Example Access Controls Doc

Access Controls Doc for ____________ Protocol

This document describes the capabilities and scope of the elevated permissions for the __________ protocol. Each protocol should have this information public and easily found for their users. This document gives users the information they need to independently verify these capabilities.

Various Examples

Below you will find three examples with different types of protocol access controls. Pick one example that best fits your protocol and fill in the blanks and delete the other examples. Fill in the information you are willing to share publicly.

Describe the capabilities of the changes these contracts can do in simple language. Assume you are talking to an investor, not a developer. Answer how changes will affect their investments, not in terms of software or contract changes.

Example Questions: (Answer the ones relevant to your protocol):

What special actions can administrators take? 1. Pausing the system? 2. Modifying balances? 3. Whitelisting/blacklisting of tokens and/or users? 4. Upgrading a subset of the system. 5. Upgrading all of the system (which is equivalent to omnipotence). 6. Which of these actions do and do not have a time delay on them? 7. If there is a time delay, how long is that time delay? 8. How many people have administrator privileges? 9. How many of those admins must approve before some action is taken? 10. Are any administrative actions controlled by on-chain governance (ie. a DAO)? 11. Where can I stay up to date about proposed changes to the protocol?

Example 1: OnlyOwner and Immutable Contracts

The only role in this protocol is OnlyOwner. All contracts are deployed by the same address 0x___________.

The keys to this address are held by ___________. [Enter PRIVATE INFO or real name and/or Telegram/Discord handle]

No deployed contracts can be upgraded. OnlyOwner does not have the ability to change any aspects of the contracts.

Capabilities

As these contracts are immutable, no changes can be made at any time by anyone. These contracts last forever.

Example 2: OnlyOwner and Upgradable Contracts

The only role in this protocol is OnlyOwner. The following contracts; _______________ are deployed by the address 0x___________.

The following contracts; _______________ are deployed by the address 0x___________. The keys to this contract were burned/renounced at transaction 0x_______________

The keys to this address are held by ___________. [Enter PRIVATE INFO or real name and/or Telegram/Discord handle]

Capabilities

The following constants can be changed by the admin. These changes can affect the investments _____________.

If contracts are updated then it can affect investments ______________________.

The reason for this centralized architecture is the following ___________________. We plan to change to ______________ in the future.

Example 3: OnlyOwner MultiSig and Upgradable Contracts

The only role in this protocol is OnlyOwner. All contracts are deployed by the same address 0x___________.

The keys to this address are held by the multisig at 0x_____________. This is a GnosisSafe. Details of the safe are ____________[Describe as much as appropriate]_________

Most contracts in this protocol can be upgraded.

Capabilities

The following constants can be changed by the mutisig. These changes can affect the investments _____________.

If contracts are updated then it can affect investments ______________________.

The DAO managing this multisig is https://___________________.

All changes are requested by the DAO. The records of the requested changes are visible at ____________

Example 4: Multi-Role, MultiSig and Upgradable Contracts

This protocol has multiple roles (implemented using OpenZeppelin Access Roles.

The active roles are; ___role1_________, ___role2____ and ___role3______.

The keys to __role1__ are held by the multisig at 0x_____________. This is a GnosisSafe. Details of the safe are ____________[Describe as much as appropriate]_________

The keys to __role2__ are held by the multisig at 0x_____________. This is a GnosisSafe. Details of the safe are ____________[Describe as much as appropriate]_________

The keys to __role3__ are held by the multisig at 0x_____________. This is a GnosisSafe. Details of the safe are ____________[Describe as much as appropriate]_________

Capabilties

The role of __role1__ is overall to ____. Specifically it triggers functions ________, __________ in contract ___________. The role of __role2__ is overall to ____. Specifically it triggers functions ________, __________ in contract ___________. The role of __role3__ is overall to ____. Specifically it triggers functions ________, __________ in contract ___________. The DAO managing this multisig is https://___________________.

All changes are requested by the DAO. The records of the requested changes are visible at ____________

Pause Capability

This protocol can pause trading of ______Describe capability___________ though the actions of contract 0x_________________. This contract is controlled by Multisig 0x______________ which requires a _ of __ addresses to trigger.

The pause capability is fire drill tested every __________ months. The records of each fire drill is available at ______________. NOTE: The “fire drill” should have a 3rd party trigger a request for fire drill. The drill records the duration of time between the request and the successful opening of the multisig DeFiSafety can offer this capability.