Whitelisted Actions

To interact with the SAFE to perform whitelisted actions, an account with the CURATOR role must send an ABI-encoded transaction to the roles modifier of the SAFE (every Metavault has its own and will be shared and available at different api endpoints).

function execTransactionWithRole(
        address to,
        uint256 value,
        bytes calldata data,
        Operation operation,
        bytes32 roleKey,
        bool shouldRevert
    )

Key Parameters:

  • to: The target contract address where the action will be executed (e.g., Spectra market contracts,…)

  • data: The encoded function call containing the specific action and its parameters

  • roleKey: The role identifier that determines which permissions are checked (CURATOR_ROLE for liquidity management actions)

Timelocked Actions

Timelocked actions, whether whitelisted (smaller delay) or default time-locked actions (any actions), the curator must encode and send its transaction through the delay module using the execTransactionFromModule function.

    /// @dev Adds a transaction to the queue (same as avatar interface so that this can be placed between other modules and the avatar).
    /// @param to Destination address of module transaction
    /// @param value Ether value of module transaction
    /// @param data Data payload of module transaction
    /// @param operation Operation type of module transaction
    /// @return success Whether or not the call was successfully queued for execution
    /// @notice Can only be called by enabled modules
    function execTransactionFromModule(
        address to,
        uint256 value,
        bytes calldata data,
        Operation operation
    ) public returns (bool success);

Each delay module has its specific timelock after which the transaction becomes executable by calling executeNextTx. Anyone can call this method to execute the actions ready to be executed.

Spectra backend might facilitate the execution of such transactions in the coming iterations.

 /// @dev Executes the next transaction only if the cooldown has passed and the transaction has not expired
    /// @param to Destination address of module transaction
    /// @param value Ether value of module transaction
    /// @param data Data payload of module transaction
    /// @param operation Operation type of module transaction
    /// @notice The txIndex used by this function is always 0
    function executeNextTx(
        address to,
        uint256 value,
        bytes calldata data,
        Operation operation
    ) public;

Key Parameters:

  • to: The target contract address where the action will be executed

  • data: The encoded function call containing the specific action and its parameters

  • operation: Use Call (0) for all operations - DelegateCall are not authorized

Curator Permission Scope

For a list of whitelisted permissions and constraints, see the Tokens Approvals table below.

An API endpoint is available to check on the available permissions set in the roles modifiers and delay module.

Pausing the Vault

The vault can be paused at two different levels, providing granular control over system operations:

1. Vault-Level Pause (AsyncVault)

  • Scope: Affects only the underlying infrastructure vault

  • Access: Controlled by the SAFE

  • Functions: pause() and unpause() functions

  • Impact: Prevents all user deposit and withdrawal actions in the vault while maintaining curator access to the SAFE

2. System-Level Pause (SAFE Modules)

  • Scope: Affects the entire metavault system

  • Method: Disable the delay module and roles modifier module from the SAFE

  • Access: Only SAFE account owners (typically multisig signers)

  • Impact: Completely disconnects all access control mechanisms, leaving only direct SAFE account access for emergency administration

Emergency Response: The system-level pause provides the highest security level, effectively isolating the vault from all automated operations and requiring manual intervention through the SAFE.

Tokens Approvals

Here is the list of allowed approvals

Contract

Allowed Targets

Constraints

underlying (e.g USDC)

pts, zaps, interest-bearing tokens, spectra 4626 wrapper

only approvals for underlying of approved markets to their respective

Interest-bearing tokens (e.g. Morpho Vault USDC)

pts, zaps, wrappers, pools

only approvals for underlying of approved markets

Markets LP tokens

zaps

only approvals for lp tokens of approved markets

Vault Share

spectra 4626 wrapper (the IBT of the market)

Principal Tokens Functions

Function

Allowed Targets

Constraints

claimYield

only pts of enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

claimYieldInIBT

only pts of enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

redeem

only pts of enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

redeemForIBT

only pts of enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

deposit

only pts of enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

depositIBT

only pts of enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

withdraw

only pts of enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

withdrawIBT

only pts of enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

Liquidity Zaps Functions

Function

Allowed Targets

Constraints

addLiquidityWithWrap

liquidity zap

only enabled markets

addLiquidityWithAssets

liquidity zap

only enabled markets

addLiquidityWithIBT

liquidity zap

only enabled markets

removeLiquidity

liquidity zap

only enabled markets

redeemLiquidityUnderlying

liquidity zap

only enabled markets

redeemLiquidityIBT

liquidity zap

only enabled markets

Interest Bearing Tokens Functions

Function

Allowed Targets

Constraints

redeem

only ibts of enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

deposit

only ibts of enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

Spectra ERC4626 Wrappers Functions

Function

Allowed Targets

Constraints

wrap

only wrappers of enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

unwrap

only wrappers of enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

Spectra Markets Functions

Function

Allowed Targets

Constraints

add_liquidity

only enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

remove_liquidity

only enabled markets

the receiver of the tokens is restricted to the Metavault’s SAFE

Revocation & Emergency Management

The MetaVault platform implements a comprehensive oversight system to address curator misconduct and emergency situations, ensuring user asset protection at all times.

Revocation Triggers

The system monitors for the following critical issues that may warrant curator access revocation:

  • Settlement Failures: Curator failure to prepare the Safe with sufficient assets before settlement calls

  • Economic Harm: Execution of transactions that exceed defined loss thresholds or cause significant financial damage

  • System Abuse: Misuse of timelocked default calls or submission of spam transactions that disrupt operations

Revocation Process

When revocation triggers are activated, the following emergency response protocol is initiated. The ADMIN disconnects all curator access control modules from the SAFE.

PreviousAccess Control / PermissionsNextRoles

Last updated