Access Controls
The Master Spool Owner (The Spool DAO) can change the Spool's owner, the Spool owner themselves can also transfer ownership.
The Master Spool owner is the Spool DAO and by design it can transfer Spool ownership to another address. There are multiple reasons for this. Most importantly to remove a bad actor as a Spool owner (e.g. a Spool owner could add vault-incentive rewards that reverted, effectively bricking the Spool).
In order for the Spool Ecosystem to work there's a subset of roles and owners that can alter state and hold certain privileges. A list of these access controls is compiled below:
The Controller contract contains the following privileged roles:
- Can add strategies by calling
addStrategy() - Can call
setEmergencyWithdrawer() - Can call
setEmergencyRecipient()
- Receives funds when
removeStrategyAndWithdraworemergencyWithdraware called
- Can call
removeStrategyAndWithdraw() - Can call
removeStrategy() - Can call
emergencyWithdraw() - Can call
runDisableStrategy()
The SpoolReallocation contract contains the following privileged roles:
- Can call
reallocateVaults()
The FeeHandler contract contains the following privileged roles:
- Can call
setEcosystemFee()(This is limited, hard coded, at 20%) - Can call
setTreasuryFee()(This is limited, hard coded, at 10%) - Can call
setEcosystemCollector() - Can call
setTreasuryCollector()
The RiskProviderRegistry contract contains the following privileged roles:
- Can call
addProvider()- In order to add a new Risk Model Provider after a Governance Vote.
- Can call
removeProvider()- In order to remove a Risk Model Provider after a Governance Vote.
The SpoolBase contract contains the following privileged roles:
- Can call
setAllocationProvider() - Can call
setDoHardWorker() - Can call
setForceOneTxDoHardWork() - Can call
setLogReallocationProportions() - Can call
setAwaitingEmergencyWithdraw()
The SpoolRewardDrip contract contains the following privileged roles:
- Can call
updatePeriodFinish() - Can call
claimFinishedRewards() - Can call
forceRemoveReward()
- Can call
addToken() - Can call
notifyRewardAmount() - Can call
setRewardsDuration() - Can call
removeReward()
The VaultBase contract contains the following privileged roles:
- Can call
updateName() - Can call
transferVaultOwner()
- Can call
transferVaultOwner()
Besides the Code Base Access, there is a subset of roles within the Spool Ecosystem with privileged access. This subset of roles are detailed below.
Who controls this role?
The Spool DAO Multisignature Wallet, which acts exclusively on the conclusion of Snapshot Votes. Currently a 10/16 multisignature wallet:
- The on-chain execution of Snapshot votes will be implemented.
- This is the most powerful role in the Spool Ecosystem and as such should be the most protected.
- These actions are not called often.
spoolOwnerinherits permissions ofvaultOwner.
Which actions can this role take?
Controller.soladdStrategy: Add (new) Strategies (addresses) to the Spool EcosystemsetEmergencyWithdrawer: Set the address(es) that can call the emergency withdraw functionsetEmergencyRecipient: Set the address to which funds are sent to ifemergencyWithdrawis called. If this is not set, it defaults to theemergencyWithdrawerpause: Emergency pause of SpoolunPause: Unpause Spool after emergency pause
FeeHandler.solsetEcosystemFee: Set the Ecosystem Fee charged on profits generated once a User withdraws funds from a Spool, this Ecosystem Fee is limited to 20%, hard codedsetTreasuryFee: Set the Treasury Fee charged on profits generated once a user withdraws funds from a Spool, this Treasury Fee is limited to 10%, hard codedsetEcosystemCollector: Set the address Ecosystem fees will be attributed tosetTreasuryCollector: Set the address Treasury Fees will be attributed to
RiskProviderRegistry.soladdProvider: Add a Risk Model Provider (address) to the Risk Provider Registry that Users can choose from when creating a SpoolremoveProvider: Remove a Risk Provider(address) from the Risk Provider Registry
SpoolBase.sol (Part of Spool.sol)setAllocationProvider: Set the address that can set the allocation of funds in relation to an individual Spool's chosen Risk Provider Scores and Risk Appetite scoressetDoHardWorker: Add a DoHardWorker (address) to the DoHardWorker whitelistsetForceOneTxDoHardWork: Set flag to force DoHardWork to be executed in a single transaction instead of multiplesetLogReallocationProportions: Exists solely for debugging purposes. When Spool reallocates, a server will first simulate this call while setting this to true to get data to support underlying spool infrastructure.setAwaitingEmergencyWithdraw: Failsafe function to assist with emergency withdraw functions
RewardDrip.sol (Part of Vault.sol)updatePeriodFinish: Sets the ending time for incentive tokensclaimFinishedRewards: Send unclaimed reward tokens, when the incentive period has finished send unclaimed reward tokens to Spool DAO (address)forceRemoveReward: Forcibly remove a reward in the case of a malicious reward token and add to blacklistaddToken: Add an incentive token to an existing SpoolnotifyRewardAmount: Sets or increases reward token amount and duration
VaultBase.sol (Part of Vault.sol)updateName: Update the User-given name of a User-created Spool (Vault) (e.g. due to profanity)transferVaultOwner: Transfers ownership from the current User (address) of a User-created Spool to a new User (address). We are of the opinion this should never be used. However, it is a requirement for certain real world entities to participate in the Spool Ecosystem
Who controls this role?
Address set with
setEmergencyRecipient. Can only be set by spoolOwner role. Currently a 10/16 multisignature wallet:Which actions can this role take?
- Receives funds when
removeStrategyAndWithdrawis called - Receives funds when
emergencyWithdrawis called
Who controls this role?
Address set with
setEmergencyWithdrawer. Can only be set by spoolOwner role. Currently a 3/15 multisignature wallet with signatures spread across various time zones.Which actions can this role take?
Controller.solremoveStrategyAndWithdraw: Combines the two below mentioned functions into a single callremoveStrategy: Blacklists a strategy from the Spool SystememergencyWithdraw: Removes all funds from the specified strategy and sends funds to Spool DAO Multisignature walletrunDisableStrategy: Helper function for emergency withdraw edge cases
Who controls this role?
Address set with
setAllocationProvider. Can only be set by spoolOwner role. Currently a 3/5 multisignature wallet.Which actions can this role take?
SpoolReallocation.solreallocateVaults: Set allocation of funds in relation to an individual Spool's chosen Risk Provider Scores and Risk Appetite Setting
Who controls this role?
The Creator / User (address) of one or multiple Spools (Vaults).
Which actions can this role take?
RewardDrip.soladdToken: Adds an incentive token to a User-owned Spool in order to reward Users (addresses) that interact with said SpoolnotifyRewardAmount: Sets or increases reward token amount and durationremoveReward: Allows a vault owner (address) to remove a previously added reward token they have added to incentivize users to interact with their Spool. Can only be called after the reward duration has finished
VaultBase.sol (Part of Vault.sol)transferVaultOwner: Allows a vault (Spool) owner (address) to transfer ownership of their created vault to another address
Who controls this role?
A whitelisted address tasked with executing predefined, expensive actions needed for the Spool Ecosystem to perform efficiently. Currently a 3/5 multisignature wallet.
Which actions can this role take?
spoolDoHardWork.solbatchDoHardWork:- Deposits pending deposits, after delta calculations, into selected strategies
- Withdraws pending withdraws, after delta calculations, from selected strategies
- Claims, swaps, and compounds external protocol/strategy reward tokens
batchDoHardWorkReallocation:- All of the actions in batchDoHardWork, plus:
- Reallocates funds across strategies to fall in line with the amalgamated Spool allocations in relation to individual Spool selected Risk scores and Risk Appetite
Last modified 4mo ago