Access Management

Overview

The ZEUR protocol implements a comprehensive access management system based on OpenZeppelin's AccessManager pattern. This system provides fine-grained role-based access control, time-delayed execution for critical operations, and decentralized governance capabilities while maintaining operational security.

Architecture

Core Components

1. ProtocolAccessManager

Central access control contract managing all roles and permissions:

contract ProtocolAccessManager is AccessManager {
    // Role definitions
    bytes32 public constant ADMIN_ROLE = 0x00;
    bytes32 public constant POOL_ADMIN_ROLE = keccak256("POOL_ADMIN_ROLE");
    bytes32 public constant ORACLE_ADMIN_ROLE = keccak256("ORACLE_ADMIN_ROLE");
    bytes32 public constant VAULT_ADMIN_ROLE = keccak256("VAULT_ADMIN_ROLE");
    bytes32 public constant LIQUIDATOR_ROLE = keccak256("LIQUIDATOR_ROLE");
    bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");
    bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");
    bytes32 public constant EMERGENCY_ROLE = keccak256("EMERGENCY_ROLE");
}

2. AccessManagedUpgradeable

All protocol contracts inherit from AccessManagedUpgradeable:

Access Control Flow

Role Definitions

1. ADMIN_ROLE (Root Admin)

Responsibilities:

  • Grant and revoke all other roles

  • Update access manager configuration

  • Emergency protocol controls

  • Upgrade contract implementations

Permissions:

Members:

  • Protocol multisig wallet

  • DAO governance contract (future)

2. POOL_ADMIN_ROLE

Responsibilities:

  • Configure asset parameters (LTV, liquidation thresholds)

  • Set supply and borrow caps

  • Freeze/unfreeze assets

  • Manage interest rate models

Key Functions:

Typical Members:

  • Protocol risk management team

  • DAO risk committee

  • Automated risk management contracts

3. ORACLE_ADMIN_ROLE

Responsibilities:

  • Add and update price feeds

  • Configure oracle parameters

  • Set emergency prices

  • Manage oracle security settings

Key Functions:

Typical Members:

  • Oracle management team

  • Automated oracle bots

  • Emergency response team

4. VAULT_ADMIN_ROLE

Responsibilities:

  • Configure staking strategies

  • Manage vault parameters

  • Rebalance staking allocations

  • Update staking routers

Key Functions:

Typical Members:

  • Yield strategy team

  • Automated rebalancing bots

  • Vault managers

5. LIQUIDATOR_ROLE

Responsibilities:

  • Execute liquidations

  • Call liquidation functions

  • Access liquidation incentives

Key Functions:

Typical Members:

  • Liquidation bots

  • MEV searchers

  • Keeper networks

  • Public (if open liquidations)

6. MINTER_ROLE

Responsibilities:

  • Mint and burn tokens

  • Exclusively for Pool contract

  • Token supply management

Key Functions:

Typical Members:

  • Pool contract only

  • Automated by protocol logic

7. PAUSER_ROLE

Responsibilities:

  • Pause/unpause protocol operations

  • Emergency response capabilities

  • Circuit breaker activation

Key Functions:

Typical Members:

  • Emergency response team

  • Automated monitoring systems

  • Protocol guardians

8. EMERGENCY_ROLE

Responsibilities:

  • Highest priority emergency actions

  • Override normal operations

  • Recovery mechanisms

Key Functions:

Typical Members:

  • Emergency multisig

  • Incident response team

  • Core development team

Time-Delayed Execution

Timelock Mechanism

Critical operations require time delays to allow community review:

Delayed Operation Types

1. Administrative Changes (2 days)

  • Role modifications

  • Contract upgrades

  • Major parameter changes

2. Configuration Changes (1 day)

  • Asset parameter updates

  • Risk parameter adjustments

  • Oracle configurations

3. Emergency Operations (6 hours)

  • Asset pausing

  • Emergency price setting

  • Circuit breaker activation

Execution Process

Multi-Signature Integration

Primary Multisig Configuration

ADMIN_ROLE Multisig:

  • Threshold: 3 of 5

  • Members: Core team members

  • Responsibilities: Protocol governance, upgrades, emergency response

POOL_ADMIN_ROLE Multisig:

  • Threshold: 2 of 3

  • Members: Risk management team

  • Responsibilities: Day-to-day parameter management

Multisig Operations

Governance Integration

DAO Governance (Future)

Planned integration with DAO governance:

Governance Process

  1. Proposal: Community submits governance proposal

  2. Voting: Token holders vote on proposal

  3. Execution: Successful proposals execute with timelock

  4. Implementation: Changes applied to protocol

Security Features

Role Separation

No single role has complete control:

Cross-Role Validation

Critical operations require multiple roles:

Audit Trail

All access control operations are logged:

Access Control Best Practices

1. Least Privilege Principle

  • Grant minimum necessary permissions

  • Regular role audits and cleanup

  • Time-limited permissions where appropriate

2. Role Rotation

  • Regular rotation of sensitive roles

  • Revoke access for inactive members

  • Emergency role succession planning

3. Monitoring and Alerting

  • Real-time monitoring of role usage

  • Alerts for unusual access patterns

  • Automated anomaly detection

Emergency Procedures

Emergency Response Levels

Level 1: Asset Pause

  • Pause specific problematic assets

  • Maintain core protocol functionality

  • Allow user withdrawals

Level 2: Protocol Pause

  • Pause all new operations

  • Allow emergency withdrawals only

  • Activate recovery procedures

Level 3: Full Emergency

  • Complete protocol lockdown

  • Emergency asset recovery

  • Manual intervention required

Emergency Roles Activation

Role Management Interface

Granting Roles

Revoking Roles

The access management system provides robust security controls while enabling efficient protocol operations and future decentralized governance integration.

PreviousVault System and Liquid Staking IntegrationNextSecurity Features

Last updated