Access Control / Permissions

The metavault system uses Zodiac contracts for granular role allocation and responsibility segregation. The Role modifier enables whitelisted actions for curators and accountants, while the delay modifier implements time-locked actions requiring guardian verification.

  • Zodiac Documentation

  • Key Contracts: - Roles.sol - Manages SAFE permissions for access control - Delay.sol - Implements timelocked operation functionality

Action Class

Curators and accountants manage the vault through a predefined set of actions and calls. These actions are categorized as follows:

Whitelisted Actions

  • Curators can perform any whitelisted action immediately in an atomic fashion.

  • Whitelisted actions are pre-approved operations.

  • Most, if not all, operations can be executed directly through the Curator Console UI.

  • These actions are granted to the CURATOR role following a least-privilege principle.

  • Additional actions can be discussed and granted as needed.

  • Actions are typically limited to specific markets whitelisted for the MetaVault.

    • Additional markets can be enabled by admins or through a default timelocked action.

    • The admin process will apply the new configuration to grant all derived roles from newly enabled markets.

Timelocked – Whitelisted Actions

Known actions with potentially harmful outcomes depending on parameters or constraints. These actions have a short delay and require GUARDIAN verification, which may result in revocation.

Default Timelock

For any calls that do not fall under whitelisted actions, curators can submit transactions to a default timelock. These actions have a longer delay and require GUARDIAN verification, which may result in revocation.

  • These actions have a significant delay (typically a few days). Admins can expedite the process if they verify the transaction’s validity and safety.

  • The transaction will be revoked from the timelock queue and executed directly at the Safe level.

  • Transactions sent through this module must be verifiable, with all involved contracts verified on-chain. Guardians will systematically revoke any transaction where contracts in the interaction chain lack verification.

⚙️ Tip: Use timelocks for operations that modify vault configurations or market parameters. Routine liquidity and yield actions should remain under whitelisted permissions.

PreviousArchitecture OverviewNextWhitelisted Actions

Last updated