> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cove.finance/llms.txt
> Use this file to discover all available pages before exploring further.

# Access Controls

> Access controls for Boosties

Access control in smart contracts is a critical security measure that ensures
only authorized addresses can execute certain functions. It's often managed
through roles that define specific permissions, like token minting or contract
pausing. Libraries like OpenZeppelin's
[Ownable](https://docs.openzeppelin.com/contracts/5.x/access-control#ownership-and-ownable)
and
[AccessControl](https://docs.openzeppelin.com/contracts/5.x/access-control#role-based-access-control)
provide standardized solutions for managing these permissions, helping to
safeguard the protocol's integrity and security.

## Roles

* `DEFAULT_ADMIN_ROLE`
  * Granted to Community Multisig (3 out of 7)
  * For rescuing funds and pausing
* `_TIMELOCK_ROLE`
  * To be granted to a Timelock Controller owned by the Community Multisig after initial setups
  * For managing user reward impacting functionalities
  * For setting permissioned address such as treasury address
  * For setting fee parameters
* `_MANAGER_ROLE`
  * Granted to ops multisig (2 out of 4)
  * For managing non-user fund impacting functions
  * Adding new entries to MasterRegistry and YearnGaugeFactory
* `_PAUSER_ROLE`
  * Granted to EOA / OZ Defender
  * For limiting attack vectors in emergencies
  * Stops new deposits
* `_MINTER_ROLE`
  * Granted to Community Multisig
  * Used in CoveToken contract
  * Able to call `mint()`

## Contracts

### CoveToken

* \_TIMELOCK\_ROLE
  * addAllowedSender(address target)
  * removeAllowedSender(address target)
  * addAllowedReceiver(address target)
  * removeAllowedReceiver(address target)
* \_MINTER\_ROLE
  * mint()
    * *Mints tokens to a specified address*

### CoveYearnGaugeFactory

* *DEFAULT\_ADMIN\_ROLE*
  * setRewardForwarderImplementation(address impl)
  * setYsdRewardsGaugeImplementation(address impl)
  * setTreasuryMultisig(address multisig)
  * setERC20RewardsGaugeImplementation(address impl)
  * setGaugeAdmin(address admin)
* *\_MANAGER\_ROLE*
  * deployCoveGauges()

### BaseRewardsGauge

* *DEFAULT\_ADMIN\_ROLE*
  * pause()
  * unpause()
* *\_MANAGER\_ROLE*
  * addReward()
  * setRewardDistributor() \*also allowed from current distributor
* \_PAUSER\_ROLE
  * pause()

### MiniChefV3

* *DEFAULT\_ADMIN\_ROLE*
  * rescue()
  * pause()
  * unpause()
* *\_TIMELOCK\_ROLE*
  * add()
    * *Add a new LP to the pool with an allocpoint*
  * set()
    * *Update the given pool's REWARD\_TOKEN allocation point and `IRewarder` contract*
  * setRewardPerSecond()
* \_PAUSER\_ROLE
  * pause()

### RewardForwarder

* *DEFAULT\_ADMIN\_ROLE*
  * setTreasury()
  * setTreasuryBps()

### YearnGaugeStrategy

* Roles come from BaseStrategy / TokenizedStrategy

  * onlyManagement()

    \*\*note: management is only given to one address

    — TokenizedStrategy

    * setPendingManagement()
    * setKeeper()
    * setEmergencyAdmin();
    * setPerformanceFee();
    * setPerformanceFeeRecipient();
    * setProfitMaxUnlockTime();

    — YearnGaugeStrategy

    * setHarvestSwapParams()
    * setMaxTotalAssets();
    * setDYfiRedeemer();

  * onlyKeepers()

    \*\* note: this modifier is truly isKeeperOrManagement(), so access can be given to an autonomous keeper and manager at the same time

    * report(): *Function for keepers to call to harvest and record all profits accrued*
      * *should be called through protected relays if swaps are going to happen* (which they will)

  * onlyEmergencyAuthorized()

    \*\*note: this modifier is truly emergencyAdmin OR management

    * emergencyAdmin can only be given to one address
    * shutdownStrategy()
      * *Used to shutdown the strategy preventing any further deposits*
        * \_strategyStorage().shutdown = true;
      * *Can only be called by the current `management` or `emergencyAdmin`*
    * emergencyWithdraw()
      * *To manually withdraw funds from the yield source after a strategy has been shut down*

### CoveYFI

* *DEFAULT\_ADMIN\_ROLE*
  * rescue()

### DYfiRedeemer

* DEFAULT\_ADMIN\_ROLE
  * setSlippage()
    * *Sets the slippage that should be applied to DYFI -> YFI redeems*
  * kill()
    * \_pause()

### GaugeRewardReceiver

* *DEFAULT\_ADMIN\_ROLE*
  * rescue()

### MasterRegistry

* *DEFAULT\_ADMIN\_ROLE*
  * grantRole(*\_MANAGER\_ROLE)*
* *\_MANAGER\_ROLE*
  * also given to *DEFAULT\_ADMIN\_ROLE admin*
  * addRegistry()
  * updateRegistry()

### StakingDelegateRewards

* *DEFAULT\_ADMIN\_ROLE*
  * recoverERC20()
    * *Allows recovery of ERC20 tokens other than the staking and rewards tokens*
* *\_TIMELOCK\_ROLE*
  * setRewardsDuration()
    * *Sets the duration of the rewards period for a given staking token*

### SwapAndLock

* *DEFAULT\_ADMIN\_ROLE*
  * setDYfiRedeemer()
    * *Sets the address of the DYfiRedeemer contract and approves it to spend dYFI*

### YearnStakingDelegate

* *DEFAULT\_ADMIN\_ROLE*
  * rescueYfi()
  * rescueDYfi()
  * pause()
  * unpause()
  * addGaugeRewards()
    * Allowing new gauge deposits, does not need to be timelock’d
* \_TIMELOCK\_ROLE
  * setSwapAndLock()
  * setGaugeRewardSplit()
  * setSnapshotDelegate()
  * updateGaugeRewards()
  * setPerpetualLock()
  * earlyUnlock()
  * execute()
* \_PAUSER\_ROLE
  * pause()
