Skip to content

CenturionEconomicController

Source: CenturionEconomicController.sol

Purpose

Central accounting and policy engine for:

  • risk observation ingestion
  • dust and claim-state transitions
  • reward/repair/recovery accounting
  • reserve-backed smoothing and recoup
  • claim initiation/finalization orchestration
  • settlement lifecycle

Deployment Role

Transparent proxy target; controller of all deployed vaults.

Key State

  • ownership and pending ownership
  • factory binding and claim gatekeeper binding
  • risk freshness and network phase controls
  • reserve totals and aggregate smoothing exposure
  • per-vault seat configs, observations, ledgers, dust states, settlements
  • receipt idempotency tracking and economic-source flags

Key Functions

  • setup: initialize, setUpgradeGovernor, bindClaimGatekeeper, setFactory
  • policy: setRiskFreshnessWindow, setAggregateExposureCapBps, setFinalModelModes, hardenNetworkPhase
  • seat and reserve: initializeSeat, setTriggerArmed, setReserveCoverage, setClearedSafeEpoch, clearReserveCoverage
  • observation and receipts: updateRiskObservationFinalModel, recordVaultReceiptFinalModel, applyReserveTopUp
  • claims: initiateClaim, finalizeClaim, cancelClaim
  • exits and settlement: requestValidatorExitDynamic, recordExitAccepted, proposeSettlementWithGuard, finalizeSettlement
  • payout and drain: claimPrincipal, claimSettlementRewards, drainRemainder
  • views: runningAccounting, runningClaimableBreakdown, depositReadiness, dustAccounting

Access Control Model

  • onlyOwner for high-privilege state transitions
  • onlyFactory for seat initialization
  • beneficiary or owner scope for specific exit/claim actions
  • claim gatekeeper enforces executor and period caps

Critical Invariants

  • receipt ids are scoped and single-use.
  • reward claims must not exceed claimable bucket and current claim state.
  • settlement finalization updates exposure and debt accounting atomically.
  • reserve usage remains bounded by coverage limits and aggregate exposure caps.
  • seat principal target and effective balance configuration are constrained to phase-1 constants in current code.

Misconfiguration Risks

  • incorrect claim gatekeeper binding breaks claim authorization semantics.
  • stale or wrong risk feeds can force fail-closed, or if corrupted with privileged access, can misclassify states.
  • unsafe reserve settings can overexpose smoothing pathways.
  • network phase hardening mistakes can overconstrain or underconstrain risk appetite.