Roles and Permissions

The following are the roles and functions the roles can call in Level v2:

Role

Users

Permissions

ADMIN_MULTISIG_ROLE

- Admin multisig only

StrictRolesAuthority.removeUserRole() LevelMintingV2.removeMintableAsset() LevelMintingV2.removeRedeemableAsset() LevelMintingV2.removeOracle()

VAULT_MINTER_ROLE

- LevelMintingV2 contract only

BoringVault.enter()

VAULT_REDEEMER_ROLE

- LevelMintingV2 contract - RewardManager contract

BoringVault.exit()

PAUSER_ROLE

- Admin multisig - Operator multisig - Hexagate gatekeepers

PauserGuard.pauseSelector() PauseGuard.pauseGroup()

UNPAUSER_ROLE

- Admin multisig only

PauserGuard.unpauseSelector() PauserGuard.unpauseGroup()

VAULT_MANAGER_ROLE

- LevelMintingV2 contract - RewardManager contract

BoringVault.manage() BoringVault.increaseAllowance()

GATEKEEPER_ROLE

- Admin multisig - Operator multisig - Hexagate gatekeepers

LevelMintingV2.disableMintRedeem()

REWARDER_ROLE

- Treasury multisig only

RewardsManager.reward()

STRATEGIST_ROLE

- Operator multisig - LevelMintingV2 contract - RewardsManager contract

VaultManager.deposit() VaultManager.depositDefault() VaultManager.withdraw() VaultManager.withdrawDefault()

MINTER_ROLE

LevelMintingV2.mint() (if not public. note that on launch, mint() will be public)

REDEEMER_ROLE

N (KYC-ed external redeemers)

LevelMintingV2.initiateRedeem() (if not public. note that on launch, initiateRedeem will not be public)

Trusted Addresses:

Admin Multisig
- 5/8 Gnosis Safe
  - All signers are cold wallets
- 4 keys held by internal team members, 4 keys held externally
  - Team cannot sign transactions unilaterally
  - External signers are trusted members of the security community (ie Spearbit)
- Internal team members have separate signing devices
  - At least two signers must validate that the transaction hashes being signed on the UI match what the wallet sees
- Used to:
  - Upgrade contract implementations
  - Assign and removes roles
  - Adjust protocol configuration
Operator Multisig
- 2/5 Gnosis Safe
  - 4/5 signers are cold wallets
- All keys held by internal team members
- Used to:
  - Manage funds custodied by the BoringVault using the VaultManager smart contract
  - Send excess yield to the Treasury multisig
Treasury Multisig
- 3/4 Gnosis Safe
  - All signers are cold wallets
- All keys held by internal team members
- Used to:
  - Receive USDC/T yield accrued by the protocol
  - Mint lvlUSD using these funds and reward it to slvlUSD
  - Claim rewards on behalf of the BoringVault for supplying to lending protocols like Aave and Morpho
Hexagate Gatekeepers
- EOA stored on AWS
- Automatically run actions based off critical/high monitoring alerts from Hexagate, including:
  - If dollar value of lvlUSD reserves returned by LevelReserveLens dips below the dollar value of lvlUSD supply
  - If Hexagate detects any suspicious contracts deployed that could be potential attackers

PreviousContract Details NextHow to Get lvlUSD

Last updated 22 days ago

Roles and Permissions

The following are the roles and functions the roles can call in Level v2:

Role

Users

Permissions

ADMIN_MULTISIG_ROLE

- Admin multisig only

StrictRolesAuthority.removeUserRole() LevelMintingV2.removeMintableAsset() LevelMintingV2.removeRedeemableAsset() LevelMintingV2.removeOracle()

VAULT_MINTER_ROLE

- LevelMintingV2 contract only

BoringVault.enter()

VAULT_REDEEMER_ROLE

- LevelMintingV2 contract - RewardManager contract

BoringVault.exit()

PAUSER_ROLE

- Admin multisig - Operator multisig - Hexagate gatekeepers

PauserGuard.pauseSelector() PauseGuard.pauseGroup()

UNPAUSER_ROLE

- Admin multisig only

PauserGuard.unpauseSelector() PauserGuard.unpauseGroup()

VAULT_MANAGER_ROLE

- LevelMintingV2 contract - RewardManager contract

BoringVault.manage() BoringVault.increaseAllowance()

GATEKEEPER_ROLE

- Admin multisig - Operator multisig - Hexagate gatekeepers

LevelMintingV2.disableMintRedeem()

REWARDER_ROLE

- Treasury multisig only

RewardsManager.reward()

STRATEGIST_ROLE

- Operator multisig - LevelMintingV2 contract - RewardsManager contract

VaultManager.deposit() VaultManager.depositDefault() VaultManager.withdraw() VaultManager.withdrawDefault()

MINTER_ROLE

LevelMintingV2.mint() (if not public. note that on launch, mint() will be public)

REDEEMER_ROLE

N (KYC-ed external redeemers)

LevelMintingV2.initiateRedeem() (if not public. note that on launch, initiateRedeem will not be public)

Trusted Addresses:

Admin Multisig
- 5/8 Gnosis Safe
  - All signers are cold wallets
- 4 keys held by internal team members, 4 keys held externally
  - Team cannot sign transactions unilaterally
  - External signers are trusted members of the security community (ie Spearbit)
- Internal team members have separate signing devices
  - At least two signers must validate that the transaction hashes being signed on the UI match what the wallet sees
- Used to:
  - Upgrade contract implementations
  - Assign and removes roles
  - Adjust protocol configuration
Operator Multisig
- 2/5 Gnosis Safe
  - 4/5 signers are cold wallets
- All keys held by internal team members
- Used to:
  - Manage funds custodied by the BoringVault using the VaultManager smart contract
  - Send excess yield to the Treasury multisig
Treasury Multisig
- 3/4 Gnosis Safe
  - All signers are cold wallets
- All keys held by internal team members
- Used to:
  - Receive USDC/T yield accrued by the protocol
  - Mint lvlUSD using these funds and reward it to slvlUSD
  - Claim rewards on behalf of the BoringVault for supplying to lending protocols like Aave and Morpho
Hexagate Gatekeepers
- EOA stored on AWS
- Automatically run actions based off critical/high monitoring alerts from Hexagate, including:
  - If dollar value of lvlUSD reserves returned by LevelReserveLens dips below the dollar value of lvlUSD supply
  - If Hexagate detects any suspicious contracts deployed that could be potential attackers

PreviousContract Details NextHow to Get lvlUSD

Last updated 22 days ago