Changelog

Versions

v5.x · in progress · Upcoming

• Type — Major upgrade, full redeploy with corrected admin architecture
• Status — In progress. Vault branch vault/v5.0, self-audit v2.0 draft (commit e923006).
• Contracts — TBD, published on deploy
• What changes:
  • ERC-7540 async vault compliance (~300 LOC rework on redeem surface)
  • Fee governance with immutable caps (setPerformanceFee capped 20%, setManagementFee capped 2%)
  • Slippage overloads on deposit/mint (minSharesOut, maxAssetsIn)
  • drainResidual eliminated — zero admin drain surface
  • EMERGENCY_COUNCIL_ROLE dormant (pause-only, granted in Phase 1+ to Safe external advisors)
  • OZ TimelockControllerUpgradeable wrapping with tier overlay (compatible with OZ Governor + Tally + Defender)
  • Storage namespace 7-layer linearization (reduced from v4.1's 10 after S1 reverts of ERC20Votes + ERC20Permit + referrer overloads — those will move to the Phase 2+ $ASPE token)
• Audit — SEC-004 v2.0 (once approved)
• Supersedes — v4.1

v4.1 · 2026-04-16 · drainResidual hotfix

• Type — Upgrade (implementation replacement, proxy unchanged)
• Status — Active (current)
• Implementation — 0x40FBdE06EBD2aE6F40CbA360F7692E5eD20FAA8f
• Summary — Separates perps/spot bridge in the drainResidual admin path to prevent cross-contamination when draining residual balances during emergency scenarios.
• Root cause in v4 — drainResidual did not distinguish between perps and spot balances, creating a subtle state-consistency issue under specific bridge timing. No depositor impact observed in v4 (pre-fix), but behavior was tightened before extending external access.
• Supersedes — v4

v4 · 2026-04-16 · Agent wallet re-registration

• Type — Upgrade (implementation replacement, proxy unchanged)
• Status — Deprecated (superseded by v4.1 same day)
• Implementation — 0xf198F379b25d23339c4B5E2A277283b347F76c4B
• Summary — initializeV2 re-registered the agent wallet in HyperCore to complete the handover from the v3 autonomous deploy flow.
• Supersedes — v3-autonomous

v3-autonomous · 2026-04-01 · Initial mainnet deploy

• Type — Initial deploy on the current proxy
• Status — Deprecated (superseded)
• Proxy (stable across v3 → v4 → v4.1) — 0xe67c82f0970D66d8b84dB43F2392E77CE7e4ED75
• Implementation — 0x86c5296ED6b67C68845FE1FA1F76b18893b4508e
• Timelock — 0xa284Cb2908EAd1F430c7eC13fF9fd3459780F5CB
• Router — 0xb14291b3101ca1eA84179E938FeF4C8E80b73437
• Summary — First mainnet deployment on the current proxy with autonomous operation flag. Started the 3-month on-chain track record clock that gates Phase 1.

v1 · paused

• Type — Deprecation
• Status — Paused — do not use
• Proxy — 0x161c64100D21E7728B0A291C2e2cdcF52A740FF5
• Timelock — 0x3919eB86FB1ed98e436A127cC4DBC73C5eEA46C8
• Router — 0x55AEa497F009119D7b51ed6D2C136aC032BCBAf8
• Root cause — sendToHyperCore bug (internal reference D18) + governance deadlock (D20). $20 USDC lost at system address. No depositor funds were affected — the vault was in operator-capital-only phase.
• Lesson — admin architecture must separate concerns between operator EOA, timelock, and emergency pause. v1 conflated roles; v5 separates them with explicit tiers (Meta / Operational / Emergency).

Reading the changelog

• Proxy vs implementation. The proxy is the stable address depositors interact with. The implementation is the bytecode the proxy points to; it changes on UUPS upgrades. The proxy 0xe67c82…ED75 has been the depositor-facing address since the v3 deploy. Previous v1 (0x161c64…) was a separate proxy, now paused and unrelated.
• Audits. Self-audits are published at /audit/ with immutable commit hashes. v2.0 audits commit e923006 (v5). v1.0 audited v4.1 (fd06ce1) and is archived internally — not published externally because v5 supersedes v4.1 before external capital.
• Deprecation ≠ loss. When a version is marked "Deprecated (superseded)", it means a newer implementation is the current pointer of the proxy. Funds follow the proxy; depositors don't need to migrate. The exception is v1 "Paused", which was a separate proxy — those addresses are no longer part of the protocol.

Links