Spool Docs
Search
K

Access Controls

Spool Ownership

The Master Spool Owner (The Spool DAO) can change the Spool (Vault) its owner, the Spool (Vault) owner themselves can also transfer ownership.
The Master Spool owner is the Spool DAO, by design it can transfer Spool (Vault) ownership to another address. There are multiple reasons for this. Most importantly to remove a bad actor as a Spool (Vault) owner (e.g. a Spool (Vault) owner could add vault incentive rewards that reverted, effectively bricking the Spool (Vault)).

Code Access Controls

In order for the Spool Ecosystem to work there's a subset of roles and owners that can alter state and hold certain privileges. A list of these access controls is compiled below:

Role: spoolOwner (Spool DAO)

Who controls this role?
The Spool DAO Multisignature Wallet, which acts exclusively on the conclusion of Snapshot Votes.
Spool DAO Multisignature Wallet: 0x4e736b96920a0f305022CBaAea493Ce7e49Eee6C
  • The on-chain execution of Snapshot votes will be implemented.
  • This is the most powerful role in the Spool Ecosystem and as such should be the most protected.
  • These actions are not called often.
  • spoolOwnerinherits permissions of vaultOwner.
Which actions can this role take?
  • Controller.sol
    • addStrategy: Add (new) Strategies (addresses) to the Spool Ecosystem
    • setEmergencyWithdrawer: Set the address(es) that can call the emergency withdraw function
    • setEmergencyRecipient: Set the address to which funds are sent to if emergencyWithdraw is called. If this is not set, it defaults to the emergencyWithdrawer
    • pause: Emergency pause of the Spool Ecosystem
    • unPause: Unpause the Spool Ecosystem after emergency pause
  • FeeHandler.sol
    • setEcosystemFee: Set the Ecosystem Fee charged on profits generated once a user withdraws funds from a Spool (Vault), this Ecosystem Fee is limited to 20%, hard coded
    • setTreasuryFee: Set the Treasury Fee charged on profits generated once a user withdraws funds from a Spool (Vault), this Treasury Fee is limited to 10%, hard coded
    • setEcosystemCollector: Set the address Ecosystem fees will be attributed to
    • setTreasuryCollector: Set the address Treasury Fees will be attributed to
  • RiskProviderRegistry.sol
    • addProvider: Add a Risk Model Provider (address) to the Risk Provider Registry that users can choose from when creating a Spool (Vault)
    • removeProvider: Remove a Risk Provider(address) from the Risk Provider Registry
  • SpoolBase.sol (Part of Spool.sol)
    • setAllocationProvider: Set the address that can set the allocation of funds in relation to an individual Spool (Vault) its chosen Risk Provider Scores and Risk Appetite scores
    • setDoHardWorker: Add a HardWorker(address) to the HardWorker whitelist
    • setForceOneTxDoHardWork: Set flag to force DoHardWork to be executed in a single transaction instead of multiple
    • setLogReallocationProportions: Exists solely for debugging purposes. When Spool reallocates, a server will first simulate this call while setting this to true to get data to support underlying Spool infrastructure.
    • setAwaitingEmergencyWithdraw: Fail safe function to assist with emergency withdraw functions
  • RewardDrip.sol (Part of Vault.sol)
    • updatePeriodFinish: Sets the ending time for incentive tokens
    • claimFinishedRewards: Send unclaimed reward tokens, when the incentive period has finished send unclaimed reward tokens to Spool DAO (address)
    • forceRemoveReward: Forcibly remove a reward in the case of a malicious reward token and add to blacklist
    • addToken: Add an incentive token to an existing Spool (Vault)
    • notifyRewardAmount: Sets or increases reward token amount and duration
  • VaultBase.sol (Part of Vault.sol)
    • updateName: Update the user-given name of a user-created Spool (Vault) (e.g. for profanity)
    • transferVaultOwner: Transfers ownership from the current user (address) of a user-created Spool (Vault) to a new user (address). We are of the opinion this should never be used. However, it is a requirement for certain real world entities to participate in the Spool Ecosystem

Role: emergencyRecipient

Who controls this role?
Address set with setEmergencyRecipient. Can only be set by spoolOwner role.
Which actions can this role take?
  • Receives funds when removeStrategyAndWithdraw is called
  • Receives funds when emergencyWithdraw is called

Role: emergencyWithdrawer

Who controls this role?
Address set with setEmergencyWithdrawer. Can only be set by spoolOwner role. Currently a 3/15 multisignature wallet with signatures spread across various time zones.
Emergency Withdrawer Multisignature Wallet: 0x7f183806982b7875Bb722249Fe98FB79e36110E9
Which actions can this role take?
  • Controller.sol
    • removeStrategyAndWithdraw: Combines the two below mentioned functions into a single call
    • removeStrategy: Blacklists a strategy from the Spool Ecosystem
    • emergencyWithdraw: Removes all funds from the specified strategy and sends funds to Spool DAO Multisignature wallet
    • runDisableStrategy: Helper function for emergency withdraw edge cases

Role: AllocationProvider

Who controls this role?
Address set with setAllocationProvider. Can only be set by spoolOwner role. Currently a 3/5 multisignature wallet.
Allocation Provider Multisignature Wallet: 0x45a63Dac48c17A744ab51F583649C295E3641752
Which actions can this role take?
  • SpoolReallocation.sol
    • reallocateVaults: Set allocation of funds in relation to an individual Spool (Vault) its chosen Risk Provider Scores and Risk Appetite Setting

Role: VaultOwner

Who controls this role?
The creator/user (address) of one or multiple Spools (Vaults).
Which actions can this role take?
  • RewardDrip.sol
    • addToken: Adds an incentive token to a user-owned Spool (Vault) in order to reward users (addresses) that interact with said Spool (Vault)
    • notifyRewardAmount: Sets or increases reward token amount and duration
    • removeReward: Allows a Spool (Vault) owner (address) to remove a previously added reward token they have added to incentivize users to interact with their Spool (Vault). Can only be called after the reward duration has finished
  • VaultBase.sol (Part of Vault.sol)
    • transferVaultOwner: Allows a Spool (Vault) owner (address) to transfer ownership of their created Spool (Vault) to another address

Role: DoHardWorker

Who controls this role?
A whitelisted address tasked with executing predefined, expensive actions needed for the Spool Ecosystem to perform efficiently. Currently a 3/5 multisignature wallet.
DoHardWorker Multisignature Wallet: 0x8D650Be8c0c2F9aeB56392f439AB53f87D417cBd
Which actions can this role take?
  • spoolDoHardWork.sol
    • batchDoHardWork:
      • Deposits pending deposits, after delta calculations, into selected strategies
      • Withdraws pending withdraws, after delta calculations, from selected strategies
      • Claims, swaps, and compounds external protocol/strategy reward tokens
    • batchDoHardWorkReallocation:
      • All of the actions in batchDoHardWork, plus:
        • Reallocates funds across strategies to fall in line with the amalgamated Spool allocations in relation to individual Spool (Vault) selected Risk scores and Risk Appetite