System Access
Governance, Roles & Privileged Access
Last updated
Was this helpful?
Governance, Roles & Privileged Access
Last updated
Was this helpful?
The governance setup underpinning the smart contract functionality is designed to balance efficiency, security and trust. Where operations may be done by any network participant in a secure and efficient way, these functions are made public. Some functions are only operable by Elektro Team, but implemented such as not to invalidate the guarantees described in Section 1. Some operations, such as smart contract upgradability, will require the use of at least one additional party to act as a validator. Currently, all privileged operations can only be performed by Elektro.
The governance setup is based on privileged roles. An address is granted a privileged role if it is added to the corresponding list by at least one other privileged address of the correct type. An account can hold none, one or multiple roles in the system. The roles and access control is managed by the RoleManager contract. Following roles exists:
The Governor role is the most privileged role in the system. An account bearing the Governor role can:
add/revoke all other roles, this includes removing the Governor role of other Governors
execute all governance functionality such as change entries in the Resolver or update the address of the contracts in the system, e.g. the Registry
Governors are assigned at construction time during deployment, new governors can be assigned by all required existing governors submitting requests for the specific address. RoleManager is initialized with confirmationsRequired state variable representing how many requests (confirmations) need to be done to assign a new governor.
submitAddGovernorRequest() function is called with an address of a candidate Governor by existing governors, when the confirmationsRequired is reached the new governor is assigned automatically with the last request submitted.
The Admin role is used to operate the system. An account bearing the admin role can:
can set/remove the allowed tokens
can set the time of the release lock and other parameters of the FundLock
is the only role that can deploy an options market contract set
Main role for calling settlement functionality of the protocol, e.g. updatePositions(). This role belongs to Java Matching Engine which calls ElektroLedger smart contracts to settle all trades.
The Governor is a top level controller role within the Elektro Smart Contracts ecosystem. It is used to interact with deployed Elektro smart contracts for configurations. Some of its functionalities include assigning roles in RoleManager, modifying contract addresses and registering and updating signatures in Router contracts. A Governor can assign any of the roles existing in Elektro smart contract.
The following tables describe the Smart Contracts and the functions within them a Governor is able to interact with.
Smart Contract
Function
Repository
RoleManager
submitAddGovernorRequest
elektro-protocol-aux
RoleManager
submitRemoveGovernorRequest
elektro-protocol-aux
RoleManager
revokeGovernorRequestConfirmation
elektro-protocol-aux
RoleManager
appointAdmins
elektro-protocol-aux
RoleManager
addRoleForAddress
elektro-protocol-aux
RoleManager
addRolesForAddresses
elektro-protocol-aux
RoleManager
removeRoleForAddress
elektro-protocol-aux
Resolver
bulkRegister
elektro-protocol-aux
Resolver
register
elektro-protocol-aux
Resolver
bulkUpdate
elektro-protocol-aux
Resolver
updateSignature
elektro-protocol-aux
Resolver
removeSignature
elektro-protocol-aux
Router
setResolver
elektro-protocol-aux
RegistryBase
setEventEmitter
elektro-protocol-aux
RegistryBase
setTokenManager
elektro-protocol-aux
RegistryBase
setInstanceResolver
elektro-protocol-aux
RegistryBase
setTokenValidator
elektro-protocol-aux
RegistryBase
setCommissionBeneficiary
elektro-protocol-aux
TokenManagerAdmin
setElektroRegistry
elektro-protocol-aux
TokenManagerAdmin
setTokenWrapper
elektro-protocol-aux
FundLock
setRegistry
elektro-protocol-aux
ElektroRegistrySetters
setFundLock
elektro-protocol-aux
ElektroRegistrySetters
postUpgradeInitialize
elektro-protocol-aux
ElektroSetters
setElektroEventEmitter
elektro-protocol
Admin is a controller level role within the Elektro Smart Contracts ecosystem. Admin role is assigned by a Governor. This role is used to modify contracts' business properties such as setting releaseLock and tradeLock and also calling initialization functions during deployment.
The following tables describe the Smart Contracts and the functions within them an Admin is able to interact with.
Smart Contract
Function
Repository
TokenManagerAdmin
setEthereumAddress
elektro-protocol-aux
TokenManagerAdmin
setWETH9Address
elektro-protocol-aux
TokenValidator
addTokensToWhitelist
elektro-protocol-aux
TokenValidator
removeTokenFromWhitelist
elektro-protocol-aux
FundLock
setReleaseLockInterval
elektro-protocol
FundLock
setTradeLockInterval
elektro-protocol
ElektroRegistry
deployElektro
elektro-protocol
Utility Account role is used for the functions execution which are called by Elektro Java Backend.
This account is assigned by Governors.
Smart Contract
Function
Repository
ElektroLedgerUpdate
updatePositions
elektro-protocol
The Elektro Contract’s role is assigned to the Elektro contract address in the Elektro Protocol.
This is not necessarily a role in the conventional sense. It is not validated by RoleManager, but validated by ElektroRegistry. We limit calls to the below functions based on Registry storage mapping which signifies if a contract has been registered as a part of the system. See isValidContract or onlyAllowedContracts modifiers.
Smart Contract
Function
Repository
TokenManagerAdmin
collectFundsToFundLock
elektro-protocol-aux
ElektroEventEmitter
emitLedgerPositionMoved
elektro-protocol
FundLock
updateBalances
elektro-protocol
All roles are trusted and expected to act correctly at all times, e.g. never making mistakes.
All other accounts & contracts: Are untrusted, should not interact with state changing functionality of the Elektro system. Contracts interact with another. These interactions are trusted. The Registry is used and trusted to keep track of the contracts belonging to the system. This is another form of access control used within the system.
The Resolver contracts of each router are assumed to be initialized correctly and trusted to return the correct address of the trusted implementation contract.