Access control in smart contracts is a critical security measure that ensures only authorized addresses can execute certain functions. It’s often managed through roles that define specific permissions, like token minting or contract pausing. Libraries like OpenZeppelin’s Ownable and AccessControl provide standardized solutions for managing these permissions, helping to safeguard the protocol’s integrity and security.

Roles

  • DEFAULT_ADMIN_ROLE
    • Granted to Community Multisig (3 out of 7)
    • For rescuing funds and pausing
  • _TIMELOCK_ROLE
    • To be granted to a Timelock Controller owned by the Community Multisig after initial setups
    • For managing user reward impacting functionalities
    • For setting permissioned address such as treasury address
    • For setting fee parameters
  • _MANAGER_ROLE
    • Granted to ops multisig (2 out of 4)
    • For managing non-user fund impacting functions
    • Adding new entries to MasterRegistry and YearnGaugeFactory
  • _PAUSER_ROLE
    • Granted to EOA / OZ Defender
    • For limiting attack vectors in emergencies
    • Stops new deposits
  • _MINTER_ROLE
    • Granted to Community Multisig
    • Used in CoveToken contract
    • Able to call mint()

Contracts

CoveToken

  • _TIMELOCK_ROLE
    • addAllowedSender(address target)
    • removeAllowedSender(address target)
    • addAllowedReceiver(address target)
    • removeAllowedReceiver(address target)
  • _MINTER_ROLE
    • mint()
      • Mints tokens to a specified address

CoveYearnGaugeFactory

  • DEFAULT_ADMIN_ROLE
    • setRewardForwarderImplementation(address impl)
    • setYsdRewardsGaugeImplementation(address impl)
    • setTreasuryMultisig(address multisig)
    • setERC20RewardsGaugeImplementation(address impl)
    • setGaugeAdmin(address admin)
  • _MANAGER_ROLE
    • deployCoveGauges()

BaseRewardsGauge

  • DEFAULT_ADMIN_ROLE
    • pause()
    • unpause()
  • _MANAGER_ROLE
    • addReward()
    • setRewardDistributor() *also allowed from current distributor
  • _PAUSER_ROLE
    • pause()

MiniChefV3

  • DEFAULT_ADMIN_ROLE
    • rescue()
    • pause()
    • unpause()
  • _TIMELOCK_ROLE
    • add()
      • Add a new LP to the pool with an allocpoint
    • set()
      • Update the given pool’s REWARD_TOKEN allocation point and IRewarder contract
    • setRewardPerSecond()
  • _PAUSER_ROLE
    • pause()

RewardForwarder

  • DEFAULT_ADMIN_ROLE
    • setTreasury()
    • setTreasuryBps()

YearnGaugeStrategy

  • Roles come from BaseStrategy / TokenizedStrategy

    • onlyManagement()

      **note: management is only given to one address

      — TokenizedStrategy

      • setPendingManagement()
      • setKeeper()
      • setEmergencyAdmin();
      • setPerformanceFee();
      • setPerformanceFeeRecipient();
      • setProfitMaxUnlockTime();

      — YearnGaugeStrategy

      • setHarvestSwapParams()
      • setMaxTotalAssets();
      • setDYfiRedeemer();

    • onlyKeepers()

      ** note: this modifier is truly isKeeperOrManagement(), so access can be given to an autonomous keeper and manager at the same time

      • report(): Function for keepers to call to harvest and record all profits accrued
        • should be called through protected relays if swaps are going to happen (which they will)

    • onlyEmergencyAuthorized()

      **note: this modifier is truly emergencyAdmin OR management

      • emergencyAdmin can only be given to one address
      • shutdownStrategy()
        • Used to shutdown the strategy preventing any further deposits
          • _strategyStorage().shutdown = true;
        • Can only be called by the current management or emergencyAdmin
      • emergencyWithdraw()
        • To manually withdraw funds from the yield source after a strategy has been shut down

CoveYFI

  • DEFAULT_ADMIN_ROLE
    • rescue()

DYfiRedeemer

  • DEFAULT_ADMIN_ROLE
    • setSlippage()
      • Sets the slippage that should be applied to DYFI -> YFI redeems
    • kill()
      • _pause()

GaugeRewardReceiver

  • DEFAULT_ADMIN_ROLE
    • rescue()

MasterRegistry

  • DEFAULT_ADMIN_ROLE
    • grantRole(_MANAGER_ROLE)
  • _MANAGER_ROLE
    • also given to DEFAULT_ADMIN_ROLE admin
    • addRegistry()
    • updateRegistry()

StakingDelegateRewards

  • DEFAULT_ADMIN_ROLE
    • recoverERC20()
      • Allows recovery of ERC20 tokens other than the staking and rewards tokens
  • _TIMELOCK_ROLE
    • setRewardsDuration()
      • Sets the duration of the rewards period for a given staking token

SwapAndLock

  • DEFAULT_ADMIN_ROLE
    • setDYfiRedeemer()
      • Sets the address of the DYfiRedeemer contract and approves it to spend dYFI

YearnStakingDelegate

  • DEFAULT_ADMIN_ROLE
    • rescueYfi()
    • rescueDYfi()
    • pause()
    • unpause()
    • addGaugeRewards()
      • Allowing new gauge deposits, does not need to be timelock’d
  • _TIMELOCK_ROLE
    • setSwapAndLock()
    • setGaugeRewardSplit()
    • setSnapshotDelegate()
    • updateGaugeRewards()
    • setPerpetualLock()
    • earlyUnlock()
    • execute()
  • _PAUSER_ROLE
    • pause()
BoostiesYearnRouter4626Ext