Roles and Permissions
The following are the roles and functions the roles can call in Level v2:
ADMIN_MULTISIG_ROLE
- Admin multisig only
StrictRolesAuthority.removeUserRole()
LevelMintingV2.removeMintableAsset()
LevelMintingV2.removeRedeemableAsset()
LevelMintingV2.removeOracle()
VAULT_MINTER_ROLE
- LevelMintingV2 contract only
BoringVault.enter()
VAULT_REDEEMER_ROLE
- LevelMintingV2 contract - RewardManager contract
BoringVault.exit()
PAUSER_ROLE
- Admin multisig - Operator multisig - Hexagate gatekeepers
PauserGuard.pauseSelector()
PauseGuard.pauseGroup()
UNPAUSER_ROLE
- Admin multisig only
PauserGuard.unpauseSelector()
PauserGuard.unpauseGroup()
VAULT_MANAGER_ROLE
- LevelMintingV2 contract - RewardManager contract
BoringVault.manage()
BoringVault.increaseAllowance()
GATEKEEPER_ROLE
- Admin multisig - Operator multisig - Hexagate gatekeepers
LevelMintingV2.disableMintRedeem()
REWARDER_ROLE
- Treasury multisig only
RewardsManager.reward()
STRATEGIST_ROLE
- Operator multisig - LevelMintingV2 contract - RewardsManager contract
VaultManager.deposit()
VaultManager.depositDefault()
VaultManager.withdraw()
VaultManager.withdrawDefault()
MINTER_ROLE
N
LevelMintingV2.mint()
(if not public. note that on launch, mint()
will be public)
REDEEMER_ROLE
N (KYC-ed external redeemers)
LevelMintingV2.initiateRedeem()
(if not public. note that on launch, initiateRedeem
will not be public)
Trusted Addresses:
Admin Multisig
5/8 Gnosis Safe
All signers are cold wallets
4 keys held by internal team members, 4 keys held externally
Team cannot sign transactions unilaterally
External signers are trusted members of the security community (ie Spearbit)
Internal team members have separate signing devices
At least two signers must validate that the transaction hashes being signed on the UI match what the wallet sees
Used to:
Upgrade contract implementations
Assign and removes roles
Adjust protocol configuration
Operator Multisig
2/5 Gnosis Safe
4/5 signers are cold wallets
All keys held by internal team members
Used to:
Manage funds custodied by the BoringVault using the VaultManager smart contract
Send excess yield to the Treasury multisig
Treasury Multisig
3/4 Gnosis Safe
All signers are cold wallets
All keys held by internal team members
Used to:
Receive USDC/T yield accrued by the protocol
Mint lvlUSD using these funds and reward it to slvlUSD
Claim rewards on behalf of the BoringVault for supplying to lending protocols like Aave and Morpho
Hexagate Gatekeepers
EOA stored on AWS
Automatically run actions based off critical/high monitoring alerts from Hexagate, including:
If dollar value of lvlUSD reserves returned by LevelReserveLens dips below the dollar value of lvlUSD supply
If Hexagate detects any suspicious contracts deployed that could be potential attackers
Last updated