Access Control Manager
Last updated
Was this helpful?
Last updated
Was this helpful?
The Access Control List Manager (ACLManager) is the main registry of system roles and permissions.
The Nexus Protocol implements an access control list to segregate powers and/or benefits that can be allocated to different entities on the protocol. The ACL_MANAGER contract is managed by the contract.
ACLManager keeps track of the individual roles and its holders, and allows a Role Admin to manage roles. Role Admin is itself a role that is managed by the DEFAULT_ADMIN_ROLE.
The DEFAULT_ADMIN_ROLE is held by the , and should be initialized in the beforehand.
The source code is available on GitHub.
Below we outline the responsibilities/powers of the roles and the specific methods that are only accessible to the holders of these roles.
The role has a few direct responsibilities and can primarily access specific features of the protocol, while ADMIN roles have the power and responsibility to handle risk or configuration parameters.
Holders of this role will have the premium on flash loans waived (this does not include the simple flash loan).
Methods Accessible:
:
Holders of this role can:
Update asset oracle sources and the fallback oracle.
Add new assets to the Nexus market.
Methods Accessible:
Holders of this role can:
Update the grace period of Oracle Sentinels.
Update reserve parameters such as reserve factor, caps, borrowing enabled, freeze/unfreeze, LTV, liquidation threshold, liquidation bonus (cannot pause/unpause or activate/deactivate a reserve).
Update unbacked mint cap and liquidation protocol fee.
Methods Accessible:
Holders of this role manage the role admins in the ACLManager. The DEFAULT_ADMIN_ROLE is held by the ACL_ADMIN, and should be initialized in the PoolAddressesProvider beforehand.
Methods Accessible:
Holders of this role can pause and unpause the pool or an individual reserve.
Methods Accessible:
setReservePause()
setPoolPause()
setReserveActive()
setReserveFreeze()
Holders of this role can update token implementations, drop, (un)pause and (de)activate reserves, update premiums along with everything the ASSET_LISTING_ADMIN and RISK_ADMIN can do.
All deployers have resigned their POOL_ADMIN roles.
Methods Accessible:
All methods accessible to ASSET_LISTING_ADMIN.
All methods accessible to RISK_ADMIN.
ZToken:
rescueTokens()
Pool:
rescueTokens()
IncentivizedERC20:
setIncentivesController()
PoolConfigurator:
dropReserve()
updateZToken()
updateVariableDebtToken()
setReserveActive()
updateBridgeProtocolFee()
updateFlashloanPremiumTotal()
updateFlashloanPremiumToProtocol()
setAssetBorrowableInEMode()
setReserveInterestRateData()
setReserveInterestRateStrategyAddress()
PriceOracleSentinel:
setSequencerOracle()
Sets the role as admin of a specific role. By default, the adminRole for all roles is DEFAULT_ADMIN_ROLE.
This method can only be called by an address with DEFAULT_ADMIN_ROLE.
Input Parameters:
role
bytes32
The role to be managed by the admin role - keccak256 hash of one of the following: POOL_ADMIN, EMERGENCY_ADMIN, RISK_ADMIN, FLASH_BORROWER, BRIDGE, ASSET_LISTING_ADMIN
adminRole
bytes32
The admin role. 0x00 is reserved for the DEFAULT_ADMIN_ROLE
Adds a new admin as Pool Admin. The address is added to the list of members with the POOL_ADMIN role. Holders of this role can update token implementations, drop, (un)pause and (de)activate reserves, update premiums and do everything the ASSET_LISTING_ADMIN and RISK_ADMIN can do.
This method can only be called by the Role Admin, specified by Nexus Governance, responsible for managing the POOL_ADMIN role.
Input Parameters:
admin
address
The address which will be granted the POOL_ADMIN role
Removes an admin as Pool Admin. The given address is removed from the list of members with the POOL_ADMIN role.
This method can only be called by the Role Admin, specified by Nexus Governance, responsible for managing the POOL_ADMIN role.
Input Parameters:
admin
address
The address for which the POOL_ADMIN role permissions will be removed
Adds a new admin as an Emergency Admin. The address is added to the list of members with the EMERGENCY_ADMIN role. Holders of this role can pause and unpause the pool or an individual reserve.
This method can only be called by the Role Admin, specified by Nexus Governance, responsible for managing the EMERGENCY_ADMIN role.
Input Parameters:
admin
address
The address which will be granted the EMERGENCY_ADMIN role
Removes an admin as Emergency Admin. The given address is removed from the list of members with the EMERGENCY_ADMIN role.
This method can only be called by the Role Admin, specified by Nexus Governance, responsible for managing the EMERGENCY_ADMIN role.
Input Parameters:
admin
address
The address for which the EMERGENCY_ADMIN role permissions will be removed
Adds a new admin as a Risk Admin. The address is added to the list of members with the RISK_ADMIN role. Holders of this role can update grace period of Oracle Sentinels, reserve params, unbacked mint cap, liquidation fee and eMode categories.
Input Parameters:
admin
address
The address which will be granted the RISK_ADMIN role
Input Parameters:
admin
address
The address for which the RISK_ADMIN role permissions will be removed
Adds a new borrower address as Flash Borrower. The address is added to the list of members with the FLASH_BORROWER role. Holders of this role do not pay premium for flash loan (does not apply to flashLoanSimple).
Input Parameters:
borrower
address
The address which will be granted the FLASH_BORROWER role
Removes an admin as Flash Borrower. The given borrower address is removed from the list of members with the FLASH_BORROWER role.
Input Parameters:
borrower
address
The address for which the FLASH_BORROWER role permissions will be removed
Adds a new admin as Asset Listing Admin. The address is added to the list of members with the ASSET_LISTING_ADMIN role. Holder of this role can update oracles and add new assets to the Nexus market.
Input Parameters:
admin
address
The address which will be granted ASSET_LISTING_ADMIN role
Removes an admin as Asset Listing Admin. The given address is removed from the list of members with the ASSET_LISTING_ADMIN role.
Input Parameters:
admin
address
The address for which ASSET_LISTING_ADMIN role permissions will be removed
Returns true if the address has the POOL_ADMIN role, false otherwise.
Input Parameters:
admin
address
The address to check
Return Values:
bool
true if the given address is POOL_ADMIN, false otherwise
Returns true if the address has the EMERGENCY_ADMIN role, false otherwise.
Input Parameters:
admin
address
The address to check
Return Values:
bool
true if the given address is EMERGENCY_ADMIN, false otherwise
Returns true if the address has the RISK_ADMIN role, false otherwise.
Input Parameters:
admin
address
The address to check
Return Values:
bool
true if the given address is RISK_ADMIN, false otherwise
Returns true if the address has the FLASH_BORROWER role, false otherwise.
Input Parameters:
borrower
address
The address to check
Return Values:
bool
true if the given address is FLASH_BORROWER, false otherwise
Returns true if the address has the ASSET_LISTING_ADMIN role, false otherwise.
Input Parameters:
admin
address
The address to check
Return Values:
bool
true if the given address is ASSET_LISTING_ADMIN, false otherwise
:
:
:
:
:
:
Removes an admin as Risk Admin. The given address is removed from the list of members with the role.