Governance

Ocean Finance implements a comprehensive governance and access control system designed to ensure security, operational efficiency, and proper authorization across all protocol functions.

Access Control Architecture

Core Access Control Contract

DefaultAdminAccessControl

Contract: DefaultAdminAccessControl.sol Purpose: Centralized role-based access control system

contract DefaultAdminAccessControl is AccessControlUpgradeable {
    bytes32 public constant SERVICE_ROLE = keccak256("SERVICE_ROLE");
    
    uint256 public constant ROLE_CHANGE_COOLDOWN = 1 days;
    
    mapping(bytes32 => uint256) public roleChangeTimestamps;
    
    modifier cooldownPeriod(bytes32 role) {
        require(
            block.timestamp >= roleChangeTimestamps[role] + ROLE_CHANGE_COOLDOWN,
            "Cooldown period not met"
        );
        _;
    }
}

Role Definitions

DEFAULT_ADMIN_ROLE

Scope: Ultimate administrative control Capabilities:

  • Grant and revoke all other roles

  • Upgrade AddressProvider contract

  • Configure protocol parameters

  • Emergency pause functions

  • Withdraw funds from contracts

  • Add/remove supported assets

  • Modify fee structures

Security Features:

  • 24-hour cooldown period for role changes

  • Multi-signature requirement (recommended)

  • Event logging for all administrative actions

SERVICE_ROLE

Scope: Operational functions Capabilities:

  • Execute strategy operations via StrategyAllocator

  • Fulfill redemption requests in MintingManager

  • Distribute yield via YieldDistributor

  • Manage handler approvals and operations

  • Update oracle prices (if authorized)

Restrictions:

  • Cannot modify protocol configuration

  • Cannot grant/revoke roles

  • Cannot withdraw funds directly

Contract-Specific Access Controls

MintingManager Access

// Admin functions
function addSupportedAsset(address asset) external onlyRole(DEFAULT_ADMIN_ROLE)
function removeSupportedAsset(address asset) external onlyRole(DEFAULT_ADMIN_ROLE)
function addValidMinter(address minter) external onlyRole(DEFAULT_ADMIN_ROLE)
function removeValidMinter(address minter) external onlyRole(DEFAULT_ADMIN_ROLE)
function pause() external onlyRole(DEFAULT_ADMIN_ROLE)

// Service functions  
function fulfillRedeemRequest(uint256 requestId) external onlyRole(SERVICE_ROLE)

// User functions (with restrictions)
function mint(address asset, uint256 amount) external onlyValidMinter whenNotPaused
function requestRedeem(address asset, uint256 amount) external

OCUSD Token Access

// Restricted minting functions
function mint(address to, uint256 amount) external onlyMintingManager
function mintRewards(address to, uint256 amount) external onlyYieldDistributor
function burn(address from, uint256 amount) external onlyMintingManager

// Address provider updates
function updateAddressProvider(address newProvider) external onlyRole(DEFAULT_ADMIN_ROLE)

StrategyAllocator Access

// Admin functions
function addHandler(address handler) external onlyRole(DEFAULT_ADMIN_ROLE)
function removeHandler(address handler) external onlyRole(DEFAULT_ADMIN_ROLE)
function addSupportedAsset(address asset) external onlyRole(DEFAULT_ADMIN_ROLE)
function withdrawTo(address asset, address to, uint256 amount) external onlyRole(DEFAULT_ADMIN_ROLE)

// Service functions
function execute(address[] targets, bytes[] data) external onlyRole(SERVICE_ROLE)
function approveHandler(address asset, address handler, uint256 amount) external onlyRole(SERVICE_ROLE)

Governance Actions & Procedures

1. Strategy Management

Adding New Strategies

sequenceDiagram
    participant Gov as Governance
    participant SA as StrategyAllocator
    participant Handler as New Handler
    participant Audit as Security Audit

    Gov->>Audit: Request security audit
    Audit-->>Gov: Audit report
    Gov->>Handler: Deploy new handler
    Gov->>SA: addHandler(handlerAddress)
    Gov->>SA: addSupportedAsset(newAsset)
    Gov->>Handler: Configure initial parameters

Process:

  1. Security Audit: Complete security review of new handler

  2. Deployment: Deploy handler contract with proper access controls

  3. Registration: Add handler to StrategyAllocator whitelist

  4. Asset Support: Add any new assets to supported lists

  5. Configuration: Set initial allocation parameters

  6. Testing: Perform small-scale testing before full allocation

Removing Strategies

function removeStrategy(address handler) external onlyRole(DEFAULT_ADMIN_ROLE) {
    // 1. Pause new allocations to handler
    // 2. Withdraw all funds from handler
    // 3. Remove handler from whitelist
    strategyAllocator.removeHandler(handler);
}

2. Parameter Management

Fee Structure Updates

// YieldDistributor fee configuration
function updateFees(
    uint256 newProtocolFeeBps,
    uint256 newReserveFeeBps
) external onlyRole(DEFAULT_ADMIN_ROLE) {
    require(newProtocolFeeBps <= MAX_FEE_BPS, "Fee too high");
    require(newReserveFeeBps <= MAX_FEE_BPS, "Fee too high");
    
    protocolFeeBps = newProtocolFeeBps;
    reserveFeeBps = newReserveFeeBps;
    
    emit FeesUpdated(newProtocolFeeBps, newReserveFeeBps);
}

Cooldown Period Adjustments

// StakedOCUSD cooldown management
function updateCooldownPeriod(uint256 newPeriod) external onlyRole(DEFAULT_ADMIN_ROLE) {
    require(newPeriod <= MAX_COOLDOWN_PERIOD, "Cooldown too long");
    
    cooldownPeriod = newPeriod;
    emit CooldownPeriodUpdated(newPeriod);
}

3. Oracle Management

Price Feed Updates

// OceanOracle configuration
function updatePriceFeed(
    address token,
    address newFeed,
    uint256 newTimeout
) external onlyRole(DEFAULT_ADMIN_ROLE) {
    priceFeeds[token] = AggregatorV3Interface(newFeed);
    priceTimeouts[token] = newTimeout;
    
    emit PriceFeedUpdated(token, newFeed, newTimeout);
}

Deviation Threshold Management

function updateDeviationThreshold(
    address token,
    uint256 newThreshold
) external onlyRole(DEFAULT_ADMIN_ROLE) {
    deviationThresholds[token] = newThreshold;
    emit DeviationThresholdUpdated(token, newThreshold);
}

4. Emergency Procedures

Protocol Pause

Emergency Asset Recovery

function emergencyWithdraw(
    address asset,
    uint256 amount
) external onlyRole(DEFAULT_ADMIN_ROLE) {
    require(paused(), "Only during emergency");
    
    IERC20(asset).safeTransfer(treasury, amount);
    emit EmergencyWithdrawal(asset, amount);
}

Upgrade Mechanisms

AddressProvider Upgrades

Pattern: UUPS (Universal Upgradeable Proxy Standard) Authority: DEFAULT_ADMIN_ROLE only

function _authorizeUpgrade(address newImplementation) 
    internal 
    override 
    onlyRole(DEFAULT_ADMIN_ROLE) 
{
    // Additional validation logic
    require(isValidImplementation(newImplementation), "Invalid implementation");
}

Upgrade Process:

  1. Proposal: Submit upgrade proposal with new implementation

  2. Review: Technical and security review of changes

  3. Testing: Deploy and test on testnet

  4. Timelock: Implement timelock delay for critical upgrades

  5. Execution: Execute upgrade with proper authorization

  6. Verification: Verify upgrade success and functionality

Handler Replacement

Since handlers are modular and isolated:

  1. Deploy new handler contract

  2. Add new handler to StrategyAllocator

  3. Migrate funds from old to new handler

  4. Remove old handler from whitelist

  5. Update documentation and monitoring

Security Considerations

1. Role Assignment Security

  • Multi-signature wallets for DEFAULT_ADMIN_ROLE

  • Hardware security modules for key management

  • Regular key rotation procedures

  • Emergency contact protocols

2. Operational Security

  • Separation of duties between admin and service roles

  • Time-locked operations for critical changes

  • Monitoring and alerting for all administrative actions

  • Incident response procedures

3. Smart Contract Security

  • Immutable core contracts for trust and security

  • Limited upgrade scope to AddressProvider only

  • Comprehensive testing before any changes

  • Security audits for all modifications

4. Governance Transparency

  • Public proposal process for major changes

  • Community notification of governance actions

  • Transparent voting mechanisms (future enhancement)

  • Documentation updates for all protocol changes

Monitoring & Compliance

Administrative Action Logging

event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
event StrategyAdded(address indexed handler, address indexed asset);
event StrategyRemoved(address indexed handler, address indexed asset);
event ParameterUpdated(string indexed parameter, uint256 oldValue, uint256 newValue);
event EmergencyAction(string indexed action, address indexed initiator);

Compliance Requirements

  • Action justification documentation

  • Change management processes

  • Audit trail maintenance

  • Regulatory reporting capabilities

This comprehensive governance framework ensures Ocean Finance maintains security, transparency, and operational efficiency while enabling necessary protocol evolution and emergency response capabilities.

PreviousCore Contracts & ArchitectureNextFees

Last updated