Strictly Guarded Execution

A common misconception is that because Solvers "freely" manage the variable-rate loan underlying a fixed-rate position (e.g., executing spatial arbitrage to find a cheaper variable rate), they must have custody of the borrower's funds.

This is categorically false.

IRIS Protocol relies on strict, transaction-level cryptographic invariants to ensure Solvers cannot act maliciously, extract value, or compromise the collateral.

PositionGuard: The Sentinel

Any time a Solver attempts to execute an algorithmic action on a borrower's isolated EIP-1167 proxy LoanPod, the entire transaction sequence must pass validation through the PositionGuard smart contract.

PositionGuard acts as an absolute sentinel, enforcing state checks before and after the execution of the solver's payload:

1. Collateral Preservation: The borrower's collateral balance inside the Pod must never decrease below an immutable initialization threshold.

2. Debt Ceiling Constraints: The total variable debt taken out against the collateral cannot physically increase above authorized limits.

3. Health Floor Check: The loan-to-value (LTV) ratio of the underlying variable position must remain within venue-specific safe bounds, preventing reckless leveraging or aggressive margin assumption.

4. Absolute Floor (Anti-Grinding): Sophisticated solvers are cryptographically prevented from bleeding or draining positions through many infinitesimally small, cumulatively adverse actions (e.g. repeated slippage extraction).

Merkle-based Execution Verification

Furthermore, Solvers lack arbitrary code execution capability on the LoanPod. Their operational actions are meticulously constrained by the IRIS_MerkleRegistry to explicitly whitelisted function selectors.

Instead of a bulky, gas-intensive on-chain array, solver permissions are represented as highly optimized Merkle roots. During execution, solvers supply a Merkle proof verifying that their specific command (for example, invoking AaveV3UniversalAdapter.supplyAndBorrow) is pre-authorized.

They cannot transfer collateral to unverified addresses, construct malicious flashloans, or deploy funds to unvetted external protocols.

While IRIS supports a Merkle-based execution registry, this machinery is reserved for future, more complex position flows (e.g. splitting positions, debt/collateral equivalence sets, and other multi-step transformations that require richer proofs over allowed actions).

In the current version of the protocol, IRIS focuses purely on refinancing flows, which are simple enough that PositionGuard alone provides sufficient safety guarantees for all solver executions.