TermMax Roles

This document outlines the various roles defined in the TermMax protocol, their responsibilities, and the specific functions each role controls.

Core Roles for Access Control

1. Default Admin (`DEFAULT_ADMIN_ROLE`)

Description: The highest administrative role with privileges to manage other roles and system-critical operations.Controlled Functions:

Gearing Token (GT)

Set Gearing Token Implementation

// AccessManager.sol
function setGtImplement(ITermMaxFactory factory, string memory gtImplementName, address gtImplement)
        external
        onlyRole(DEFAULT_ADMIN_ROLE)

Updates the Gearing Token implementation reference in the factory.

Market

Create and deploy new markets

// AccessManager.sol
function createMarket(
        ITermMaxFactory factory,
        bytes32 gtKey,
        MarketInitialParams calldata deployParams,
        uint256 salt
    ) external onlyRole(DEFAULT_ADMIN_ROLE) returns (address market)

Deploys new markets

Ownership

Transfer ownership of an contract

// AccessManager.sol
function transferOwnership(IOwnable entity, address to) external onlyRole(DEFAULT_ADMIN_ROLE)

Transfers ownership of ownable contracts

Accept ownership of an contract

// AccessManager.sol
function acceptOwnership(IOwnable entity) external onlyRole(DEFAULT_ADMIN_ROLE)

Accepts ownership of contracts

Upgradability

Upgrade contracts

// AccessManager.sol
function upgradeSubContract(UUPSUpgradeable proxy, address newImplementation, bytes memory data)
        external
        onlyRole(DEFAULT_ADMIN_ROLE)

Upgrades proxies using UUPS pattern

Contract Integration

Whitelist external adapters for contract integrations

// AccessManager.sol
function setAdapterWhitelist(ITermMaxRouter router, address adapter, bool isWhitelist)
        external
        onlyRole(DEFAULT_ADMIN_ROLE)

Controls which swap adapters are allowed

Oracles

Update oracle source for an asset

// AccessManager.sol
function submitPendingOracle(IOracle aggregator, address asset, IOracle.Oracle memory oracle)
        external
        onlyRole(DEFAULT_ADMIN_ROLE)

Submits new oracles

Accept new submitted oracle source for an asset

// AccessManager.sol
function acceptPendingOracle(IOracle aggregator, address asset) external onlyRole(DEFAULT_ADMIN_ROLE)

Accepts pending oracles

2. Pauser (`PAUSER_ROLE`)

Description: Role with permissions to pause/unpause contracts as a safety measure during emergencies.Controlled Functions:

Pause or Unpause a pausable contract

// AccessManager.sol
function setSwitch(IPausable entity, bool state) external onlyRole(PAUSER_ROLE)

Pauses or unpauses protocol functionalities

3. Configurator (`CONFIGURATOR_ROLE`)

Description: Role with permissions to configure aspects of the system such as market parameters and fee settings.Controlled Functions:

Update market config including treasury address and fee configs

// AccessManager.sol
function updateMarketConfig(ITermMaxMarket market, MarketConfig calldata newConfig)
        external
        onlyRole(CONFIGURATOR_ROLE)

Updates market configuration

Update Gearing Token (GT) config to set collateral capacity

// AccessManager.sol
function updateGtConfig(ITermMaxMarket market, bytes memory configData) external onlyRole(CONFIGURATOR_ROLE)

Updates Gearing Token configuration

Update fee rate of an specific order

// AccessManager.sol
function updateOrderFeeRate(ITermMaxMarket market, ITermMaxOrder order, FeeConfig memory feeConfig)
        external
        onlyRole(CONFIGURATOR_ROLE)

Updates fee rates for orders

4. Vault Admin (`VAULT_ROLE`)

Description: Role with specific permissions to manage vaults.Controlled Functions:

Submit a new guaridan to a vault for apending apprvoval

// AccessManager.sol
function submitVaultGuardian(ITermMaxVault vault, address newGuardian) external onlyRole(VAULT_ROLE)

Revoke the pending guradian of a vault

// AccessManager.sol
function revokeVaultPendingGuardian(ITermMaxVault vault) external onlyRole(VAULT_ROLE)

Revoke the pending timelock settings of a vault

// AccessManager.sol
function revokeVaultPendingTimelock(ITermMaxVault vault) external onlyRole(VAULT_ROLE)

Revoke the pending market to be whitelisted of a vault

// AccessManager.sol
function revokeVaultPendingMarket(ITermMaxVault vault, address market) external onlyRole(VAULT_ROLE)

Set and update curator to a vault

// AccessManager.sol
function setCuratorForVault(ITermMaxVault vault, address newCurator) external onlyRole(VAULT_ROLE)

Set and whitelist allocators of a vault

// AccessManager.sol
function setIsAllocatorForVault(ITermMaxVault vault, address allocator, bool isAllocator)
        external
        onlyRole(VAULT_ROLE)

Vault-Specific Roles

Curator

Description: Role responsible for managing vault market relationships and parameters.Controlled Functions:

Create an order under the vault

// TermMaxVault.sol
function createOrder(ITermMaxMarket market, uint256 maxSupply, uint256 initialReserve, CurveCuts memory curveCuts)
        external
        onlyCuratorRole
        marketIsWhitelisted(address(market))
        whenNotPaused
        returns (ITermMaxOrder order)

Update multiple orders including the rates and supplies

// TermMaxVault.sol
function updateOrders(
        ITermMaxOrder[] memory orders,
        int256[] memory changes,
        uint256[] memory maxSupplies,
        CurveCuts[] memory curveCuts
    ) external onlyCuratorRole whenNotPaused

Redeem Fixed-Rate Tokens (FT) of the order after maturity

function redeemOrder(ITermMaxOrder order) external onlyCuratorRole

Withdraw the performance fee

// TermMaxVault.sol
function withdrawPerformanceFee(address recipient, uint256 amount)
        external
        nonReentrant
        whenNotPaused
        onlyCuratorRole

Submit a new timelock to be accepted after the original timelock

// TermMaxVault.sol
function submitTimelock(uint256 newTimelock) external onlyCuratorRole

Set and update the capacity of the vault

// TermMaxVault.sol
function setCapacity(uint256 newCapacity) external onlyCuratorRole

Submit the new performance fee rate to be accepted after timelock

// TermMaxVault.sol
function submitPerformanceFeeRate(uint184 newPerformanceFeeRate) external onlyCuratorRole

Submit and whitelist a new market to be accepted after timelock

// TermMaxVault.sol
function submitMarket(address market, bool isWhitelisted) external onlyCuratorRole

All allocator functions (acts as a super-allocator)

Guardian

Description: A protective role for vaults with permissions to approve or prevent sensitive operations.Controlled Functions:

Revoke the new submitted timelock

// TermMaxVault.sol
function revokePendingTimelock() external onlyGuardianRole

Revoke the new submitted guradian

// TermMaxVault.sol
function revokePendingGuardian() external onlyGuardianRole

Revoke the new submitted market to be whitelisted

// TermMaxVault.sol
function revokePendingMarket(address market) external onlyGuardianRole

Revoke the new submitted performance fee

// TermMaxVault.sol
function revokePendingPerformanceFeeRate() external onlyGuardianRole

Allocator

Description: Role responsible for managing funds allocation within vaults.Controlled Functions:

Update the order of supply queue

// TermMaxVault.sol
function updateSupplyQueue(uint256[] memory indexes) external onlyAllocatorRole

Update the order of withdraw queue

// TermMaxVault.sol
function updateWithdrawQueue(uint256[] memory indexes) external onlyAllocatorRole

Architecture

PreviousContract NextContract Upgrade

Last updated 10 months ago

hashtagCore Roles for Access Control

hashtag1. Default Admin (DEFAULT_ADMIN_ROLE)

hashtagGearing Token (GT)

hashtagMarket

hashtagOwnership

hashtagUpgradability

hashtagContract Integration

hashtagOracles

hashtag2. Pauser (PAUSER_ROLE)

hashtag3. Configurator (CONFIGURATOR_ROLE)

hashtag4. Vault Admin (VAULT_ROLE)

hashtagVault-Specific Roles

hashtagCurator

hashtagGuardian

hashtagAllocator

hashtagArchitecture