# Roles and Permissions The following are the roles and functions the roles can call in Level v2: | Role | Users | Permissions | | --------------------- | ---------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ADMIN\_MULTISIG\_ROLE | - Admin multisig only |

StrictRolesAuthority.removeUserRole()

LevelMintingV2.removeMintableAsset()

LevelMintingV2.removeRedeemableAsset()

LevelMintingV2.removeOracle()

| | VAULT\_MINTER\_ROLE | - LevelMintingV2 contract only | `BoringVault.enter()` | | VAULT\_REDEEMER\_ROLE |

- LevelMintingV2 contract
- RewardManager contract

| `BoringVault.exit()` | | PAUSER\_ROLE |

- Admin multisig
- Operator multisig
- Hexagate gatekeepers

|

PauserGuard.pauseSelector()

PauseGuard.pauseGroup()

| | UNPAUSER\_ROLE | - Admin multisig only |

PauserGuard.unpauseSelector()

PauserGuard.unpauseGroup()

| | VAULT\_MANAGER\_ROLE |

- LevelMintingV2 contract
- RewardManager contract

|

BoringVault.manage()

BoringVault.increaseAllowance()

| | GATEKEEPER\_ROLE |

- Admin multisig
- Operator multisig
- Hexagate gatekeepers

| `LevelMintingV2.disableMintRedeem()` | | REWARDER\_ROLE | - Treasury multisig only | `RewardsManager.reward()` | | STRATEGIST\_ROLE |

- Operator multisig
- LevelMintingV2 contract
- RewardsManager contract

|

VaultManager.deposit()

VaultManager.depositDefault()

VaultManager.withdraw()

VaultManager.withdrawDefault()

| | MINTER\_ROLE | N | `LevelMintingV2.mint()` (if not public. note that on launch, `mint()` will be public) | | REDEEMER\_ROLE | N (KYC-ed external redeemers) | `LevelMintingV2.initiateRedeem()` (if not public. note that on launch, `initiateRedeem` will not be public) | #### Trusted Addresses: * *Admin Multisig* * 5/8 Gnosis Safe * All signers are cold wallets * 4 keys held by internal team members, 4 keys held externally * Team cannot sign transactions unilaterally * External signers are trusted members of the security community (ie Spearbit) * Internal team members have separate signing devices * At least two signers must validate that the transaction hashes being signed on the UI match what the wallet sees * Used to: * Upgrade contract implementations * Assign and removes roles * Adjust protocol configuration * *Operator Multisig* * 2/5 Gnosis Safe * 4/5 signers are cold wallets * All keys held by internal team members * Used to: * Manage funds custodied by the BoringVault using the VaultManager smart contract * Send excess yield to the Treasury multisig * *Treasury Multisig* * 3/4 Gnosis Safe * All signers are cold wallets * All keys held by internal team members * Used to: * Receive USDC/T yield accrued by the protocol * Mint lvlUSD using these funds and reward it to slvlUSD * Claim rewards on behalf of the BoringVault for supplying to lending protocols like Aave and Morpho * Hexagate Gatekeepers * EOA stored on AWS * Automatically run actions based off critical/high monitoring alerts from Hexagate, including: * If dollar value of lvlUSD reserves returned by LevelReserveLens dips below the dollar value of lvlUSD supply * If Hexagate detects any suspicious contracts deployed that could be potential attackers