Vaults are managed by partners using several key admin roles:
SYS_ADMIN: wallet responsible for contract administration and other role attribution
FEE_MANAGER: wallet responsible for changing the end user fee, the split between multiple recipients, and for claiming the commission.
SANCTIONS_MANAGER: wallet responsible for enabling the OFAC sanctioned wallet check.
CLAIM_MANGER: wallet responsible for claiming additional rewards from the lending protocols
PAUSER: wallet responsible for pausing all interaction with vault contracts, managed by Kiln as a security failsafe
UNPAUSER: waller responsible for unpausing the contract
It is recommended to have multi-sig wallets for these roles with a strong quorum security.
NOTE: You can only have 1 wallet assigned as SYS_ADMIN, but multiple wallets assigned to all other roles.
Kiln DeFi vaults follow the beacon proxy pattern where all vaults fetch their implementation address from a VaultUpgradeableBeacon smart contract.
This is administered by 4 roles:
PROXY_ADMIN: a multisig quorum between Kiln and third parties responsible for attributing the below roles
PAUSER: a wallet responsible for pausing all interaction with vault contracts, managed by Kiln as a security failsafe
FREEZER: a multisig quorum between Kiln and third parties responsible for freezing Vault implementation (to make it non-upgradeable)
IMPLEMENTATION_MANAGER: a multisig quorum between Kiln and third parties responsible for upgrading Vault implementations
Kiln DeFi Connectors also follow the beacon proxy pattern where each connector implementation address is fetched from a ConnectorRegistry contract.
This is administered by 4 roles:
ADMIN: a multisig quorum between Kiln and third parties responsible for attributing the below roles
PAUSER: a wallet responsible for pausing all interaction with connector contracts, managed by Kiln as a security failsafe
FREEZER: a multisig quorum between Kiln and third parties responsible for freezing connector implementations (to make some of them non-upgradeable)
CONNECTOR_MANAGER: a multisig quorum between Kiln and third parties responsible for upgrading connectors implementation