Roles and Permissions

The following are the roles and functions the roles can call in Level v2:

Role

Users

Permissions

ADMIN_MULTISIG_ROLE

- Admin multisig only

StrictRolesAuthority.removeUserRole() LevelMintingV2.removeMintableAsset() LevelMintingV2.removeRedeemableAsset() LevelMintingV2.removeOracle()

VAULT_MINTER_ROLE

- LevelMintingV2 contract only

BoringVault.enter()

VAULT_REDEEMER_ROLE

- LevelMintingV2 contract - RewardManager contract

BoringVault.exit()

PAUSER_ROLE

- Admin multisig - Operator multisig - Hexagate gatekeepers

PauserGuard.pauseSelector() PauseGuard.pauseGroup()

UNPAUSER_ROLE

- Admin multisig only

PauserGuard.unpauseSelector() PauserGuard.unpauseGroup()

VAULT_MANAGER_ROLE

- LevelMintingV2 contract - RewardManager contract

BoringVault.manage() BoringVault.increaseAllowance()

GATEKEEPER_ROLE

- Admin multisig - Operator multisig - Hexagate gatekeepers

LevelMintingV2.disableMintRedeem()

REWARDER_ROLE

- Treasury multisig only

RewardsManager.reward()

STRATEGIST_ROLE

- Operator multisig - LevelMintingV2 contract - RewardsManager contract

VaultManager.deposit() VaultManager.depositDefault() VaultManager.withdraw() VaultManager.withdrawDefault()

MINTER_ROLE

LevelMintingV2.mint() (if not public. note that on launch, mint() will be public)

REDEEMER_ROLE

N (KYC-ed external redeemers)

LevelMintingV2.initiateRedeem() (if not public. note that on launch, initiateRedeem will not be public)

Trusted Addresses:

Admin Multisig
- 5/8 Gnosis Safe
  - All signers are cold wallets
- 4 keys held by internal team members, 4 keys held externally
  - Team cannot sign transactions unilaterally
  - External signers are trusted members of the security community (ie Spearbit)
- Internal team members have separate signing devices
  - At least two signers must validate that the transaction hashes being signed on the UI match what the wallet sees
- Used to:
  - Upgrade contract implementations
  - Assign and removes roles
  - Adjust protocol configuration
Operator Multisig
- 2/5 Gnosis Safe
  - 4/5 signers are cold wallets
- All keys held by internal team members
- Used to:
  - Manage funds custodied by the BoringVault using the VaultManager smart contract
  - Send excess yield to the Treasury multisig
Treasury Multisig
- 3/4 Gnosis Safe
  - All signers are cold wallets
- All keys held by internal team members
- Used to:
  - Receive USDC/T yield accrued by the protocol
  - Mint lvlUSD using these funds and reward it to slvlUSD
  - Claim rewards on behalf of the BoringVault for supplying to lending protocols like Aave and Morpho
Hexagate Gatekeepers
- EOA stored on AWS
- Automatically run actions based off critical/high monitoring alerts from Hexagate, including:
  - If dollar value of lvlUSD reserves returned by LevelReserveLens dips below the dollar value of lvlUSD supply
  - If Hexagate detects any suspicious contracts deployed that could be potential attackers

PreviousContract Details NextHow to Get lvlUSD

Last updated 6 days ago

Roles and Permissions

The following are the roles and functions the roles can call in Level v2:

Role

Users

Permissions

ADMIN_MULTISIG_ROLE

- Admin multisig only

StrictRolesAuthority.removeUserRole() LevelMintingV2.removeMintableAsset() LevelMintingV2.removeRedeemableAsset() LevelMintingV2.removeOracle()

VAULT_MINTER_ROLE

- LevelMintingV2 contract only

BoringVault.enter()

VAULT_REDEEMER_ROLE

- LevelMintingV2 contract - RewardManager contract

BoringVault.exit()

PAUSER_ROLE

- Admin multisig - Operator multisig - Hexagate gatekeepers

PauserGuard.pauseSelector() PauseGuard.pauseGroup()

UNPAUSER_ROLE

- Admin multisig only

PauserGuard.unpauseSelector() PauserGuard.unpauseGroup()

VAULT_MANAGER_ROLE

- LevelMintingV2 contract - RewardManager contract

BoringVault.manage() BoringVault.increaseAllowance()

GATEKEEPER_ROLE

- Admin multisig - Operator multisig - Hexagate gatekeepers

LevelMintingV2.disableMintRedeem()

REWARDER_ROLE

- Treasury multisig only

RewardsManager.reward()

STRATEGIST_ROLE

- Operator multisig - LevelMintingV2 contract - RewardsManager contract

VaultManager.deposit() VaultManager.depositDefault() VaultManager.withdraw() VaultManager.withdrawDefault()

MINTER_ROLE

LevelMintingV2.mint() (if not public. note that on launch, mint() will be public)

REDEEMER_ROLE

N (KYC-ed external redeemers)

LevelMintingV2.initiateRedeem() (if not public. note that on launch, initiateRedeem will not be public)

Trusted Addresses:

Admin Multisig
- 5/8 Gnosis Safe
  - All signers are cold wallets
- 4 keys held by internal team members, 4 keys held externally
  - Team cannot sign transactions unilaterally
  - External signers are trusted members of the security community (ie Spearbit)
- Internal team members have separate signing devices
  - At least two signers must validate that the transaction hashes being signed on the UI match what the wallet sees
- Used to:
  - Upgrade contract implementations
  - Assign and removes roles
  - Adjust protocol configuration
Operator Multisig
- 2/5 Gnosis Safe
  - 4/5 signers are cold wallets
- All keys held by internal team members
- Used to:
  - Manage funds custodied by the BoringVault using the VaultManager smart contract
  - Send excess yield to the Treasury multisig
Treasury Multisig
- 3/4 Gnosis Safe
  - All signers are cold wallets
- All keys held by internal team members
- Used to:
  - Receive USDC/T yield accrued by the protocol
  - Mint lvlUSD using these funds and reward it to slvlUSD
  - Claim rewards on behalf of the BoringVault for supplying to lending protocols like Aave and Morpho
Hexagate Gatekeepers
- EOA stored on AWS
- Automatically run actions based off critical/high monitoring alerts from Hexagate, including:
  - If dollar value of lvlUSD reserves returned by LevelReserveLens dips below the dollar value of lvlUSD supply
  - If Hexagate detects any suspicious contracts deployed that could be potential attackers

PreviousContract Details NextHow to Get lvlUSD

Last updated 6 days ago