# Mellow DVT Vault boost scope
## Summary for Mellow LRT Contracts and Integration with the Lido Protocol
### Overview
With Mellow LRT, users can stake their LST tokens (or ether being converted to LST) in a set of vaults, each implementing different rewards seeking strategies. The vaults are largely focused on various restaking protocols and AVSes with an ongoing genesis case for representing LRTs built on top of the wstETH bond collateral in Symbiotic, however, the upcoming [Decentralized Validator Vault](https://snapshot.org/#/lido-snapshot.eth/proposal/0xdfb6a16a991379cd62222bb20792db7ce1dc0e2a0db17e8d7422717802f50145) (**DVV**) implements a separate strategy not connected with restaking per se.
### DVV integration with the Lido on Ethereum protocol
As part of the integration with the Lido protocol, there is a set of contracts (`StakingModule.sol` and `DefaultObolStakingStrategy.sol`) designed to work with the Lido Simple DVT Module ([operators.lido.fi](https://operators.lido.fi/)).
This allows staking ETH from the **DVV** into [Obol](https://obol.tech/)s and SSV's validator sets via [SimpleDVT](https://snapshot.org/#/lido-snapshot.eth/proposal/0xaca2da3c932542e030db8bf5b6e4420bf4aa98bd57bd62b9b8008a4b7398abb2) staking module through [StakingRouter](https://research.lido.fi/t/lip-20-staking-router/3790) and then (when the corresponding strategies are plugged to the vault, sic!) restaking it based on a chosen strategy.
### Configuration and Setup
Given that the architecture of Mellow Vaults is designed for universal application and has a complex configuration system, it is crucial to approach the initial setup with great responsibility.
The flow and particular configuration parameters are defined in [**DVV** specification](https://mellowprotocol.notion.site/Obol-Vault-a1ab952ae0a6499dbedfc45278aba5c5?pvs=25#e7def287cddc4cbda9fa762cb3d0870a).
### Focus
While revealing vulnerabilities in the generalized setup has unquestionable importance, the main focus should be on the areas defined by the **DVV** configuration parameters and their corresponding integrations with Lido.
Two scenarios should be considered explicitly:
- When the **DVV** is deployed and used together with the Lido protocol's SimpleDVT module without re-staking but involving a modified off-chain deposit bot sending txes via a private mempool to have a priority for SimpleDVT and decrease probability of the withdrawal demand pressure, see also this [issue](https://github.com/lidofinance/lido-dao/issues/839)
- When the **DVV** is upgraded later by **appending on top restaking** strategies for Symbiotic (plugging in `DefaultBondModule`, `DefaultBondTvlModule`, `DefaultBondStrategy` contracts similar to the [existing deployments](https://docs.mellow.finance/mellow-lrt-primitive/contract-deployments) for Steakhouse, Re7, Mev Capital, and P2P)
Therefore, the scope should include the Lido protocol contracts with which the Vault interacts, specifically in the context of logical and flow interconnections.
The vault should be isolated by any potential security incident impact from the protocol.
## Deployed Contracts
included into Vault and Lido integration setup (nSLOC: 1281):
```
0x5E362eb2c0706Bd1d134689eC75176018385430B ./src/Vault.sol 454
0xDee41701310f48744e6Bb4A5df6B5e714cE49133 ./src/VaultConfigurator.sol 365
- ./src/modules/DefaultModule.sol 13
0x2c73350310C2b8c721d8192bd7620D1DCB1219ce ./src/modules/erc20/ERC20TvlModule.sol 15
0xD570E16E3B62F05EcF3ff2706D331B7f56453adA ./src/modules/obol/StakingModule.sol 77
0x39D5F9aEbBEcba99ED5d707b11d790387B5acB63 ./src/oracles/ChainlinkOracle.sol 65
0x278798AE6ea76ae75b381eA0D8DF140C1D5a7712 ./src/oracles/ConstantAggregatorV3.sol 12
0xFeAFe509fae65962EF81555E3f078D58aF7ca3e9 ./src/oracles/ManagedRatiosOracle.sol 30
0x966a3b1c9d477D113630290F037b12349649d1bd ./src/oracles/WStethRatiosAggregatorV3.sol 16
0xB8eF363E1909665c18BF0CB72Cba9a8152413A2E ./src/security/DefaultProxyImplementation.sol 12
0x969A0c7699ad0AC38fE05117c81D662762443E07 ./src/security/Initializer.sol 25
0x078b1C03d14652bfeeDFadf7985fdf2D8a2e8108 ./src/strategies/SimpleDVTStakingStrategy.sol 57
- ./src/utils/DefaultAccessControl.sol 44
0xA1b3a352c3fC7cfcBD36381CC2D0b157d6843473 ./src/validators/ManagedValidator.sol 96
```
Total nSLOC: 1281
## External dependencies (not in the scope)
### Lido Contracts (nSLOC: ~2.5k)
#### Deployed addresses
https://docs.lido.fi/deployed-contracts/
#### Docs
- Lido/stETH https://docs.lido.fi/contracts/lido ()
- LidoLocator https://docs.lido.fi/contracts/lido-locator
- DepositSecurityModule https://docs.lido.fi/contracts/deposit-security-module
- WithdrawalQueue https://docs.lido.fi/contracts/withdrawal-queue-erc721
- StakingRouter https://docs.lido.fi/contracts/staking-router
- wstETH https://docs.lido.fi/contracts/wsteth
## Links and other data
### Mellow contracts deployed addresses
https://www.notion.so/mellowprotocol/Decentralized-Validator-Vault-a1ab952ae0a6499dbedfc45278aba5c5?pvs=4#d83deaf5857c4a319aa7d3b6cdfe6aaa
### Mellow vault
docs&specs:
https://mellowprotocol.notion.site/Obol-Vault-a1ab952ae0a6499dbedfc45278aba5c5
repo: https://github.com/mellow-finance/mellow-lrt/tree/features/obol-vault
commit hash:
[1c885ad9a2964ca88ad3e59c3a7411fc0059aa34](https://github.com/mellow-finance/mellow-lrt/commit/1c885ad9a2964ca88ad3e59c3a7411fc0059aa34)
deploy script:
https://github.com/mellow-finance/mellow-lrt/blob/features/obol-vault/scripts/obol/Deploy.s.sol#L35
tests:
https://github.com/mellow-finance/mellow-lrt/tree/features/obol-vault/tests/obol
## Existing audits for Mellow DVT Vault
TBD