Governance

Ocean Finance implements a comprehensive governance and access control system designed to ensure security, operational efficiency, and proper authorization across all protocol functions.

Access Control Architecture

Core Access Control Contract

DefaultAdminAccessControl

Contract: DefaultAdminAccessControl.sol Purpose: Centralized role-based access control system

contract DefaultAdminAccessControl is AccessControlUpgradeable {
    bytes32 public constant SERVICE_ROLE = keccak256("SERVICE_ROLE");
    
    uint256 public constant ROLE_CHANGE_COOLDOWN = 1 days;
    
    mapping(bytes32 => uint256) public roleChangeTimestamps;
    
    modifier cooldownPeriod(bytes32 role) {
        require(
            block.timestamp >= roleChangeTimestamps[role] + ROLE_CHANGE_COOLDOWN,
            "Cooldown period not met"
        );
        _;
    }
}

Role Definitions

DEFAULT_ADMIN_ROLE

Scope: Ultimate administrative control Capabilities:

Grant and revoke all other roles
Upgrade AddressProvider contract
Configure protocol parameters
Emergency pause functions
Withdraw funds from contracts
Add/remove supported assets
Modify fee structures

Security Features:

24-hour cooldown period for role changes
Multi-signature requirement (recommended)
Event logging for all administrative actions

SERVICE_ROLE

Scope: Operational functions Capabilities:

Execute strategy operations via StrategyAllocator
Fulfill redemption requests in MintingManager
Distribute yield via YieldDistributor
Manage handler approvals and operations
Update oracle prices (if authorized)

Restrictions:

Cannot modify protocol configuration
Cannot grant/revoke roles
Cannot withdraw funds directly

Contract-Specific Access Controls

MintingManager Access

// Admin functions
function addSupportedAsset(address asset) external onlyRole(DEFAULT_ADMIN_ROLE)
function removeSupportedAsset(address asset) external onlyRole(DEFAULT_ADMIN_ROLE)
function addValidMinter(address minter) external onlyRole(DEFAULT_ADMIN_ROLE)
function removeValidMinter(address minter) external onlyRole(DEFAULT_ADMIN_ROLE)
function pause() external onlyRole(DEFAULT_ADMIN_ROLE)

// Service functions  
function fulfillRedeemRequest(uint256 requestId) external onlyRole(SERVICE_ROLE)

// User functions (with restrictions)
function mint(address asset, uint256 amount) external onlyValidMinter whenNotPaused
function requestRedeem(address asset, uint256 amount) external

OCUSD Token Access

// Restricted minting functions
function mint(address to, uint256 amount) external onlyMintingManager
function mintRewards(address to, uint256 amount) external onlyYieldDistributor
function burn(address from, uint256 amount) external onlyMintingManager

// Address provider updates
function updateAddressProvider(address newProvider) external onlyRole(DEFAULT_ADMIN_ROLE)

StrategyAllocator Access

// Admin functions
function addHandler(address handler) external onlyRole(DEFAULT_ADMIN_ROLE)
function removeHandler(address handler) external onlyRole(DEFAULT_ADMIN_ROLE)
function addSupportedAsset(address asset) external onlyRole(DEFAULT_ADMIN_ROLE)
function withdrawTo(address asset, address to, uint256 amount) external onlyRole(DEFAULT_ADMIN_ROLE)

// Service functions
function execute(address[] targets, bytes[] data) external onlyRole(SERVICE_ROLE)
function approveHandler(address asset, address handler, uint256 amount) external onlyRole(SERVICE_ROLE)

Governance Actions & Procedures

1. Strategy Management

Adding New Strategies

Process:

Security Audit: Complete security review of new handler
Deployment: Deploy handler contract with proper access controls
Registration: Add handler to StrategyAllocator whitelist
Asset Support: Add any new assets to supported lists
Configuration: Set initial allocation parameters
Testing: Perform small-scale testing before full allocation

Removing Strategies

function removeStrategy(address handler) external onlyRole(DEFAULT_ADMIN_ROLE) {
    // 1. Pause new allocations to handler
    // 2. Withdraw all funds from handler
    // 3. Remove handler from whitelist
    strategyAllocator.removeHandler(handler);
}

2. Parameter Management

Fee Structure Updates

// YieldDistributor fee configuration
function updateFees(
    uint256 newProtocolFeeBps,
    uint256 newReserveFeeBps
) external onlyRole(DEFAULT_ADMIN_ROLE) {
    require(newProtocolFeeBps <= MAX_FEE_BPS, "Fee too high");
    require(newReserveFeeBps <= MAX_FEE_BPS, "Fee too high");
    
    protocolFeeBps = newProtocolFeeBps;
    reserveFeeBps = newReserveFeeBps;
    
    emit FeesUpdated(newProtocolFeeBps, newReserveFeeBps);
}

Cooldown Period Adjustments

// StakedOCUSD cooldown management
function updateCooldownPeriod(uint256 newPeriod) external onlyRole(DEFAULT_ADMIN_ROLE) {
    require(newPeriod <= MAX_COOLDOWN_PERIOD, "Cooldown too long");
    
    cooldownPeriod = newPeriod;
    emit CooldownPeriodUpdated(newPeriod);
}

3. Oracle Management

Price Feed Updates

// OceanOracle configuration
function updatePriceFeed(
    address token,
    address newFeed,
    uint256 newTimeout
) external onlyRole(DEFAULT_ADMIN_ROLE) {
    priceFeeds[token] = AggregatorV3Interface(newFeed);
    priceTimeouts[token] = newTimeout;
    
    emit PriceFeedUpdated(token, newFeed, newTimeout);
}

Deviation Threshold Management

function updateDeviationThreshold(
    address token,
    uint256 newThreshold
) external onlyRole(DEFAULT_ADMIN_ROLE) {
    deviationThresholds[token] = newThreshold;
    emit DeviationThresholdUpdated(token, newThreshold);
}

4. Emergency Procedures

Protocol Pause

Emergency Asset Recovery

function emergencyWithdraw(
    address asset,
    uint256 amount
) external onlyRole(DEFAULT_ADMIN_ROLE) {
    require(paused(), "Only during emergency");
    
    IERC20(asset).safeTransfer(treasury, amount);
    emit EmergencyWithdrawal(asset, amount);
}

Upgrade Mechanisms

AddressProvider Upgrades

Pattern: UUPS (Universal Upgradeable Proxy Standard) Authority: DEFAULT_ADMIN_ROLE only

function _authorizeUpgrade(address newImplementation) 
    internal 
    override 
    onlyRole(DEFAULT_ADMIN_ROLE) 
{
    // Additional validation logic
    require(isValidImplementation(newImplementation), "Invalid implementation");
}

Upgrade Process:

Proposal: Submit upgrade proposal with new implementation
Review: Technical and security review of changes
Testing: Deploy and test on testnet
Timelock: Implement timelock delay for critical upgrades
Execution: Execute upgrade with proper authorization
Verification: Verify upgrade success and functionality

Handler Replacement

Since handlers are modular and isolated:

Deploy new handler contract
Add new handler to StrategyAllocator
Migrate funds from old to new handler
Remove old handler from whitelist
Update documentation and monitoring

Security Considerations

1. Role Assignment Security

Multi-signature wallets for DEFAULT_ADMIN_ROLE
Hardware security modules for key management
Regular key rotation procedures
Emergency contact protocols

2. Operational Security

Separation of duties between admin and service roles
Time-locked operations for critical changes
Monitoring and alerting for all administrative actions
Incident response procedures

3. Smart Contract Security

Immutable core contracts for trust and security
Limited upgrade scope to AddressProvider only
Comprehensive testing before any changes
Security audits for all modifications

4. Governance Transparency

Public proposal process for major changes
Community notification of governance actions
Transparent voting mechanisms (future enhancement)
Documentation updates for all protocol changes

Monitoring & Compliance

Administrative Action Logging

event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
event StrategyAdded(address indexed handler, address indexed asset);
event StrategyRemoved(address indexed handler, address indexed asset);
event ParameterUpdated(string indexed parameter, uint256 oldValue, uint256 newValue);
event EmergencyAction(string indexed action, address indexed initiator);

Compliance Requirements

Action justification documentation
Change management processes
Audit trail maintenance
Regulatory reporting capabilities

This comprehensive governance framework ensures Ocean Finance maintains security, transparency, and operational efficiency while enabling necessary protocol evolution and emergency response capabilities.

PreviousCore Contracts & Architecture NextFees

Last updated 6 months ago

hashtagAccess Control Architecture

hashtagCore Access Control Contract

hashtagDefaultAdminAccessControl

hashtagRole Definitions

hashtagDEFAULT_ADMIN_ROLE

hashtagSERVICE_ROLE

hashtagContract-Specific Access Controls

hashtagMintingManager Access

hashtagOCUSD Token Access

hashtagStrategyAllocator Access

hashtagGovernance Actions & Procedures

hashtag1. Strategy Management

hashtagAdding New Strategies

hashtagRemoving Strategies

hashtag2. Parameter Management

hashtagFee Structure Updates

hashtagCooldown Period Adjustments

hashtag3. Oracle Management

hashtagPrice Feed Updates

hashtagDeviation Threshold Management

hashtag4. Emergency Procedures

hashtagProtocol Pause

hashtagEmergency Asset Recovery

hashtagUpgrade Mechanisms

hashtagAddressProvider Upgrades

hashtagHandler Replacement

hashtagSecurity Considerations

hashtag1. Role Assignment Security

hashtag2. Operational Security

hashtag3. Smart Contract Security

hashtag4. Governance Transparency

hashtagMonitoring & Compliance

hashtagAdministrative Action Logging

hashtagCompliance Requirements