate prices returned by primary and secondary oracles.

Venus Protocol

Venus Protocol contracts can be grouped as follows:

Lending
Tokens
Vault
Lens

Lending Contracts

At the heart of the Core Pool is the comptroller. The latest version is . The comptroller is responsible for listing markets, managing user's positions in markets, liquidations, and emitting rewards. It contains setters and getters for market configuration variables such as collateral factor, close factor, and liquidation incentive. Lending actions can be be paused globally or per market from the comptroller.

Each market gets deployed with an interest rate model. The uses a linear curve to determine interest rates based on supply and demand of the asset until it reaches the kink after which there is a sharp increase in rates.

Another interest rate model that can be deployed with markets is the . It is similar to the JumpRateModel except it doesn't include a kink. Instead it contains a fixed base rate.

When a borrow becomes insolvent it may be liquidated. The handles this process. When a borrow is liquidated the seized amount is split between the liquidator and the

Revenue earned by the protocol is kept in the .

Token Contracts

XVS is an important token in the Venus ecosystem because it powers Venus governance. The token contract defines a lockable BEP20 token with additional methods that enable voting and vote delegation. To vote, a user must first lock their XVS in the vault.

is the Venus stable coin that can be minted against collateral. Users who mint VAI are charged a fee based on the outstanding supply and price of VAI to keep its value pegged at $1. The controls the amount of VAI a user is allowed to mint which is determined by the collateral a user has provided and their liquidity.

When a user supplies a token to the protocol, vTokens are minted to represent their supply. The contract contains methods that support lending activities for the asset including lending, borrowing and liquidating

Vault Contracts

XVS Vault

XVS can be locked in the to earn XVS and enable voting. Each XVS locked gives the locking address one vote to use or delegate.

VAI Vault

VAI staked in the earn XVS. Staking rewards are accumulated daily.

Misc Contracts

ComptrollerLens

The contains methods for fetching the liquidity of an account and the amount of tokens that can be seized for a repayable amount

SnapshotLens

The contains methods for getting the details of account for a specific market or all markets where an account is active.

VenusLens

Protocol level data is made available through the . It contains getters related to XVS distribution, governance, and markets.

Governance Contracts

There are three main Governance contracts:

GovernorBravoDelegate
AccessControlManager
Timelock

GovernorBravoDelegate

The core logic for governance proposals is in the contract. It enables submitting proposals, moving proposals through time-gated stages, canceling and executing proposals as well as voting logic. The voting threshold as well as timelocks are set on this contract.

AccessControlManager

To enhance security of the protocol, Venus Protocol uses the to grant accounts access to call specific functions on contracts. This contract is responsible for granting and revoking those permissions. It also provides a getter to check if an address is allowed to call a specific function.

Timelock Once a proposal has succeeded its execution is managed by the contract. The Timelock can place the proposal in a queue for execution and execute the proposal. It also enables canceling the proposal.

Liquidations

This is a step-by-step guide on how to perform liquidations on the Venus Protocol. Liquidations involve seizing collateral from under-collateralized accounts to repay outstanding debts. The instructions are targeted towards developers or bots that aim to automate the liquidation process.

Account Liquidity Calculations

Venus Protocol uses two calculations to determine account liquidity: Collateral Factor (CF) and Liquidation Threshold (LT).

Collateral Factor (CF)

Collateral Factor is the percentage of the supplied funds that can be used to cover a loan. Comptroller.getAccountLiquidity in the Core Pool and Comptroller.getBorrowingPower in Isolated Pools return the liquidity or an account. They use the Resilient Oracle to retrieve the value of the asset and the collateral factor for the market to determine the percentage of supply can be used as collateral. Relying on getBorrowingPower is not sufficient for identifying accounts in need of liquidation on Isolated Pools.

Liquidation Threshold (LT)

The Liquidation Threshold represents the point at which an account becomes under-collateralized, triggering the possibility of liquidation. In the Core Pool this is the same as the collateral factor. In Isolated Pools, the LT can be retrieved with Comptroller.getAccountLiquidity.

Liquidators often use external monitoring systems or other strategies to accurately identify under-collateralized accounts.

Iterating over all accounts and checking the CF and LT for every account is extremely inefficient.

Instead, liquidators should rely on off-chain computations and maintain an off-chain mapping for accounts and balances. Using functions like vTokenBalancesAll and vTokenUnderlyingPriceAll from PoolLens can help retrieve balances and prices efficiently for multiple vTokens associated with an account.

By combining the information obtained from these functions, one can accurately identify under-collateralized accounts that are suitable for liquidation.

Minimum Liquidatable Collateral

The Comptroller.minLiquidatableCollateral variable represents the minimal collateral in USD required for regular (non-batch) liquidations. Accounts with collateral below this threshold may not be eligible for non-batch liquidations. It's defined in USD value (18 decimals scale).

Finding Under-Collateralized Accounts

The first step to performing a liquidation is to identify under-collateralized accounts. Here's a suggested approach to finding under-collateralized accounts:

Create a record of account balances: To identify under-collateralized accounts efficiently, liquidators can maintain an off-chain mapping of accounts and balances by indexing market events to detect new positions and update existing ones:
- Mint: Event emitted when tokens are minted.
- Redeem: Event emitted when tokens are redeemed.

Consider using a subgraph to index these events.

Get account balances: Use the vTokenBalancesAll function provided by PoolLens (VenusLens on the Core Pool) to retrieve supply and borrow balances for multiple vTokens associated with an account. This function takes an array of vTokens and the account address as parameters.
Get underlying asset prices: Use the vTokenUnderlyingPriceAll function provided by the PoolLens (VenusLens on the Core Pool) to retrieve the underlying asset prices for multiple vTokens. This function takes an array of vTokens as a parameter.
Calculate liquidity shortfall: With the supply and borrow balances obtained from step 2 and the underlying asset prices from step 3, calculate the liquidity shortfall for each account. This can be done by taking the scalar product of the balances and prices and comparing them against the LT values.

By following this approach, you can efficiently identify under-collateralized accounts based on the CF and LT calculations.

Please note that the functions mentioned above are provided by PoolLens and may require integration within your liquidation bot. Additionally, it's important to stay updated with any changes or updates to Venus Protocol that may impact the process of finding under-collateralized accounts.

Performing the Liquidation

Once an under-collateralized account has been identified, the liquidation process can be initiated using either liquidateBorrow , liquidateAccount or healAccount function. liquidateBorrow is provided by the relevant vToken contract (Liquidator contract on the Core Pool) whereas liquidateAccount and healAccount are provided in Comptroller. Here's an overview of the steps involved:

Please note that healAccount is an extension of the liquidation mechanism to address handling of bad debt and offseting it with protocol revenue/fees. On the other hand, liquidateAccount allows batches of liquidations in a single transaction. In both cases, the total collateral must be lower than the threshold Comptroller.minLiquidatableCollateral. Those two functions are only available in Isolated Pools. For Core Pool liquidateBorrow function provided by Liquidator contract is the only available mechanism to perform liquidations.

Calculate the liquidation amount: Determine the amount of debt to be repaid and the collateral to be seized. This is typically calculated by examining the borrower's debt balance, the market's collateral factor, and any discounts or liquidation incentives offered.
When performing the liquidation, there are 3 different types of liquidations that can be called, taking in mind the collateral, minimum liquidatable collateral and solvency of the account:

Collateral > minLiquidatableCollateral --> liquidateBorrow(): Call the liquidateBorrow function on the relevant vToken contract. This function requires several parameters, including the borrower's address, the liquidator's address, the amount of debt to be repaid, and the collateral to be seized. Refer to the vToken contract documentation for specific details on the function's required parameters.

Example

Given:

Collateral Factor: 50%
Close Factor: 50%

Collateral < minLiquidatableCollateral && account is solvent --> liquidateAccount(): this function liquidates all borrows of the borrower.

Example

Collateral Factor: 50%
Liquidation Threshold: 60%

Collateral < minLiquidatableCollateral && account is insolvent --> healAccount(): this function seizes all the remaining collateral from the borrower, requires the person initiating the liquidation (msg.sender) to repay the borrower's existing debt, and treats any remaining debt as bad debt. The sender has to repay a certain percentage of the debt, computed as collateral / (borrows * liquidationIncentive)

Example

Collateral Factor: 50%
Liquidation Threshold: 60%

Handle liquidation results: After invoking liquidateBorrow, monitor the transaction's success and handle any resulting events or errors. Successful liquidations will transfer the seized collateral to the liquidator's address and repay the debt from the borrower's account.

Please note that the liquidation process involves complex calculations and requires a deep understanding of Venus Protocol. It's essential to thoroughly test and validate your liquidation bot before deploying it in a production environment. Additionally, keep track of any changes or updates to the Venus Protocol that may impact the liquidation process.

Forced liquidations

Usually, accounts are only eligible to be liquidated if they are under-collateralized, as described in the previous sections. An exception is if "forced liquidations" are enabled for a market or an individual account in a market. In this case, borrow positions can be liquidated in that market even when the health rate of the account is greater than 1 (i.e. when the account is sufficiently collateralized). Additionally, the close factor check is ignored, allowing the liquidation of 100% of the debt in one transaction.

This feature is based on the implementation done by Compound V2 . Compound V2 allows "forced liquidations" on markets as soon as the Collateral factor is zero, the Reserve factor is 100% and the borrows are paused. Venus defines a feature flag to enable/disable "forced liquidations", configurable directly via VIP, not based on other parameters. Compound community talked about this feature in .

On Venus, forced liquidations can be enabled either for an entire market (all borrow positions in the market can be forcefully liquidated), or for individual accounts in a market (only the borrows of a particular account can be forcefully liquidated in the market).

To check if forced liquidations are enabled for an entire market, the function Comptroller.isForcedLiquidationEnabled(address vToken) can be called on the Comptroller contract of the pool with the address of the market. To check if forced liquidations are enabled for an individual account in the market, the function Comptroller.isForcedLiquidationEnabledForUser(address borrower, address vToken) can be used, providing the account and market address as arguments.

Availability: Forced Liquidations for entire markets are available in the Core pool since , in the Isolated pools since . Forced Liquidations for individual accounts are available only in the Core pool since .

Example

Given:

vUSDT collateral factor: 80%
1 USDT = 1 BUSD = 1 USDC = $1 (for simplicity)

Force VAI Debt First

This feature is disabled. Liquidators will have to change their codebase to consider the forced sequence of liquidations when there is a VAI debt. After having the confirmation from the main Liquidators that they have adapted their code, a VIP will be proposed to enable this feature.

In the previous section, liquidations are carried out on all accounts without taking into consideration specific amounts of VAI debt. The forceVAILiquidate feature enhances the liquidation process by forcing liquidations of borrowers with VAI debt greater than minLiquidatableVAI. Forcing VAI liquidations allows the protocol to better manage risk and prevent potential losses due to excessive VAI debt accumulation.

For borrowers with outstanding VAI debt, the force VAI liquidation first includes checks to ensure that only eligible accounts are liquidated before starting the liquidation process.

Checks

Check that VAI liquidations are not paused in Comptroller.
The forceVAILiquidate flag is set to true.
Verify whether the borrower's VAI debt is greater than the minimum amount of liquidatable VAI (initially 1,000 VAI).

If the above conditions are true then the protocol checks that the current vToken sent to be liquidated is VAI, otherwise the liquidation fails.

Example 1

Given:

this feature is enabled
a user is eligible to be liquidated with the following debt:

Example 2

Given:

this feature is enabled
a user eligible to be liquidated with the following debts:

Automatic Income Allocation

In the Core Pool, liquidation income is transferred to the Liquidator contract in the form of vTokens. During a liquidation transaction, the Liquidator contract will try to redeem the protocol's portion of the liquidation incentive in vTokens for the underlying tokens. If the redemption process is successful, the underlying tokens will be sent to the ProtocolShareReserve contract. However, if the redemption fails the underlying tokens will be added to a list of pending redemptions and the Liquidator contract will try to redeem the pending redemptions again in subsequent liquidation transactions.

Distributing Seized Amount

The seized collateral is distributed between the Liquidator and the ProtocolShareReserve contract:

Liquidator's Share:
- The Liquidator receives a designated portion of the collateral as an incentive.
ProtocolShareReserve contract's Share:

Redemption Handling

The Liquidator contract attempts to redeem the protocol's portion of the liquidation incentive in underlying tokens for the VTokens:

Successful Redemption:
- If the redemption is successful, the underlying tokens are sent to the ProtocolShareReserve contract.
Failed Redemption:

Pending Redemption Management

Subsequent liquidation transactions leverage the list of pending redemptions: during each liquidation, the Liquidator contract attempts to redeem pending VTokens for their underlying tokens, and send these underlying tokens to the ProtocolShareReserve contract.

Omnichain Governance

System Overview

Omnichain Governance is designed to facilitate the execution of VIP across multiple blockchain networks, integrating with the Access Control Manager (ACM) and LayerZero communication protocol. It extends the governance model proposed by LayerZero.

Key features

VIP Types and Delays:
- Provides three VIP options: Normal, Fast-track, and Critical.
- Delays can be configured prior to remote execution on destination networks.
- Normal VIPs have the greatest delays, whereas Critical VIPs have the smallest delays, indicating their urgency and importance.

Detailed breakdown

Proposing and Voting:
- Proposers send VIPs with BNB Chain commands and remote commands.
- Voting takes place on the BNB Chain utilizing existing governance contracts.
- Proposals are validated and approved according to predetermined criteria and threshold.

Detailed overview of remote proposal execution (step-by-step)

Proposing a remote VIP on BNB Chain

A proposer submits a VIP through the existing governance mechanism on the BNB Chain.
The must VIP include a command invoking the OmnichainProposalSender::execute function which will send the remote VIP payload.
The execute function takes four arguments:

Eligibility checks and limits

Before sending the remote execution message, the system verifies eligibility based on predefined thresholds and limits. These restrictions ensure responsible resource allocation and prevent potential misuse.

Remote proposal ID generation

It's crucial to understand that the proposal ID for the remote execution on the destination network differs from the initial VIP ID proposed on the BNB Chain. This remote proposal ID starts from 1.

Message relay based on outcome

Success: If the eligibility checks and limits are met, the encoded message (payload) is relayed across chains using the LayerZero bridge.
Failure: If the checks fail, the system handles the situation differently based on the cause:
- Insufficient Gas: The retryExecute function is used to attempt redelivering the message with potentially adjusted gas fees.

Receiving and Queuing on the Destination Network

Upon successful reception by the destination network's executor contract (OmnichainGovernanceExecutor), the remote proposal enters a "Queued" state.
This queuing process applies additional eligibility checks specific to the receiving network, ensuring compliance with its governance rules and thresholds of commands limits.

Delay mechanism and execution

Once the configured delay for the remote proposal type (Normal, Fast-track, Critical) elapses, the proposal becomes eligible for execution.
Any user can then trigger the execution of the queued commands on the destination network.

Ownership and Access Control

OmnichainProposalSender (BNB Chain):
- Owned by: NormalTimelock contract on the BNB Chain.
- Authorized callers: Timelocks (Normal, Critical, Fast-track) are authorized to call the execute function on this contract.

Potential Failures and Retry Options

If a VIP fails to send the proposal from source chain (BNB Chain) to destination network, the message will be saved and can be retried with the retryExecute function. This mechanism allows for the redelivery of the message with potentially adjusted gas fees to ensure successful execution.
In case where the VIP fails to send the proposal from source chain (BNB Chain) to destination network due to non-retryable conditions and funds are stuck in the OmnichainProposalSender contract, funds can be withdrawn by invoking the fallbackWithdraw function. This ensures that funds are not permanently locked in the contract due to failed execution attempts.

Contracts overview

Contract 1: `BaseOmnichainControllerSrc`

Functionality

This contract serves as the framework for secure omnichain (cross-chain) communication. Its primary responsibilities include managing daily command limits and enabling pausing of controlled message transmission across chains.

Key features

Access Control Integration: Integrates an AccessControlManager contract to enforce access control for critical functions. This ensures that only authorised entities can execute commands, enhancing security.
Daily Command Limits: Establishes a per-chain limit on the number of commands that can be sent within a 24-hour window. This feature prevents potential abuse and maintains system stability.
Pausable: Implements a pausing mechanism, inherited from the OpenZeppelin Pausable contract. This functionality allows the contract owner to temporarily halt omnichain communication if necessary.

Architecture

Inheritance: Extends the functionalities of the Ownable and Pausable contracts from OpenZeppelin, inheriting ownership management and pausing capabilities.

State variables

accessControlManager (address): Stores the address of the AccessControlManager contract.
chainIdToMaxDailyLimit (mapping): Maps chain IDs to their corresponding daily command limits.
chainIdToLast24HourCommandsSent (mapping): Tracks the number of commands sent within the last 24 hours for each chain.

Events

SetMaxDailyLimit (event): Emitted when the daily command limit for a chain is modified.
NewAccessControlManager (event): Triggered when the address of the AccessControlManager is updated.

Functions

constructor(address accessControlManager_): Initializes the contract with the address of the AccessControlManager.
setMaxDailyLimit(uint16 chainId_, uint256 limit_): Sets the maximum daily command limit for a specific chain ID. Requires permission from the AccessControlManager.

Contract 2: `OmnichainProposalSender`

Functionality

This contract facilitates cross-chain message transmission triggered by governor proposals on the main (BNB) chain. It sends proposal execution data to designated remote chains for processing.

Key features

LayerZero Integration: Utilises the LayerZero communication protocol for efficient and reliable cross-chain message delivery.
Remote Chain Management: Allows defining trusted remote contracts (receivers) on other chains using setTrustedRemoteAddress.
Failed Message Handling: Stores the execution hashes of failed messages to facilitate resending or clearing them in case of insufficient fees or other issues.

Architecture

Inheritance: Inherits functionalities from both the ReentrancyGuard and BaseOmnichainControllerSrc contracts, providing reentrancy protection and foundational omnichain communication capabilities.

State variables

proposalCount (uint256): Tracks the total number of remote proposals.
storedExecutionHashes (mapping): Stores the execution hashes of failed messages for retry or clearing purposes.
LZ_ENDPOINT (ILayerZeroEndpoint): Interface for interacting with the LayerZero communication protocol.

Events

SetTrustedRemoteAddress (event): Triggered when a trusted remote address is set for a remote chain.
TrustedRemoteRemoved (event): Emitted when a trusted remote address is removed from storage.
ExecuteRemoteProposal (event): Indicates the execution of a proposal on a remote chain.

Functions

constructor(ILayerZeroEndpoint lzEndpoint_, address accessControlManager_): Initializes the contract with the LayerZero endpoint and the address of the AccessControlManager.
estimateFees(uint16 remoteChainId_, bytes calldata payload_, bytes calldata adapterParams_) : Estimates LayerZero fees for cross-chain message delivery based on payload and adapter parameters.

Contract 3: `BaseOmnichainControllerDest`

Functionality

This contract serves as the base for the Omnichain controller destination contract. It provides functionality related to daily command limits and pausing.

State variables

maxDailyReceiveLimit (uint256): Maximum daily limit for receiving commands from BNB Chain.
last24HourCommandsReceived (uint256): Total received commands within the last 24-hour window from BNB Chain.
last24HourReceiveWindowStart (uint256): Timestamp when the last 24-hour window started from BNB Chain.

Events

SetMaxDailyReceiveLimit (event): Emitted when the maximum daily limit for receiving commands from BNB Chain is modified.

Functions

constructor(address endpoint_): Initializes the contract with the LayerZero endpoint address.
setMaxDailyReceiveLimit(uint256 limit_): Sets the maximum daily limit for receiving commands. Only callable by the contract owner.
pause(): Triggers the paused state of the controller. Only callable by the contract owner.

Contract 4: `OmnichainGovernanceExecutor`

Functionality

This contract executes proposal transactions sent from the main chain. It controls LayerZero configuration and implements a non-blocking behavior.

State variables

GUARDIAN (address): A privileged role that can cancel any proposal.
srcChainId (uint16): Stores the layerzero endpoint ID.
lastProposalReceived (uint256): Last proposal count received.

Events

ProposalReceived (event): Emitted when a proposal is received.
ProposalQueued (event): Emitted when a proposal is queued.
ProposalExecuted (event): Emitted when a proposal is executed.

Functions

constructor(address endpoint_, address guardian_, uint16 srcChainId_): Initialises the contract with the LayerZero endpoint address, guardian address, and source chain ID.
setSrcChainId(uint16 srcChainId_): Updates the source layerzero endpoint ID. Only callable by the contract owner.
addTimelocks(ITimelock[] memory timelocks_): Adds Timelocks to the ProposalTimelocks mapping. Only callable by the contract owner.

Contract 5: `OmnichainExecutorOwner`

Functionality

The OmnichainExecutorOwner contract serves as a governance and access control mechanism for managing the OmnichainGovernanceExecutor contract. It allows the owner to control the functions that can be executed on the OmnichainGovernanceExecutor contract, upsert function signatures into a registry, and transfer ownership of the OmnichainGovernanceExecutor contract.

State variables

OMNICHAIN_GOVERNANCE_EXECUTOR (immutable):
- This variable holds the address of the OmnichainGovernanceExecutor contract and is immutable once initialized.
functionRegistry (mapping):

Events

FunctionRegistryChanged (event):
- This event is emitted when a function is added or removed from the function registry.
- It provides information about the function signature and whether it is active (added) or inactive (removed).

Functions

constructor(address omnichainGovernanceExecutor_):
- Initializes the contract with the address of the OmnichainGovernanceExecutor contract.
- This constructor ensures that the provided address is not zero.

Contract 6: `TimelockV8`

Functionality

The TimelockV8 contract is a Solidity V8 implementation of a timelock mechanism designed to execute transactions with a delay. It incorporates additional features such as setting a delay period, accepting pending admins, and queuing, executing, and canceling transactions. This contract ensures that specific transactions can only be executed after a predefined period, enhancing security and providing governance control.

Key features

Delayed Transaction Execution: Allows transactions to be queued with an associated delay period before execution.
Admin Management: Supports the transition of admin roles by accepting pending admin proposals.
Transaction Queueing: Provides functionality to queue transactions for future execution, ensuring timely processing.
Transaction Execution: Executes queued transactions after the specified delay period has elapsed, subject to admin authorisation.

Events

NewAdmin (event): Signals the acceptance of a new admin account.
NewPendingAdmin (event): Indicates the proposal of a new admin account.
NewDelay (event): Notifies when the delay period for transaction execution is updated.

Constants

DEFAULT_GRACE_PERIOD: Default grace period for executing queued transactions (14 days).
DEFAULT_MINIMUM_DELAY: Default minimum delay period for queuing transactions (1 hour).
DEFAULT_MAXIMUM_DELAY: Default maximum delay period for queuing transactions (30 days).

State variables

admin (address): Stores the address of the current admin authorised to manage the timelock.
pendingAdmin (address) : Stores the address of the proposed admin awaiting acceptance.
delay (uint256) : Specifies the delay period for executing queued transactions.

Functions

setDelay(uint256 delay_): Allows the admin to set the delay period for transaction execution.
acceptAdmin(): Enables the pending admin to accept the admin role.
setPendingAdmin(address pendingAdmin_): Allows to propose a new admin account via proposal or admin.

E-Mode

Only available on BNB Chain Core Pool.

Overview

The Venus Protocol Core Pool on BNB Chain has been enhanced with E-Mode (Efficiency Mode), a feature designed to provide users with greater capital efficiency when lending and borrowing. E-Mode introduces specialized pools of assets—such as correlated ones—each with its own customized risk parameters.

When a user activates an E-Mode pool, their borrowing is restricted to assets within that pool but with higher collateral factors (CF) and liquidation thresholds (LT) compared to the default Core Pool. A lower liquidation incentive (LI) is also applied, reducing the penalty at liquidation and making borrowing within E-Mode more efficient.

This allows users to unlock more borrowing power while keeping risk contained within the pool.

Unlike isolated pools, which fully segregate assets into separate environments, E-Mode keeps everything within the Core Pool. Users do not need to transfer assets to benefit from different risk profiles. Instead, they can simply activate an E-Mode pool, gaining higher efficiency while maintaining their existing positions. This design balances capital optimization with contained risk management, making E-Mode a powerful extension of the Core Pool.

Key Benefits of E-Mode

Increased Borrowing Power: Higher CF and LT enable users to leverage more borrowing capacity in E-Mode pools.
Reduced Liquidation Penalties: Lower LI minimizes losses during volatile market conditions.
Seamless Integration: No asset transfers are required; all operations remain in the Core Pool.
Risk Isolation: Borrowing limits prevent cross-pool exposure, reducing systemic risks.

Potential Risks and Considerations

Borrow Restrictions: Users must ensure existing borrows align with the target pool's allowed assets.
VAI Incompatibility: Users with VAI debt cannot enter E-Mode, ensuring stablecoin-specific isolation.
Parameter Changes: Governance updates (e.g., lowering CF) can impact the user positions.
Core Pool Fallback Behavior: Controlled by a per-pool flag

Comptroller Changes for E-Mode in Core Pool

The introduction of E-Mode in the Venus Core Pool on BNB Chain required significant enhancements to the Comptroller contract. These changes enable fine-grained risk management while preserving the existing Core Pool functionality. Below is a summary of the major updates:

Change

Description

Impact

The implementation extends the Comptroller contract to support:

Pool-specific risk configurations.
User-driven pool selection.
Refined, pool-based risk management.

All of this is achieved while maintaining backward compatibility with the Core Pool’s legacy operations.

Implementation Details

1. Markets Mapping

The core data structure for tracking markets has been upgraded to handle multiple pools efficiently.

Previously: Address as index

Now: bytes32 as index

Core Pool (poolId = 0): The PoolMarketId is the vToken address left-padded to 32 bytes, preserving storage layout for compatibility.
E-Mode Pools (poolId > 0): The key is constructed by combining the poolId (uint96, shifted left by 160 bits) with the vToken address (uint160).

This approach ensures:

No collisions between pool-market pairs.
Pool-specific overrides (e.g., CF/LT/LI).
Backward compatibility is preserved through updated getter functions, which return Core Pool values when called with only a vToken address, while maintaining the same function signatures.

2. Market Struct

The Market struct now includes fields to support LT, per-market LI, and pool-specific borrowing rules:

accountMembership: Stored only in Core Pool entries, since borrows and collateral are tracked globally across all pools. In E-Mode entries, this mapping remains empty for structural consistency, reducing storage overhead.
isBorrowAllowed: A pool-level flag that Governance can toggle, overriding global borrow caps for E-Mode restrictions.

3. Pool Tracking

Pools are defined and managed via a dedicated mapping for metadata and asset lists:

lastPoolId tracks the latest assigned poolId (0 is reserved for Core).
Pools hold metadata, a list of associated vTokens, and the allowCorePoolFallback flag (default: false).

Governance Workflow: New pools are created via createPool(string calldata label), which assigns the next poolId and initializes the PoolData with allowCorePoolFallback = false by default. Governance can update this behavior via setAllowCorePoolFallback(uint96 poolId, bool allowed). This allows for easy expansion to new pools like "ETH Correlated" or "BNB Derivatives" while choosing the desired fallback behavior.

4. User Pool Selection

Each user is associated with exactly one pool at a time, simplifying state management:

Defaults to 0 (Core Pool).
Switching updates userPoolId with proper validations.

This ensures all collateral and borrowing operations are evaluated within the context of the user’s active pool. Edge Case Handling: If a user's pool is disabled by Governance, their userPoolId is automatically reset to 0, triggering a fallback event.

5. Pool Markets Configuration

Governance configures E-Mode via a suite of administrative functions:

Add/Remove: addPoolMarkets and removePoolMarket manage vTokens in non-Core pools.
Borrow Control: setIsBorrowAllowed toggles borrowing eligibility.
Risk Parameters: Setters for CF, LT, and LI support poolId for E-Mode and address-only for Core.

Example Setters:

E-Mode: User Journey

1. Default State

Every user starts in the Core Pool (poolId = 0).
Core Pool applies standard parameters (lower CF/LT, higher LI).
If the user never switches pools, nothing changes—ensuring zero disruption for legacy users.

2. Explore Available Pools

Users can discover available E-Mode pools using:

Venus Lens: By calling the getAllPoolsData function to fetch pool data directly from the Comptroller. This returns supported E-Mode pools and their vTokens along with parameters such as CF, LT, LI, and borrow permissions.
Venus App UI: A user-friendly interface that displays the same information without requiring direct blockchain queries.

3. Validate Compatibility

Before switching, make sure all your borrowed assets are supported as borrowable assets in the E-Mode pool you want to enter.
If any borrowed asset is not allowed in the target pool, the enterPool transaction will revert on: hasValidPoolBorrows() check.

4. Enter the Pool

Call: enterPool(uint96 poolId)
Comptroller checks:
- Pool exists and user isn’t already in it.
- Borrow compatibility (hasValidPoolBorrows

5. Post-Entry Impacts

Borrowing: Restricted to markets marked isBorrowAllowed in chosen pool.
Collateral:
- Pool assets use pool CF/LT/LI.

Common Scenarios

Borrowed Asset Not Allowed

Example: A user has borrowed BTCB and tries to enter the Stablecoins Pool.
BTCB is not part of that pool, so it is not listed as borrowable.
Result: enterPool fails with IncompatibleBorrowedAssets.

Mixed Collateral

Users can provide collateral outside of the E-Mode pool’s listed assets if the pool’s allowCorePoolFallback flag is set to true.
If allowCorePoolFallback = true: Non-pool assets use Core Pool parameters (CF, LT, LI). Since Core Pool LI is typically higher, liquidators may target these assets first during liquidation.
If allowCorePoolFallback = false (default): Non-pool collateral

Example: In the Stablecoins Pool, a user supplies USDC + UNI:

USDC → CF/LT/LI from E-Mode (e.g., LI = 5%).
UNI →
- If allowCorePoolFallback = true: CF/LT/LI from Core Pool (e.g., LI = 10%).

Switching Back to Core

Switching back is allowed only if the account remains healthy under Core Pool’s stricter parameters.
Example: In Stablecoins Pool, a user is safe with CF = 0.90. Switching back to Core Pool with CF = 0.60 may immediately create a shortfall → reverts with LiquidityCheckFailed.
Important scenario:

Governance Changes

Governance has significant control over pool configurations, which can directly affect user positions:

Borrow Restrictions:
- Governance can set isBorrowAllowed = false for a market.
- Existing borrows remain, but new borrows are blocked.
- This behaves similarly to setting the borrow cap to 0 in the Core Pool.

Rule of Risk Factor Selection:

If a parameter (CF, LT, LI) is defined in the active E-Mode pool, that value is used.
If Governance sets a value to 0 in the pool (e.g., CF = 0), the 0 applies — it does not fall back to Core.
If the asset is not included in the E-Mode pool:

Effect on User on Switching Into E-Mode

To see how E-Mode changes borrowing power, liquidation, and borrow restrictions, let’s follow a single user journey. This example uses hypothetical parameters to illustrate key mechanics.

Pool Setup

Asset

Core Pool CF

Core Pool LT

Core Pool LI

E-Mode CF

E-Mode LT

E-Mode LI

E-Mode Borrow Allowed?

Step 1: Alex in Core Pool

Supplies: $1,000 USDC
Borrows: $500 DAI

Liquidity Calculation:

Liquidity = $100, Shortfall = $0 → safe

Step 2: Attempting to Enter Stablecoins E-Mode

Alex wants to switch to the Stablecoins Pool.

Borrowed DAI is not allowed in the target pool (isBorrowAllowed = false).
Comptroller checks fail → transaction reverts with IncompatibleBorrowedAssets.

This demonstrates borrow restrictions in E-Mode: existing borrows in disallowed markets prevent entering the pool.

Step 3: Adjusting Position and Entering

Alex repays $500 DAI → no active borrows.
Calls enterPool(stablecoinPoolId) → succeeds.

Liquidity Calculation in E-Mode:

Effect of E-Mode Activation:

Collateral Factor (CF) for USDC increases from 60% → 90%
Liquidation Incentive (LI) for USDC decreases from 10% → 5%
Can borrow USDC (allowed), but cannot borrow DAI (isBorrowAllowed = false).

Step 4: Borrowing in E-Mode

Alex borrows $500 USDC
Borrowing DAI fails (restricted by pool-level isBorrowAllowed)

Liquidity Calculation after borrow:

Step 5: Switching Back to Core

Suppose Alex borrowed up to $850 USDC in E-Mode.

Core Pool Borrow Limit:

To switch safely, Alex can either:

Add collateral → $500 more USDC → new Core borrow limit = 1500 × 0.6 = 900 → liquidity = 900 - 850 = 50 → switch succeeds.
Repay debt → reduce borrow ≤ $600 → liquidity ≥ 0 → switch succeeds.

Liquidator Considerations in E-Mode

The introduction of E-Mode in the Core Pool on BNB Chain also changes how liquidators must evaluate accounts and select assets for liquidation. To remain effective and profitable, liquidators need to adapt to the updated mechanics and new getter functions.

1. Per-Market Liquidation Incentives (LI)

The Core Pool no longer uses a global LI.
Each market now has its own per-market liquidation incentive, configurable by Governance.
Impact: Liquidators must always query the market’s specific LI before deciding which collateral to seize, since incentives may differ significantly between assets.
Strategy: Prioritize assets with higher LI when selecting which collateral to liquidate for maximum profit.

2. Liquidation Thresholds (LT) in Core Pool

The Core Pool now supports Liquidation Thresholds (LT), just like isolated pools.
Unlike Collateral Factors (CF), which only define borrow limits, LT determines liquidation conditions.
Impact: Liquidators must check account health against LT rather than CF.
Recommended Function

3. Effective Risk Factor Queries

Because E-Mode overrides Core parameters with pool-specific ones, the protocol provides new getters to return the effective factors for any user and market.

Get Effective LTV (Collateral Factor or LT depending on weighting):
- Use weightingStrategy = 0 to fetch the effective CF.
- Use weightingStrategy = 1 to fetch the effective LT.

TL;DR: E-Mode in Venus BNB Chain Core Pool

Efficiency Boost: E-Mode lets you use higher Collateral Factors (CF) and Liquidation Thresholds (LT), plus lower Liquidation Incentives (LI), for some set of assets (e.g., stablecoins).

Borrow Limits: You can only borrow from pool-approved assets (isBorrowAllowed = true). If you have borrows in non-approved assets, you can't enter; new borrows are blocked to keep risks isolated.

How Risk Factors Are Chosen:

In E-Mode Pool: Use the pool's CF/LT/LI values (even if set to 0).
If the asset isn't in your pool:
- If allowCorePoolFallback = true: Use Core Pool values.

Liquidator Notes:

Core Pool now uses per-market LI (no global incentive). Liquidators should always fetch the effective liquidation incentive for each user’s market, as markets associated with different E-Mode pools may have different LI values. Additionally, assets outside the E-Mode pool that do not contribute to borrowing power may have LI = 0, even if supplied as collateral.
Liquidation Threshold (LT) replaces CF as the trigger for liquidations—use getAccountLiquidity for checks.
Use new getters to fetch effective parameters considering pool overrides:

SetterFacet

This facet contract contains all the configurational setter functions

Solidity API

setPriceOracle

Alias to _setPriceOracle to support the Isolated Lending Comptroller Interface

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_setPriceOracle

Sets a new price oracle for the comptroller

Parameters

Name

Type

Description

Return Values

Name

Type

Description

setCloseFactor

Alias to _setCloseFactor to support the Isolated Lending Comptroller Interface

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_setCloseFactor

Sets the closeFactor used when liquidating borrows

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_setAccessControl

Sets the address of the access control of this contract

Parameters

Name

Type

Description

Return Values

Name

Type

Description

setCollateralFactor

Sets the collateral factor and liquidation threshold for a market in the Core Pool only.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

setLiquidationIncentive

Sets the liquidation incentive for a market in the Core Pool only.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

setCollateralFactor

Sets the collateral factor and liquidation threshold for a market in the specified pool.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

setLiquidationIncentive

Sets the liquidation incentive for a market in the specified pool.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_setLiquidatorContract

Update the address of the liquidator contract

Parameters

Name

Type

Description

_setPauseGuardian

Admin function to change the Pause Guardian

Parameters

Name

Type

Description

Return Values

Name

Type

Description

setMarketBorrowCaps

Alias to _setMarketBorrowCaps to support the Isolated Lending Comptroller Interface

Parameters

Name

Type

Description

_setMarketBorrowCaps

Set the given borrow caps for the given vToken market Borrowing that brings total borrows to or above borrow cap will revert

Parameters

Name

Type

Description

setMarketSupplyCaps

Alias to _setMarketSupplyCaps to support the Isolated Lending Comptroller Interface

Parameters

Name

Type

Description

_setMarketSupplyCaps

Set the given supply caps for the given vToken market Supply that brings total Supply to or above supply cap will revert

Parameters

Name

Type

Description

_setProtocolPaused

Set whole protocol pause/unpause state

Parameters

Name

Type

Description

Return Values

Name

Type

Description

setActionsPaused

Alias to _setActionsPaused to support the Isolated Lending Comptroller Interface

Parameters

Name

Type

Description

_setActionsPaused

Pause/unpause certain actions

Parameters

Name

Type

Description

_setVAIController

Sets a new VAI controller

Return Values

Name

Type

Description

_setVAIMintRate

Set the VAI mint rate

Parameters

Name

Type

Description

Return Values

Name

Type

Description

setMintedVAIOf

Set the minted VAI amount of the owner

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_setTreasuryData

Set the treasury data.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_setVenusVAIVaultRate

Set the amount of XVS distributed per block to VAI Vault

Parameters

Name

Type

Description

_setVAIVaultInfo

Set the VAI Vault infos

Parameters

Name

Type

Description

setPrimeToken

Alias to _setPrimeToken to support the Isolated Lending Comptroller Interface

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_setPrimeToken

Sets the prime token contract for the comptroller

Parameters

Name

Type

Description

Return Values

Name

Type

Description

setForcedLiquidation

Alias to _setForcedLiquidation to support the Isolated Lending Comptroller Interface

Parameters

Name

Type

Description

_setForcedLiquidation

Enables forced liquidations for a market. If forced liquidation is enabled, borrows in the market may be liquidated regardless of the account liquidity

Parameters

Name

Type

Description

_setForcedLiquidationForUser

Enables forced liquidations for user's borrows in a certain market. If forced liquidation is enabled, user's borrows in the market may be liquidated regardless of the account liquidity. Forced liquidation may be enabled for a user even if it is not enabled for the entire market.

Parameters

Name

Type

Description

setWhiteListFlashLoanAccount

Explanation: This function grants or revokes an account's permission to use the protocol's flash loan feature, enforcing access control and address validation.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_setXVSToken

Set the address of the XVS token

Parameters

Name

Type

Description

_setXVSVToken

Set the address of the XVS vToken

Parameters

Name

Type

Description

setPoolActive

updates active status for a specific pool (excluding the Core Pool)

Parameters

Name

Type

Description

📅 Events

PoolActiveStatusUpdated Emitted after the pool active status is updated.

❌ Errors

InvalidOperationForCorePool Reverts when attempting to call pool-specific methods on the Core Pool.
PoolDoesNotExist Reverts if the target pool ID does not exist.

setIsBorrowAllowed

Updates the isBorrowAllowed flag for a market in a pool.

Parameters

Name

Type

Description

📅 Events

BorrowAllowedUpdated Emitted after the borrow permission for a market is updated.

❌ Errors

PoolDoesNotExist Reverts if the pool ID is invalid.
MarketConfigNotFound Reverts if the market is not listed in the pool.

MarketFacet

This facet contract contains functions regarding markets

Solidity API

isComptroller

Indicator that this is a Comptroller contract (for inspection)

getAssetsIn

Returns the vToken markets an account has entered in the Core Pool

Parameters

Name

Type

Description

Return Values

Name

Type

Description

getAllMarkets

Return all of the markets

Return Values

Name

Type

Description

liquidateCalculateSeizeTokens

Calculate number of tokens of collateral asset to seize given an underlying amount

Parameters

Name

Type

Description

Return Values

Name

Type

Description

liquidateCalculateSeizeTokens

Calculate number of tokens of collateral asset to seize given an underlying amount

Parameters

Name

Type

Description

Return Values

Name

Type

Description

liquidateVAICalculateSeizeTokens

Calculate number of tokens of collateral asset to seize given an underlying amount

Parameters

Name

Type

Description

Return Values

Name

Type

Description

checkMembership

Returns whether the given account has entered the specified vToken market in the Core Pool

Parameters

Name

Type

Description

Return Values

Name

Type

Description

isMarketListed

Checks whether the given vToken market is listed in the Core Pool (poolId = 0)

Parameters

Name

Type

Description

Return Values

Name

Type

Description

enterMarkets

Add assets to be included in account liquidity calculation

Parameters

Name

Type

Description

Return Values

Name

Type

Description

unlistMarket

Unlists the given vToken market from the Core Pool (poolId = 0) by setting isListed to false

Parameters

Name

Type

Description

Return Values

Name

Type

Description

exitMarket

Removes asset from sender's account liquidity calculation

Parameters

Name

Type

Description

Return Values

Name

Type

Description

supportMarket

Alias to _supportMarket to support the Isolated Lending Comptroller Interface

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_supportMarket

Adds the given vToken market to the Core Pool (poolId = 0) and marks it as listed

Parameters

Name

Type

Description

Return Values

Name

Type

Description

updateDelegate

Grants or revokes the borrowing or redeeming delegate rights to / from an account If allowed, the delegate will be able to borrow funds on behalf of the sender Upon a delegated borrow, the delegate will receive the funds, and the borrower will see the debt on their account Upon a delegated redeem, the delegate will receive the redeemed amount and the approver will see a deduction in his vToken balance

Parameters

Name

Type

Description

enterPool

Allows a user to switch to a new pool (e.g., e-mode ).

Parameters

Name

Type

Description

📅 Events

PoolSelected Emitted after a successful pool switch.

❌ Errors

PoolDoesNotExist The specified pool ID does not exist.
AlreadyInSelectedPool The user is already in the target pool.
IncompatibleBorrowedAssets The user's current borrows are incompatible with the new pool.
LiquidityCheckFailed The user's liquidity is insufficient after switching pools.

createPool

Creates a new pool with the given label.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

📅 Events

PoolCreated Emitted after successfully creating a new pool.

❌ Errors

EmptyPoolLabel Reverts if the provided label is an empty string.

addPoolMarkets

Batch initializes market entries with basic config.

Parameters

Name

Type

Description

📅 Events

PoolMarketInitialized Emitted after successfully initializing a market in a pool.

❌ Errors

ArrayLengthMismatch Reverts if poolIds and vTokens arrays have different lengths or if the length is zero.
InvalidOperationForCorePool Reverts when attempting to call pool-specific methods on the Core Pool.
PoolDoesNotExist Reverts if the target pool ID does not exist.

removePoolMarket

Removes a market (vToken) from the specified pool.

Parameters

Name

Type

Description

📅 Events

PoolMarketRemoved Emitted after a market is successfully removed from a pool.

❌ Errors

InvalidOperationForCorePool Reverts if called on the Core Pool.
PoolMarketNotFound Reverts if the market is not listed in the pool.

getCollateralFactor

Get the core pool collateral factor for a vToken

Parameters

Name

Type

Description

Return Values

Name

Type

Description

getLiquidationThreshold

Get the core pool liquidation threshold for a vToken

Parameters

Name

Type

Description

Return Values

Name

Type

Description

getLiquidationIncentive

Get the core pool liquidation Incentive for a vToken

Parameters

Name

Type

Description

Return Values

Name

Type

Description

getEffectiveLtvFactor

Returns the effective loan-to-value factor (collateral factor or liquidation threshold) for a given account and market.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

getEffectiveLiquidationIncentive

Get the Effective liquidation Incentive for a given account and market

Parameters

Name

Type

Description

Return Values

Name

Type

Description

getPoolVTokens

Returns the full list of vTokens for a given pool ID.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

❌ Errors

PoolDoesNotExist Reverts if the given pool ID do not exist.
InvalidOperationForCorePool Reverts if called on the Core Pool.

markets

Returns the market configuration for a vToken in the core pool (poolId = 0).

Parameters

Name

Type

Description

Return Values

Name

Type

Description

poolMarkets

Returns the market configuration for a vToken from _poolMarkets.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

❌ Errors

PoolDoesNotExist Reverts if the given pool ID do not exist.

hasValidPoolBorrows

Returns true if the user can switch to the given target pool, i.e., all markets they have borrowed from are also borrowable in the target pool.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

VToken

Venus's vToken Contract

Abstract base for vTokens

Solidity API

transfer

Transfer amount tokens from msg.sender to dst

Parameters

Name

Type

Description

Return Values

Name

Type

Description

transferFrom

Transfer amount tokens from src to dst

Parameters

Name

Type

Description

Return Values

Name

Type

Description

approve

Approve spender to transfer up to amount from src

Parameters

Name

Type

Description

Return Values

Name

Type

Description

balanceOfUnderlying

Get the underlying balance of the owner

Parameters

Name

Type

Description

Return Values

Name

Type

Description

totalBorrowsCurrent

Returns the current total borrows plus accrued interest

Return Values

Name

Type

Description

borrowBalanceCurrent

Accrue interest to updated borrowIndex and then calculate account's borrow balance using the updated borrowIndex

Parameters

Name

Type

Description

Return Values

Name

Type

Description

seize

Transfers collateral tokens (this market) to the liquidator.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_setPendingAdmin

Begins transfer of admin rights. The newPendingAdmin must call _acceptAdmin to finalize the transfer.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_acceptAdmin

Accepts transfer of admin rights. msg.sender must be pendingAdmin

Return Values

Name

Type

Description

_setReserveFactor

accrues interest and sets a new reserve factor for the protocol using _setReserveFactorFresh

Return Values

Name

Type

Description

setAccessControlManager

Sets the address of the access control manager of this contract

Parameters

Name

Type

Description

Return Values

Name

Type

Description

_reduceReserves

Accrues interest and reduces reserves by transferring to protocol share reserve

Parameters

Name

Type

Description

Return Values

Name

Type

Description

allowance

Get the current allowance from owner for spender

Parameters

Name

Type

Description

Return Values

Name

Type

Description

balanceOf

Get the token balance of the owner

Parameters

Name

Type

Description

Return Values

Name

Type

Description

getAccountSnapshot

Get a snapshot of the account's balances, and the cached exchange rate

Parameters

Name

Type

Description

Return Values

Name

Type

Description

supplyRatePerBlock

Returns the current per-block supply interest rate for this vToken

Return Values

Name

Type

Description

borrowRatePerBlock

Returns the current per-block borrow interest rate for this vToken

Return Values

Name

Type

Description

getCash

Get cash balance of this vToken in the underlying asset

Return Values

Name

Type

Description

setReduceReservesBlockDelta

Governance function to set new threshold of block difference after which funds will be sent to the protocol share reserve

Parameters

Name

Type

Description

setProtocolShareReserve

Sets protocol share reserve contract address

Parameters

Name

Type

Description

initialize

Initialize the money market

Parameters

Name

Type

Description

exchangeRateCurrent

Accrue interest then return the up-to-date exchange rate

Return Values

Name

Type

Description

accrueInterest

Applies accrued interest to total borrows and reserves

_setComptroller

Sets a new comptroller for the market

Return Values

Name

Type

Description

_setInterestRateModel

Accrues interest and updates the interest rate model using _setInterestRateModelFresh

Parameters

Name

Type

Description

Return Values

Name

Type

Description

exchangeRateStored

Calculates the exchange rate from the underlying to the VToken

Return Values

Name

Type

Description

borrowBalanceStored

Return the borrow balance of account based on stored data

Parameters

Name

Type

Description

Return Values

Name

Type

Description

transferOutUnderlyingFlashLoan

Transfers the underlying asset to the specified address for flash loan operations.

Can only be called by the Comptroller contract. This function performs the actual transfer of the underlying asset and tracks the flash loan amount.

Parameters

Name

Type

Description

transferInUnderlyingFlashLoan

Transfers the underlying asset from the specified address for flash loan repayment.

Can only be called by the Comptroller contract. This function performs the actual transfer of the underlying asset for flash loan repayment and handles protocol fee distribution to the protocol share reserve.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

calculateFlashLoanFee

Calculates the total fee and protocol fee for a flash loan amount. Reverts if flash loans are disabled.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

setFlashLoanEnabled

Sets flash loan status for the market. Governance-restricted.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

setFlashLoanFeeMantissa

Updates the flash loan fee parameters. Governance-restricted.

Parameters

Name

Type

Description

Return Values

Name

Type

Description

Comptroller

The Comptroller is designed to provide checks for all minting, redeeming, transferring, borrowing, lending, repaying, liquidating, and seizing done by the vToken contract. Each pool has one Comptroller checking these interactions across markets. When a user interacts with a given market by one of these main actions, a call is made to a corresponding hook in the associated Comptroller, which either allows or reverts the transaction. These hooks also update supply and borrow rewards as they are called. The comptroller holds the logic for assessing liquidity snapshots of an account via the collateral factor and liquidation threshold. This check determines the collateral needed for a borrow, as well as how much of a borrow may be liquidated. A user may borrow a portion of their collateral with the maximum amount determined by the markets collateral factor. However, if their borrowed amount exceeds an amount calculated using the market’s corresponding liquidation threshold, the borrow is eligible for liquidation.

The Comptroller also includes two functions liquidateAccount() and healAccount(), which are meant to handle accounts that do not exceed the minLiquidatableCollateral for the Comptroller:

healAccount(): This function is called to seize all of a given user’s collateral, requiring the msg.sender repay a certain percentage of the debt calculated by collateral/(borrows*liquidationIncentive). The function can only be called if the calculated percentage does not exceed 100%, because otherwise no badDebt would be created and liquidateAccount() should be used instead. The difference in the actual amount of debt and debt paid off is recorded as badDebt for each market, which can then be auctioned off for the risk reserves of the associated pool.

Solidity API

enterMarkets

Add assets to be included in account liquidity calculation; enabling them to be used as collateral

Parameters

Name

Type

Description

Return Values

Name

Type

Description

📅 Events

MarketEntered is emitted for each market on success

⛔️ Access Requirements

Not restricted

❌ Errors

ActionPaused error is thrown if entering any of the markets is paused
MarketNotListed error is thrown if any of the markets is not listed

updateDelegate

Grants or revokes the borrowing delegate rights to / from an account If allowed, the delegate will be able to borrow funds on behalf of the sender Upon a delegated borrow, the delegate will receive the funds, and the borrower will see the debt on their account

Parameters

Name

Type

Description

📅 Events

DelegateUpdated emits on success

⛔️ Access Requirements

Not restricted

❌ Errors

ZeroAddressNotAllowed is thrown when delegate address is zero

exitMarket

Removes asset from sender's account liquidity calculation; disabling them as collateral

Parameters

Name

Type

Description

Return Values

Name

Type

Description

📅 Events

MarketExited is emitted on success

⛔️ Access Requirements

Not restricted

❌ Errors

ActionPaused error is thrown if exiting the market is paused
NonzeroBorrowBalance error is thrown if the user has an outstanding borrow in this market
MarketNotListed error is thrown when the market is not listed
InsufficientLiquidity error is thrown if exiting the market would lead to user's insolvency

preMintHook

Checks if the account should be allowed to mint tokens in the given market

Parameters

Name

Type

Description

⛔️ Access Requirements

Not restricted

❌ Errors

ActionPaused error is thrown if supplying to this market is paused
MarketNotListed error is thrown when the market is not listed
SupplyCapExceeded error is thrown if the total supply exceeds the cap after minting

mintVerify

Validates mint, accrues interest and updates score in prime. Reverts on rejection. May emit logs.

Parameters

Name

Type

Description

preRedeemHook

Checks if the account should be allowed to redeem tokens in the given market

Parameters

Name

Type

Description

⛔️ Access Requirements

Not restricted

❌ Errors

ActionPaused error is thrown if withdrawals are paused in this market
MarketNotListed error is thrown when the market is not listed
InsufficientLiquidity error is thrown if the withdrawal would lead to user's insolvency
SnapshotError is thrown if some vToken fails to return the account's supply and borrows

redeemVerify

Validates redeem, accrues interest and updates score in prime. Reverts on rejection. May emit logs.

Parameters

Name

Type

Description

repayBorrowVerify

Validates repayBorrow, accrues interest and updates score in prime. Reverts on rejection. May emit logs.

Parameters

Name

Type

Description

liquidateBorrowVerify

Validates liquidateBorrow, accrues interest and updates score in prime. Reverts on rejection. May emit logs.

Parameters

Name

Type

Description

seizeVerify

Validates seize, accrues interest and updates score in prime. Reverts on rejection. May emit logs.

Parameters

Name

Type

Description

transferVerify

Validates transfer, accrues interest and updates score in prime. Reverts on rejection. May emit logs.

Parameters

Name

Type

Description

preBorrowHook

disable-eslint

borrowVerify

Validates borrow, accrues interest and updates score in prime. Reverts on rejection. May emit logs.

Parameters

Name

Type

Description

preRepayHook

Checks if the account should be allowed to repay a borrow in the given market

Parameters

Name

Type

Description

⛔️ Access Requirements

Not restricted

❌ Errors

ActionPaused error is thrown if repayments are paused in this market
MarketNotListed error is thrown when the market is not listed

preLiquidateHook

Checks if the liquidation should be allowed to occur

Parameters

Name

Type

Description

❌ Errors

ActionPaused error is thrown if liquidations are paused in this market
MarketNotListed error is thrown if either collateral or borrowed token is not listed
TooMuchRepay error is thrown if the liquidator is trying to repay more than allowed by close factor
MinimalCollateralViolated is thrown if the users' total collateral is lower than the threshold for non-batch liquidations

preSeizeHook

Checks if the seizing of assets should be allowed to occur

Parameters

Name

Type

Description

⛔️ Access Requirements

Not restricted

❌ Errors

ActionPaused error is thrown if seizing this type of collateral is paused
MarketNotListed error is thrown if either collateral or borrowed token is not listed
ComptrollerMismatch error is when seizer contract or seized asset belong to different pools

preTransferHook

Checks if the account should be allowed to transfer tokens in the given market

Parameters

Name

Type

Description

⛔️ Access Requirements

Not restricted

❌ Errors

ActionPaused error is thrown if withdrawals are paused in this market
MarketNotListed error is thrown when the market is not listed
InsufficientLiquidity error is thrown if the withdrawal would lead to user's insolvency
SnapshotError is thrown if some vToken fails to return the account's supply and borrows

healAccount

Seizes all the remaining collateral, makes msg.sender repay the existing borrows, and treats the rest of the debt as bad debt (for each market). The sender has to repay a certain percentage of the debt, computed as collateral / (borrows * liquidationIncentive).

Parameters

Name

Type

Description

⛔️ Access Requirements

Not restricted

❌ Errors

CollateralExceedsThreshold error is thrown when the collateral is too big for healing
SnapshotError is thrown if some vToken fails to return the account's supply and borrows
PriceError is thrown if the oracle returns an incorrect price for some asset

liquidateAccount

Liquidates all borrows of the borrower. Callable only if the collateral is less than a predefined threshold, and the account collateral can be seized to cover all borrows. If the collateral is higher than the threshold, use regular liquidations. If the collateral is below the threshold, and the account is insolvent, use healAccount.

Parameters

Name

Type

Description

⛔️ Access Requirements

Not restricted

❌ Errors

CollateralExceedsThreshold error is thrown when the collateral is too big for a batch liquidation
InsufficientCollateral error is thrown when there is not enough collateral to cover the debt
SnapshotError is thrown if some vToken fails to return the account's supply and borrows
PriceError is thrown if the oracle returns an incorrect price for some asset

setCloseFactor

Sets the closeFactor to use when liquidating borrows

Parameters

Name

Type

Description

📅 Events

Emits NewCloseFactor on success

⛔️ Access Requirements

Controlled by AccessControlManager

setCollateralFactor

Sets the collateralFactor for a market

Parameters

Name

Type

Description

📅 Events

Emits NewCollateralFactor when collateral factor is updated
and NewLiquidationThreshold when liquidation threshold is updated

⛔️ Access Requirements

Controlled by AccessControlManager

❌ Errors

MarketNotListed error is thrown when the market is not listed
InvalidCollateralFactor error is thrown when collateral factor is too high
InvalidLiquidationThreshold error is thrown when liquidation threshold is lower than collateral factor
PriceError is thrown when the oracle returns an invalid price for the asset

setLiquidationIncentive

Sets liquidationIncentive

Parameters

Name

Type

Description

📅 Events

Emits NewLiquidationIncentive on success

⛔️ Access Requirements

Controlled by AccessControlManager

supportMarket

Add the market to the markets mapping and set it as listed

Parameters

Name

Type

Description

⛔️ Access Requirements

Only PoolRegistry

❌ Errors

MarketAlreadyListed is thrown if the market is already listed in this pool

setMarketBorrowCaps

Set the given borrow caps for the given vToken markets. Borrowing that brings total borrows to or above borrow cap will revert.

Parameters

Name

Type

Description

⛔️ Access Requirements

Controlled by AccessControlManager

setMarketSupplyCaps

Set the given supply caps for the given vToken markets. Supply that brings total Supply to or above supply cap will revert.

Parameters

Name

Type

Description

⛔️ Access Requirements

Controlled by AccessControlManager

setActionsPaused

Pause/unpause specified actions

Parameters

Name

Type

Description

⛔️ Access Requirements

Controlled by AccessControlManager

setMinLiquidatableCollateral

Set the given collateral threshold for non-batch liquidations. Regular liquidations will fail if the collateral amount is less than this threshold. Liquidators should use batch operations like liquidateAccount or healAccount.

Parameters

Name

Type

Description

⛔️ Access Requirements

Controlled by AccessControlManager

addRewardsDistributor

Add a new RewardsDistributor and initialize it with all markets. We can add several RewardsDistributor contracts with the same rewardToken, and there could be overlaping among them considering the last reward block

Parameters

Name

Type

Description

📅 Events

Emits NewRewardsDistributor with distributor address

⛔️ Access Requirements

Only Governance

setPriceOracle

Sets a new price oracle for the Comptroller

Parameters

Name

Type

Description

📅 Events

Emits NewPriceOracle on success

❌ Errors

ZeroAddressNotAllowed is thrown when the new oracle address is zero

setMaxLoopsLimit

Set the for loop iteration limit to avoid DOS

Parameters

Name

Type

Description

setPrimeToken

Sets the prime token contract for the comptroller

Parameters

Name

Type

Description

setForcedLiquidation

Enables forced liquidations for a market. If forced liquidation is enabled, borrows in the market may be liquidated regardless of the account liquidity

Parameters

Name

Type

Description

getAccountLiquidity

Determine the current account liquidity with respect to liquidation threshold requirements

Parameters

Name

Type

Description

Return Values

Name

Type

Description

getBorrowingPower

Determine the current account liquidity with respect to collateral requirements

Parameters

Name

Type

Description

Return Values

Name

Type

Description

getHypotheticalAccountLiquidity

Determine what the account liquidity would be if the given amounts were redeemed/borrowed

Parameters

Name

Type

Description

Return Values

Name

Type

Description

getAllMarkets

Return all of the markets

Return Values

Name

Type

Description

isMarketListed

Check if a market is marked as listed (active)

Parameters

Name

Type

Description

Return Values

Name

Type

Description

getAssetsIn

Returns the assets an account has entered

Parameters

Name

Type

Description

Return Values

Name

Type

Description

checkMembership

Returns whether the given account is entered in a given market

Parameters

Name

Type

Description

Return Values

Name

Type

Description

liquidateCalculateSeizeTokens

Calculate number of tokens of collateral asset to seize given an underlying amount

Parameters

Name

Type

Description

Return Values

Name

Type

Description

❌ Errors

PriceError if the oracle returns an invalid price

getRewardsByMarket

Returns reward speed given a vToken

Parameters

Name

Type

Description

Return Values

Name

Type

Description

getRewardDistributors

Return all reward distributors for this pool

Return Values

Name

Type

Description

isComptroller

A marker method that returns true for a valid Comptroller contract

Return Values

Name

Type

Description

updatePrices

Update the prices of all the tokens associated with the provided account

Parameters

Name

Type

Description

actionPaused

Checks if a certain action is paused on a market

Parameters

Name

Type

Description

Return Values

Name

Type

Description