Hi all, my name is Lucas Manuel and I am the Smart Contracts Tech Lead at Maple Finance. Today I’m very excited to announce that we have open sourced all of our smart contract repositories for Maple 2.0 - our largest engineering update yet.

In this article I share links to all of the repositories, audits and test suites necessary to bring Maple 2.0 to market safely. This will be the first article of many, so I hope you enjoy the read, and please reach out with questions or feedback via Twitter.

Maple 2.0 is a complete overhaul of the Maple protocol, designed to be much more flexible, modular and scalable. We worked on the design and development of Maple 2.0 for nearly 12 months, making sure to incorporate all of our learnings from the market since launch in May 2021. The release includes:

-- Scheduled and prorated withdrawals to provide certainty to LPs regarding when they can access their liquidity and to ensure fair distribution.

-- Removal of lockup periods so LPs can request to withdraw at any time.

-- Stable value during first-loss capital liquidation as it is now solely denominated in the Pool asset.

-- Functionality to declare default immediately to ensure a fair distribution of losses to all LPs.

-- Auto-compounding interest, removing the administration of redepositing.

-- Adoption of ERC-4626 standards to unlock opportunities for DeFi integrations and partnerships.

-- Increased customizability of fee structuring to support more Delegates and their strategies.

-- Increased capabilities for protocol management by the Maple DAO.

The Maple 2.0 protocol was deployed in December 2022, and in order to have the best user experience, all of the existing value in the V1 protocol was migrated and airdropped. This was a significant procedure, with over $110 million in value being moved on chain.

GitBook Documentation

All technical documentation in relation to Maple V2.0 is contained within our GitBook. The Maple smart contracts team believes that comprehensive documentation is a crucial component to a project’s success as it contributes to more in-depth audits, better integrations, and a higher likelihood that white hat hackers will have the necessary knowledge to communicate an issue through our Immunefi bug bounty. We encourage everyone to take a look at our documentation and provide feedback, as we want to ensure that all of the technical concepts are explained in an intuitive manner to a first time reader.

GitHub Open Sourcing

Built using Foundry and published to GitHub, the maple-core-v2 repository contains all protocol smart contracts (imported as submodules so integration tests can be run across versions). It also contains all integration tests, mainnet scripting, and simulations that were used over the course of the development of Maple 2.0.

Anyone can now dive into how we’ve implemented all of Maple V2’s core smart contract architecture, access and run our contract test suite using Foundry, and run all of the simulations that were performed prior to our deployments and liquidity migration.

These repos are open sourced, alongside erc20, erc20-helper, proxy-factory and revenue-distribution-token in Maple’s continual effort to give back to the smart contract development ecosystem.

I’m also particularly fond of writing technical documentation on some of our more interesting mechanisms, such as continuous interest accrual in Pool Accounting and our WithdrawalManager.

Testing and Auditing the Contracts

Every function in the protocol has been extensively tested with edge cases and adversarial situations considered. Prior to the liquidity migration, over 20 end-to-end rehearsals were conducted, as well as many mainnet fork simulations using Foundry. The liquidity migration procedure was an extensive process so it will be covered in more depth in an additional article.

Security at Maple is of the utmost priority, which is why our contract test suite includes over 1400 separate tests including:

-- Unit tests

-- Integration tests

-- Fuzz tests

-- Invariant tests

-- End-to-end scenario tests

-- Invariant regression tests

-- Business requirement simulations

-- Mainnet lifecycle simulations

-- Mainnet liquidity migration simulations

In addition, all smart contracts on mainnet are continuously being monitored for critical violations of our 30+ protocol invariants. These invariants are being checked every block by Tenderly Web3 Actions, and are integrated with emergency notification systems to alert the incident response team immediately.

Prior to deployment, the engineering team engaged with three leading audit firms to get Maple 2.0 safely to market:

-- Trail of Bits

-- Spearbit

-- Three Sigma

Between the three audits, 9 engineers reviewed the codebase, totalling 28 engineer-weeks. Those interested can read the reports from the auditors here.

The Maple team also has an ongoing bug bounty with Immunefi to incentivize the reporting of high and critical severity bugs to the Maple incident response team so they can be addressed safely to protect user funds.

In Summary

The Maple smart contracts team has worked extremely hard on this release and we are very proud of the results. This release includes all of our learnings over the last year and a half and architecturally sets us up very well for future scaling and flexibility of the protocol.

We have proved product market fit with Maple V1, scaling to facilitate over $1.9 billion in loan originations. Maple V2 is designed to be iteratively improved upon and customizable for each new use case, in order to help us scale to tens of billions and beyond.