AccessManager

The AccessManager contract governs the roles and permissions required to manage various aspects of the TermMax protocol. It is built upon OpenZeppelin's AccessControlUpgradeable and UUPSUpgradeable modules, enabling role-based access control and upgradeable smart contract functionality.

Roles and Responsibilities

1. DEFAULT_ADMIN_ROLE

Holders of the DEFAULT_ADMIN_ROLE have the highest level of control. They can:

Set Gearing Token Implementation

function setGtImplement(ITermMaxFactory factory, string memory gtImplementName, address gtImplement)
    external
    onlyRole(DEFAULT_ADMIN_ROLE)

Updates the Gearing Token implementation reference in the factory.

Create Market

function createMarket(ITermMaxFactory factory, bytes32 gtKey, MarketInitialParams calldata deployParams, uint256 salt)
    external
    onlyRole(DEFAULT_ADMIN_ROLE)

Deploys a new TermMax market.

Create Market and Whitelist

function createMarketAndWhitelist(
    ITermMaxRouter router,
    ITermMaxFactory factory,
    bytes32 gtKey,
    MarketInitialParams calldata deployParams,
    uint256 salt
) 
    external 
    onlyRole(DEFAULT_ADMIN_ROLE)

Deploys a new market and automatically whitelists it in the router.

Transfer Ownership

function transferOwnership(IOwnable entity, address to)
    external
    onlyRole(DEFAULT_ADMIN_ROLE)

Transfers ownership of an IOwnable contract to another address.

Accept Ownership

function acceptOwnership(IOwnable entity)
    external
    onlyRole(DEFAULT_ADMIN_ROLE)

Accepts ownership of an IOwnable contract once it has been transferred.

Upgrade Sub-Contract (UUPS)

function upgradeSubContract(UUPSUpgradeable proxy, address newImplementation, bytes memory data)
    external
    onlyRole(DEFAULT_ADMIN_ROLE)

Upgrades a UUPS proxy to a new implementation, optionally calling a function on the new implementation.

Set Market Whitelist

function setMarketWhitelist(ITermMaxRouter router, address market, bool isWhitelist)
    external
    onlyRole(DEFAULT_ADMIN_ROLE)

Adds or removes a market from the router’s whitelist.

Set Adapter Whitelist

function setAdapterWhitelist(ITermMaxRouter router, address adapter, bool isWhitelist)
    external
    onlyRole(DEFAULT_ADMIN_ROLE)

Manages adapter whitelisting on the router.

Set the Oracle

function setOracle(IOracle aggregator, address asset, IOracle.Oracle memory oracle)
    external
    onlyRole(DEFAULT_ADMIN_ROLE)

Associates an asset with a specific oracle feed.

Remove the Oracle

function removeOracle(IOracle aggregator, address asset)
    external
    onlyRole(DEFAULT_ADMIN_ROLE)

Removes an existing oracle mapping for an asset.

Note: The DEFAULT_ADMIN_ROLE also acts as the admin role for other roles (i.e., it can grant or revoke CONFIGURATOR_ROLE, PAUSER_ROLE, and VAULT_ROLE).

2. CONFIGURATOR_ROLE

The CONFIGURATOR_ROLE is responsible for adjusting protocol parameters:

Update Market Config

function updateMarketConfig(ITermMaxMarket market, MarketConfig calldata newConfig)
    external
    onlyRole(CONFIGURATOR_ROLE)

Adjusts key market parameters such as collateral factors, interest rates, etc.

Update Gearing Token Config

function updateGtConfig(ITermMaxMarket market, bytes memory configData)
    external
    onlyRole(CONFIGURATOR_ROLE)

Modifies configuration data specific to Gearing Tokens in a particular market.

Set Order Fee Rate

function setOrderFeeRate(ITermMaxOrder order, FeeConfig memory feeConfig)
    external
    onlyRole(CONFIGURATOR_ROLE)

Adjusts fee parameters for specific orders or order types.

3. PAUSER_ROLE

The PAUSER_ROLE allows pausing and unpausing of contracts that implement the IPausable interface:

Set Switch (Pause / Unpause)
```
function setSwitch(IPausable entity, bool state)
    external
    onlyRole(PAUSER_ROLE)
```
- If state == true, calls unpause() on the target; otherwise, calls pause().

Pausing functionality is crucial in DeFi for handling emergencies or severe market disruptions.

4. VAULT_ROLE

The VAULT_ROLE handles vault-specific administrative functions via the ITermMaxVault interface:

Submit Vault Guardian

function submitVaultGuardian(ITermMaxVault vault, address newGuardian)
    external
    onlyRole(VAULT_ROLE)

Proposes a new guardian for the vault.

Revoke Vault Pending Guardian

function revokeVaultPendingGuardian(ITermMaxVault vault)
    external
    onlyRole(VAULT_ROLE)

Cancels any pending guardian assignments.

Revoke Vault Pending Timelock

function revokeVaultPendingTimelock(ITermMaxVault vault)
    external
    onlyRole(VAULT_ROLE)

Cancels any pending timelock changes in the vault.

Revoke Vault Pending Market

function revokeVaultPendingMarket(ITermMaxVault vault, address market)
    external
    onlyRole(VAULT_ROLE)

Prevents a newly proposed market from being finalized for use within the vault.

Set Curator for Vault

function setCuratorForVault(ITermMaxVault vault, address newCurator)
    external
    onlyRole(VAULT_ROLE)

Assigns or updates the vault’s curator (user/contract with certain oversight powers).

Set Allocator for Vault

function setIsAllocatorForVault(ITermMaxVault vault, address allocator, bool isAllocator)
    external
    onlyRole(VAULT_ROLE)

Grants or revokes allocation rights within the vault.

Summary

Each TermMax role comes with specific privileges essential for the secure and efficient functioning of the protocol:

DEFAULT_ADMIN_ROLE → Master permissions: market creation, proxy upgrades, whitelisting, and system-wide ownership.
CONFIGURATOR_ROLE → Parameter tuning: market and order configurations, Gearing Token updates.
PAUSER_ROLE → Emergency on/off switch for paused contracts.
VAULT_ROLE → Specialized vault governance: guardian, curator, timelocks, and market management within the vault.

By segregating capabilities in this manner, the protocol upholds the principle of least privilege and fosters a more secure, decentralized environment.

PreviousContract NextLiquidation & Physical Delivery

Last updated 24 days ago