Roles
Background
Mantle LSP Smart Contracts.
Mapping
L1 Contracts
Contract | Role and Descriptions | Criticality | Assignment |
---|---|---|---|
All Contracts | DEFAULT_ADMIN_ROLE Responsible for granting and revoke roles on contracts. | Critical | MantleSecCouncil [D40f] |
VARIOUS Responsible for upgradability of all contracts. Link: AccessControlExplorer | Critical | MantleSecCouncil [D40f] | |
ORACLE_MANAGER_ROLE Modify settable properties (sanity bounds, quorum contract address). | High | MantleSecCouncil [D40f] | |
ORACLE_MODIFIER_ROLE Modify existing Oracle records. | High | MantleSecCouncil [D40f] | |
ORACLE_PENDING_UPDATE_RESOLVER_ROLE Resolve/replace pending Oracle updates. Likely requires Unpauser subsequent action. | High | MantleLSPEng [c9ff]MantleAdmin [8eB8] | |
QUORUM_MANAGER_ROLE Update properties (window size, quorum thresholds). | High | MantleSecCouncil [D40f] | |
REPORTER_MODIFIER_ROLE Change set of Service Oracle reporters. | High | MantleSecCouncil [D40f] | |
SERVICE_ORACLE_REPORTER Role given to Oracle reporters to allow report submission | Low | MultipleServices | |
PAUSER_ROLE Pause all aspects of the protocol. | Medium | MultipleServices | |
UNPAUSER_ROLE Unpause all aspects of the protocol. | High | MantleSecCouncil [D40f]MantleAdmin [8eB8] | |
AGGREGATOR_MANAGER_ROLE Set fees receiver and fees basis points. | Medium | MantleSecCouncil [D40f] | |
RECEIVER_MANAGER_ROLE Manages the Withdrawer Role. | High | MantleSecCouncil [D40f] | |
WITHDRAWER_ROLE Should only be the ReturnsAggregator[3b82] contract. Configured as a Role incase we have future upgrade, migration or recovery requirements. | High | SmartContract | |
RECEIVER_MANAGER_ROLE Manages the Withdrawer Role. | High | MantleSecCouncil [D40f] | |
WITHDRAWER_ROLE Should only be the ReturnsAggregator[3b82] contract. Configured as a Role incase we have future upgrade, migration or recovery requirements. | High | SmartContract | |
STAKING_MANAGER_ROLE Trigger administrative tasks including: mETH limit, exchangeAdjustmentRate, minStake, etc. | Medium | MantleSecCouncil [D40f] | |
ALLOCATOR_SERVICE_ROLE Allocate funds to unstake requests manager. | Low | InternalService [1447] | |
INITIATOR_SERVICE_ROLE Initiate new validators. | Low | InternalService [2046] | |
STAKING_ALLOWLIST_MANAGER_ROLE Manage Staking Allowlist. | Low | MantleLSPEng [c9ff] | |
STAKING_ALLOWLIST_ROLE Stake ETH when allowlist is enabled. | Low | Users | |
TOP_UP_ROLE Top up unallocated ETH from insurance, boosting programs, other compensation, or donations. | Low | MantleLSPEng [c9ff]MantleAdmin [8eB8] | |
MANAGER_ROLE Set properties (finalization delta blocks). | Medium | MantleSecCouncil [D40f] | |
REQUEST_CANCELLER_ROLE Cancel unfinalized requests in emergency state. | Medium | MantleSecCouncil [D40f] | |
See DEFAULT_ADMIN_ROLE above |
L2 Contracts
Contract | Role and Descriptions | Criticality | Assignment |
---|---|---|---|
All Contracts | DEFAULT_ADMIN_ROLE Responsible for granting and revoke roles on contracts. | Critical | MantleSecCouncilL2 [B105] |
VARIOUS Responsible for upgradability of all contracts. | Critical | MantleSecCouncilL2 [B105] | |
See DEFAULT_ADMIN_ROLE above |
Addresses
Signers will remain anonymous for security reasons.
Mantle Security Council
SAFE Multisig
Same security council as Mantle Network
Generally used for contract upgrades and super permissions
Likely transfer to DAO controller in the future as the protocol matures
Mantle LSP Engineering
SAFE Multisig
Generally used for manual approvals, or low criticality parameter updates.
Mantle Administrator
Hardware EOA
One of the signers of Mantle Security Council, used for fast response and in case there are issues with the Multisig Solutions.
Internal Services
Allocator:
0xC62cE6fDff7B1374971A5F6f04f4aabc464e1447
Initiator:
0x0eC6a4ed8bEa13f939A9cB7BbE1871cEe2b12046
These services need to have their private key online (Hot Wallet) for the required system performance. The private key is protected by industry standard setups such as cloudHSM and secure enclaves.
These services are provided by the Mantle LSP Core Engineering team.
Multiple Services
Pausers (Guardians):
Additional Guardians TBD
Service_Oracle_Reporter:
Note:
These services need to have their private key online (Hot Wallet) for the required system performance. The private key is protected by industry standard setups such as cloudHSM and secure enclaves.
These services are provided by a combination of the Mantle LSP Core Engineering team, and selected Third Parties.
Definitions
Criticality
Critical
The most important role.
Can change other role permissions (super admin).
Can change the protocols logic (upgrade).
High
Cannot directly access funds or modify core protocol logic.
Can collude with multiple other roles to indirectly drain funds through adjustment of risk parameters and other economic exploits.
Medium
Cannot directly or indirectly access a material amount of funds.
Can cause temporary service disruptions (until they are replaced by the administrators).
Low
Cannot directly or indirectly access any funds.
Have minimal effect on the system and bad changes can be easily fixed.
Last updated