System Access
Governance, Roles & Privileged Access
The governance setup underpinning the smart contract functionality is designed to balance efficiency, security and trust. Where operations may be done by any network participant in a secure and efficient way, these functions are made public. Some functions are only operable by Elektro Team, but implemented such as not to invalidate the guarantees described in Section 1. Some operations, such as smart contract upgradability, will require the use of at least one additional party to act as a validator. Currently, all privileged operations can only be performed by Elektro.
Role Types
The governance setup is based on privileged roles. An address is granted a privileged role if it is added to the corresponding list by at least one other privileged address of the correct type. An account can hold none, one or multiple roles in the system. The roles and access control is managed by the RoleManager contract. Following roles exists:
Governor
The Governor role is the most privileged role in the system. An account bearing the Governor role can:
add/revoke all other roles, this includes removing the Governor role of other Governors
execute all governance functionality such as change entries in the Resolver or update the address of the contracts in the system, e.g. the Registry
Governors are assigned at construction time during deployment, new governors can be assigned by all required existing governors submitting requests for the specific address. RoleManager
is initialized with confirmationsRequired
state variable representing how many requests (confirmations) need to be done to assign a new governor.
submitAddGovernorRequest()
function is called with an address of a candidate Governor by existing governors, when the confirmationsRequired
is reached the new governor is assigned automatically with the last request submitted.
Admin
The Admin role is used to operate the system. An account bearing the admin role can:
can set/remove the allowed tokens
can set the time of the release lock and other parameters of the
FundLock
is the only role that can deploy an options market contract set
Utility
Main role for calling settlement functionality of the protocol, e.g. updatePositions()
. This role belongs to Java Matching Engine which calls ElektroLedger
smart contracts to settle all trades.
Role Specifics
Governor
The Governor is a top level controller role within the Elektro Smart Contracts ecosystem. It is used to interact with deployed Elektro smart contracts for configurations. Some of its functionalities include assigning roles in RoleManager, modifying contract addresses and registering and updating signatures in Router contracts. A Governor can assign any of the roles existing in Elektro smart contract.
The following tables describe the Smart Contracts and the functions within them a Governor is able to interact with.
Smart Contract | Function | Repository |
RoleManager | submitAddGovernorRequest | elektro-protocol-aux |
RoleManager | submitRemoveGovernorRequest | elektro-protocol-aux |
RoleManager | revokeGovernorRequestConfirmation | elektro-protocol-aux |
RoleManager | appointAdmins | elektro-protocol-aux |
RoleManager | addRoleForAddress | elektro-protocol-aux |
RoleManager | addRolesForAddresses | elektro-protocol-aux |
RoleManager | removeRoleForAddress | elektro-protocol-aux |
Resolver | bulkRegister | elektro-protocol-aux |
Resolver | register | elektro-protocol-aux |
Resolver | bulkUpdate | elektro-protocol-aux |
Resolver | updateSignature | elektro-protocol-aux |
Resolver | removeSignature | elektro-protocol-aux |
Router | setResolver | elektro-protocol-aux |
RegistryBase | setEventEmitter | elektro-protocol-aux |
RegistryBase | setTokenManager | elektro-protocol-aux |
RegistryBase | setInstanceResolver | elektro-protocol-aux |
RegistryBase | setTokenValidator | elektro-protocol-aux |
RegistryBase | setCommissionBeneficiary | elektro-protocol-aux |
TokenManagerAdmin | setElektroRegistry | elektro-protocol-aux |
TokenManagerAdmin | setTokenWrapper | elektro-protocol-aux |
FundLock | setRegistry | elektro-protocol-aux |
ElektroRegistrySetters | setFundLock | elektro-protocol-aux |
ElektroRegistrySetters | postUpgradeInitialize | elektro-protocol-aux |
ElektroSetters | setElektroEventEmitter | elektro-protocol |
Admin
Admin is a controller level role within the Elektro Smart Contracts ecosystem. Admin role is assigned by a Governor. This role is used to modify contracts' business properties such as setting releaseLock
and tradeLock
and also calling initialization functions during deployment.
The following tables describe the Smart Contracts and the functions within them an Admin is able to interact with.
Smart Contract | Function | Repository |
TokenManagerAdmin | setEthereumAddress | elektro-protocol-aux |
TokenManagerAdmin | setWETH9Address | elektro-protocol-aux |
TokenValidator | addTokensToWhitelist | elektro-protocol-aux |
TokenValidator | removeTokenFromWhitelist | elektro-protocol-aux |
FundLock | setReleaseLockInterval | elektro-protocol |
FundLock | setTradeLockInterval | elektro-protocol |
ElektroRegistry | deployElektro | elektro-protocol |
Utility
Utility Account role is used for the functions execution which are called by Elektro Java Backend.
This account is assigned by Governors.
Smart Contract | Function | Repository |
ElektroLedgerUpdate | updatePositions | elektro-protocol |
Elektro Contract
The Elektro Contract’s role is assigned to the Elektro contract address in the Elektro Protocol.
This is not necessarily a role in the conventional sense. It is not validated by RoleManager, but validated by ElektroRegistry. We limit calls to the below functions based on Registry storage mapping which signifies if a contract has been registered as a part of the system. See isValidContract
or onlyAllowedContracts
modifiers.
Smart Contract | Function | Repository |
TokenManagerAdmin | collectFundsToFundLock | elektro-protocol-aux |
ElektroEventEmitter | emitLedgerPositionMoved | elektro-protocol |
FundLock | updateBalances | elektro-protocol |
Misc
All roles are trusted and expected to act correctly at all times, e.g. never making mistakes.
All other accounts & contracts: Are untrusted, should not interact with state changing functionality of the Elektro system. Contracts interact with another. These interactions are trusted. The Registry is used and trusted to keep track of the contracts belonging to the system. This is another form of access control used within the system.
The Resolver
contracts of each router are assumed to be initialized correctly and trusted to return the correct address of the trusted implementation contract.
Last updated