# Governance Ocean Finance implements a comprehensive governance and access control system designed to ensure security, operational efficiency, and proper authorization across all protocol functions. ## Access Control Architecture ![Governance & Access Control](/files/xc9ft2iKes3yfg75NhAg) ## Core Access Control Contract ### DefaultAdminAccessControl **Contract**: `DefaultAdminAccessControl.sol` **Purpose**: Centralized role-based access control system ```solidity contract DefaultAdminAccessControl is AccessControlUpgradeable { bytes32 public constant SERVICE_ROLE = keccak256("SERVICE_ROLE"); uint256 public constant ROLE_CHANGE_COOLDOWN = 1 days; mapping(bytes32 => uint256) public roleChangeTimestamps; modifier cooldownPeriod(bytes32 role) { require( block.timestamp >= roleChangeTimestamps[role] + ROLE_CHANGE_COOLDOWN, "Cooldown period not met" ); _; } } ``` ### Role Definitions #### DEFAULT\_ADMIN\_ROLE **Scope**: Ultimate administrative control **Capabilities**: * Grant and revoke all other roles * Upgrade AddressProvider contract * Configure protocol parameters * Emergency pause functions * Withdraw funds from contracts * Add/remove supported assets * Modify fee structures **Security Features**: * 24-hour cooldown period for role changes * Multi-signature requirement (recommended) * Event logging for all administrative actions #### SERVICE\_ROLE **Scope**: Operational functions **Capabilities**: * Execute strategy operations via StrategyAllocator * Fulfill redemption requests in MintingManager * Distribute yield via YieldDistributor * Manage handler approvals and operations * Update oracle prices (if authorized) **Restrictions**: * Cannot modify protocol configuration * Cannot grant/revoke roles * Cannot withdraw funds directly ### Contract-Specific Access Controls #### MintingManager Access ```solidity // Admin functions function addSupportedAsset(address asset) external onlyRole(DEFAULT_ADMIN_ROLE) function removeSupportedAsset(address asset) external onlyRole(DEFAULT_ADMIN_ROLE) function addValidMinter(address minter) external onlyRole(DEFAULT_ADMIN_ROLE) function removeValidMinter(address minter) external onlyRole(DEFAULT_ADMIN_ROLE) function pause() external onlyRole(DEFAULT_ADMIN_ROLE) // Service functions function fulfillRedeemRequest(uint256 requestId) external onlyRole(SERVICE_ROLE) // User functions (with restrictions) function mint(address asset, uint256 amount) external onlyValidMinter whenNotPaused function requestRedeem(address asset, uint256 amount) external ``` #### OCUSD Token Access ```solidity // Restricted minting functions function mint(address to, uint256 amount) external onlyMintingManager function mintRewards(address to, uint256 amount) external onlyYieldDistributor function burn(address from, uint256 amount) external onlyMintingManager // Address provider updates function updateAddressProvider(address newProvider) external onlyRole(DEFAULT_ADMIN_ROLE) ``` #### StrategyAllocator Access ```solidity // Admin functions function addHandler(address handler) external onlyRole(DEFAULT_ADMIN_ROLE) function removeHandler(address handler) external onlyRole(DEFAULT_ADMIN_ROLE) function addSupportedAsset(address asset) external onlyRole(DEFAULT_ADMIN_ROLE) function withdrawTo(address asset, address to, uint256 amount) external onlyRole(DEFAULT_ADMIN_ROLE) // Service functions function execute(address[] targets, bytes[] data) external onlyRole(SERVICE_ROLE) function approveHandler(address asset, address handler, uint256 amount) external onlyRole(SERVICE_ROLE) ``` ## Governance Actions & Procedures ### 1. Strategy Management #### Adding New Strategies ![Strategy Management - Adding New Strategies](/files/tK7IMBNcyfPGKd1HULqp) **Process**: 1. **Security Audit**: Complete security review of new handler 2. **Deployment**: Deploy handler contract with proper access controls 3. **Registration**: Add handler to StrategyAllocator whitelist 4. **Asset Support**: Add any new assets to supported lists 5. **Configuration**: Set initial allocation parameters 6. **Testing**: Perform small-scale testing before full allocation #### Removing Strategies ```solidity function removeStrategy(address handler) external onlyRole(DEFAULT_ADMIN_ROLE) { // 1. Pause new allocations to handler // 2. Withdraw all funds from handler // 3. Remove handler from whitelist strategyAllocator.removeHandler(handler); } ``` ### 2. Parameter Management #### Fee Structure Updates ```solidity // YieldDistributor fee configuration function updateFees( uint256 newProtocolFeeBps, uint256 newReserveFeeBps ) external onlyRole(DEFAULT_ADMIN_ROLE) { require(newProtocolFeeBps <= MAX_FEE_BPS, "Fee too high"); require(newReserveFeeBps <= MAX_FEE_BPS, "Fee too high"); protocolFeeBps = newProtocolFeeBps; reserveFeeBps = newReserveFeeBps; emit FeesUpdated(newProtocolFeeBps, newReserveFeeBps); } ``` #### Cooldown Period Adjustments ```solidity // StakedOCUSD cooldown management function updateCooldownPeriod(uint256 newPeriod) external onlyRole(DEFAULT_ADMIN_ROLE) { require(newPeriod <= MAX_COOLDOWN_PERIOD, "Cooldown too long"); cooldownPeriod = newPeriod; emit CooldownPeriodUpdated(newPeriod); } ``` ### 3. Oracle Management #### Price Feed Updates ```solidity // OceanOracle configuration function updatePriceFeed( address token, address newFeed, uint256 newTimeout ) external onlyRole(DEFAULT_ADMIN_ROLE) { priceFeeds[token] = AggregatorV3Interface(newFeed); priceTimeouts[token] = newTimeout; emit PriceFeedUpdated(token, newFeed, newTimeout); } ``` #### Deviation Threshold Management ```solidity function updateDeviationThreshold( address token, uint256 newThreshold ) external onlyRole(DEFAULT_ADMIN_ROLE) { deviationThresholds[token] = newThreshold; emit DeviationThresholdUpdated(token, newThreshold); } ``` ### 4. Emergency Procedures #### Protocol Pause ![Emergency Procedures - Protocol Pause](/files/Z10iDQs2RAvsQJ8yFxDL) #### Emergency Asset Recovery ```solidity function emergencyWithdraw( address asset, uint256 amount ) external onlyRole(DEFAULT_ADMIN_ROLE) { require(paused(), "Only during emergency"); IERC20(asset).safeTransfer(treasury, amount); emit EmergencyWithdrawal(asset, amount); } ``` ## Upgrade Mechanisms ### AddressProvider Upgrades **Pattern**: UUPS (Universal Upgradeable Proxy Standard) **Authority**: DEFAULT\_ADMIN\_ROLE only ```solidity function _authorizeUpgrade(address newImplementation) internal override onlyRole(DEFAULT_ADMIN_ROLE) { // Additional validation logic require(isValidImplementation(newImplementation), "Invalid implementation"); } ``` **Upgrade Process**: 1. **Proposal**: Submit upgrade proposal with new implementation 2. **Review**: Technical and security review of changes 3. **Testing**: Deploy and test on testnet 4. **Timelock**: Implement timelock delay for critical upgrades 5. **Execution**: Execute upgrade with proper authorization 6. **Verification**: Verify upgrade success and functionality ### Handler Replacement Since handlers are modular and isolated: 1. Deploy new handler contract 2. Add new handler to StrategyAllocator 3. Migrate funds from old to new handler 4. Remove old handler from whitelist 5. Update documentation and monitoring ## Security Considerations ### 1. Role Assignment Security * **Multi-signature wallets** for DEFAULT\_ADMIN\_ROLE * **Hardware security modules** for key management * **Regular key rotation** procedures * **Emergency contact protocols** ### 2. Operational Security * **Separation of duties** between admin and service roles * **Time-locked operations** for critical changes * **Monitoring and alerting** for all administrative actions * **Incident response procedures** ### 3. Smart Contract Security * **Immutable core contracts** for trust and security * **Limited upgrade scope** to AddressProvider only * **Comprehensive testing** before any changes * **Security audits** for all modifications ### 4. Governance Transparency * **Public proposal process** for major changes * **Community notification** of governance actions * **Transparent voting mechanisms** (future enhancement) * **Documentation updates** for all protocol changes ## Monitoring & Compliance ### Administrative Action Logging ```solidity event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender); event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender); event StrategyAdded(address indexed handler, address indexed asset); event StrategyRemoved(address indexed handler, address indexed asset); event ParameterUpdated(string indexed parameter, uint256 oldValue, uint256 newValue); event EmergencyAction(string indexed action, address indexed initiator); ``` ### Compliance Requirements * **Action justification** documentation * **Change management** processes * **Audit trail** maintenance * **Regulatory reporting** capabilities This comprehensive governance framework ensures Ocean Finance maintains security, transparency, and operational efficiency while enabling necessary protocol evolution and emergency response capabilities. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ocean.fi/protocol-architecture/04-protocol-architecture/governance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.