search

Access Management

hashtag
Overview

The ZEUR protocol implements a comprehensive access management system based on OpenZeppelin's AccessManager pattern. This system provides fine-grained role-based access control, time-delayed execution for critical operations, and decentralized governance capabilities while maintaining operational security.

hashtag
Architecture

hashtag
Core Components

hashtag
1. ProtocolAccessManager

Central access control contract managing all roles and permissions:

contract ProtocolAccessManager is AccessManager {
    // Role definitions
    bytes32 public constant ADMIN_ROLE = 0x00;
    bytes32 public constant POOL_ADMIN_ROLE = keccak256("POOL_ADMIN_ROLE");
    bytes32 public constant ORACLE_ADMIN_ROLE = keccak256("ORACLE_ADMIN_ROLE");
    bytes32 public constant VAULT_ADMIN_ROLE = keccak256("VAULT_ADMIN_ROLE");
    bytes32 public constant LIQUIDATOR_ROLE = keccak256("LIQUIDATOR_ROLE");
    bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");
    bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");
    bytes32 public constant EMERGENCY_ROLE = keccak256("EMERGENCY_ROLE");
}

hashtag
2. AccessManagedUpgradeable

All protocol contracts inherit from AccessManagedUpgradeable:

hashtag
Access Control Flow

hashtag
Role Definitions

hashtag
1. ADMIN_ROLE (Root Admin)

Responsibilities:

  • Grant and revoke all other roles

  • Update access manager configuration

  • Emergency protocol controls

  • Upgrade contract implementations

Permissions:

Members:

  • Protocol multisig wallet

  • DAO governance contract (future)

hashtag
2. POOL_ADMIN_ROLE

Responsibilities:

  • Configure asset parameters (LTV, liquidation thresholds)

  • Set supply and borrow caps

  • Freeze/unfreeze assets

  • Manage interest rate models

Key Functions:

Typical Members:

  • Protocol risk management team

  • DAO risk committee

  • Automated risk management contracts

hashtag
3. ORACLE_ADMIN_ROLE

Responsibilities:

  • Add and update price feeds

  • Configure oracle parameters

  • Set emergency prices

  • Manage oracle security settings

Key Functions:

Typical Members:

  • Oracle management team

  • Automated oracle bots

  • Emergency response team

hashtag
4. VAULT_ADMIN_ROLE

Responsibilities:

  • Configure staking strategies

  • Manage vault parameters

  • Rebalance staking allocations

  • Update staking routers

Key Functions:

Typical Members:

  • Yield strategy team

  • Automated rebalancing bots

  • Vault managers

hashtag
5. LIQUIDATOR_ROLE

Responsibilities:

  • Execute liquidations

  • Call liquidation functions

  • Access liquidation incentives

Key Functions:

Typical Members:

  • Liquidation bots

  • MEV searchers

  • Keeper networks

  • Public (if open liquidations)

hashtag
6. MINTER_ROLE

Responsibilities:

  • Mint and burn tokens

  • Exclusively for Pool contract

  • Token supply management

Key Functions:

Typical Members:

  • Pool contract only

  • Automated by protocol logic

hashtag
7. PAUSER_ROLE

Responsibilities:

  • Pause/unpause protocol operations

  • Emergency response capabilities

  • Circuit breaker activation

Key Functions:

Typical Members:

  • Emergency response team

  • Automated monitoring systems

  • Protocol guardians

hashtag
8. EMERGENCY_ROLE

Responsibilities:

  • Highest priority emergency actions

  • Override normal operations

  • Recovery mechanisms

Key Functions:

Typical Members:

  • Emergency multisig

  • Incident response team

  • Core development team

hashtag
Time-Delayed Execution

hashtag
Timelock Mechanism

Critical operations require time delays to allow community review:

hashtag
Delayed Operation Types

hashtag
1. Administrative Changes (2 days)

  • Role modifications

  • Contract upgrades

  • Major parameter changes

hashtag
2. Configuration Changes (1 day)

  • Asset parameter updates

  • Risk parameter adjustments

  • Oracle configurations

hashtag
3. Emergency Operations (6 hours)

  • Asset pausing

  • Emergency price setting

  • Circuit breaker activation

hashtag
Execution Process

hashtag
Multi-Signature Integration

hashtag
Primary Multisig Configuration

ADMIN_ROLE Multisig:

  • Threshold: 3 of 5

  • Members: Core team members

  • Responsibilities: Protocol governance, upgrades, emergency response

POOL_ADMIN_ROLE Multisig:

  • Threshold: 2 of 3

  • Members: Risk management team

  • Responsibilities: Day-to-day parameter management

hashtag
Multisig Operations

hashtag
Governance Integration

hashtag
DAO Governance (Future)

Planned integration with DAO governance:

hashtag
Governance Process

  1. Proposal: Community submits governance proposal

  2. Voting: Token holders vote on proposal

  3. Execution: Successful proposals execute with timelock

  4. Implementation: Changes applied to protocol

hashtag
Security Features

hashtag
Role Separation

No single role has complete control:

hashtag
Cross-Role Validation

Critical operations require multiple roles:

hashtag
Audit Trail

All access control operations are logged:

hashtag
Access Control Best Practices

hashtag
1. Least Privilege Principle

  • Grant minimum necessary permissions

  • Regular role audits and cleanup

  • Time-limited permissions where appropriate

hashtag
2. Role Rotation

  • Regular rotation of sensitive roles

  • Revoke access for inactive members

  • Emergency role succession planning

hashtag
3. Monitoring and Alerting

  • Real-time monitoring of role usage

  • Alerts for unusual access patterns

  • Automated anomaly detection

hashtag
Emergency Procedures

hashtag
Emergency Response Levels

hashtag
Level 1: Asset Pause

  • Pause specific problematic assets

  • Maintain core protocol functionality

  • Allow user withdrawals

hashtag
Level 2: Protocol Pause

  • Pause all new operations

  • Allow emergency withdrawals only

  • Activate recovery procedures

hashtag
Level 3: Full Emergency

  • Complete protocol lockdown

  • Emergency asset recovery

  • Manual intervention required

hashtag
Emergency Roles Activation

hashtag
Role Management Interface

hashtag
Granting Roles

hashtag
Revoking Roles

The access management system provides robust security controls while enabling efficient protocol operations and future decentralized governance integration.

PreviousVault System and Liquid Staking IntegrationNextSecurity Features

Last updated