# [BIP XXX] Roles V2 Migration & New Treasury Permissions # Abstract This proposal aims to roll out an updated version of the Zodiac Roles Modifier module. The new version improves usability and transparency of treasury management operations. Upon approval, the Roles Modifier v2 module will be activated. Furthermore, this proposal requests authorization from the DAO to revise the permissions policy. A notable change includes enabling swapping actions on CoW Swap while the other permissions primarily focus on eliminating obsolete actions and protocols, and refining parameters within the existing permissions. # Roles v2 Migration ## Motivation The Zodiac Roles Modifier facilitates karpatkey’s proxy management of the treasury by ensuring that only pre-approved transactions, defined by the permissions policy voted on by the DAO, can be executed. In collaboration with karpatkey, the Gnosis Guild team has significantly upgraded the Zodiac Roles Modifier module and the Zodiac Roles app. These enhancements have resulted in a more powerful and robust on-chain permissions infrastructure with the following improvements: * **Introduction of Allowances**: Implementation of spending limits within permissions. * **Enhanced Call Data Scoping Toolset**: This toolset considerably broadens the range of functions that can have permissions set, increasing flexibility. * **Advanced Logical Conditions**: Allows for the creation of complex permissions structures to accommodate sophisticated operational needs. * **Compatibility with [DeFi Kit](https://kit.karpatkey.com/)**: This feature integrates with karpatkey’s permissions policy building module, facilitating the straightforward crafting of protocol actions. * **Improved Visualisation and User Interface**: the new [Zodiac Roles app UI](https://roles.gnosisguild.org/) not only displays permissions clearly but also provides a user-friendly interface to compare changes in each policy update, enhancing transparency and simplifying audits. For more detailed information, please refer to the following resources: * **Documentation**: [The Zodiac Roles Modifier](https://docs.roles.gnosisguild.org/) * **Articles**: [Evolving Smart Accounts with Onchain Permissions](https://gnosisguild.mirror.xyz/oQcy_c62huwNkFS0cMIxXwQzrfG0ESQax8EBc_tWwwk), [Permissions as code](https://engineering.gnosisguild.org/posts/permissions-as-code) ## Contract Audits The Zodiac Roles Modifier v2 contract has been rigorously audited by G0 Group, the internal auditing team of Gnosis DAO, and by [Omniscia](https://omniscia.io/). The detailed audit reports are available for review [here](https://github.com/gnosisguild/zodiac-modifier-roles/tree/main/packages/evm/docs). # Changes to the Permissions Policy This proposal outlines the following modifications to the permissions policy: * **Token Arrays for Swapping**: * Considering the tokens involved in the existing permissions, we have updated the token arrays to ensure they can be seamlessly swapped across the various whitelisted protocols and aggregators. * **Token IN Allowlist**: [WBTC, DAI, USDT, stkAAVE, AAVE, COMP, rETH, SWISE, wstETH, WETH, USDC, stETH]. * **Token OUT Allowlist**: [WBTC, DAI, USDT, rETH, wstETH, WETH, USDC, stETH]. * The above arrays are to be utilized for swapping on CoW Swap, with equivalent lists replicated for Uniswap v3 and Balancer. * **Introduction of CoW Swap**([diff](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false#right-0x23da9ade38e4477b23770ded512fd37b12381fab)): * Addition of a **CoW Swap Order signer** to enable gas-minimized and MEV-protected swaps. This includes an extensive set of aggregated exchange routes, improving the efficiency and effectiveness of required swaps. * Tokens will be swapped on CoW Swap according to the token IN/OUT allowlists mentioned above. * **Deprecations and Removals**: * **Uniswap v2**([diff](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false#left-0x68b3465833fb72a70ecdf485e0e4c7bd8665fc45-0x472b43f3)): Removed due to insufficient liquidity in v2 pools. * **Sushiswap**([diff](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false#left-0x5550d13389bb70f45fcef58f19f6b6e87f6e747d)): Removed due to insufficient liquidity in Sushiswap pools. * **Stakewise v2**: Deprecated functions related to deposit ([diff](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false#left-0xc874b064f465bdd6411d45734b56fac750cda29a)) and claim ([diff](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false#left-0xa3f21010e8b9a3930996c8849df38f9ca3647c20)) functions in light of the recent launch of Stakewise v3. * **Compound v2** ([diff](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false#left-0x3d9819210a31b4961b30ef54be2aed79b9c9cd3b-0x1c3db2e0)): Discontinued all actions targeting v2 contracts and v2 cTokens (cUSDC, cDAI and cAAVE) due to the ongoing transition of the protocol to its v3. * **Revocation of Existing/Obsolete Allowances:** All existing and outdated allowances previously set by the treasury are revoked (set to zero). The ability to call the corresponding approve functions is included in the newly proposed policy. Accordingly, the payload contains a bundle of transactions to revoke these allowances. * **Updates**: * **AAVE Delegation:** Delegation function update for AAVE ([diff](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false#right-0x7fc66500c84a76ad7e9c93437bfc5ac33e2ddae9-0xdc937e1c)) and stkAAVE ([diff](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false#right-0x4da27a545c0c5b758a6ba100e3a049001de870f5-0xdc937e1c)) tokens. Very similar to the delegate function, with the added option of delegation type. * **Uniswap v3** ([diff](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false#right-0x68b3465833fb72a70ecdf485e0e4c7bd8665fc45-0x04e45aaf)) **and Balancer** ([diff](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false#right-0xba12222222228d8ba445958a75a0704d566bf2c8)): Adjusted to allow the mentioned token IN/OUT allowlists. * **Lido Withdrawals** ([diff](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false#right-0x889edc2edab5f40e902b864ad4d7ade8e412f9b1)): Enhanced to include new withdrawal methods using permits for both wstETH and stETH; methods include "requestWithdrawalsWstETHWithPermit" and "requestWithdrawalsWithPermit". * **Uniswap v3 WBTC / ETH LP (NFT Id 430246)** actions updated ([diff](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false#left-0xc36442b4a4522e871399cd717abdd847ab11fe88)): * Increase Liquidity * Refund ETH when Increasing Liquidity. # Audit Considerations We highly value the community’s involvement in reviewing and providing feedback on this proposal. We encourage members with the necessary technical expertise to examine the content carefully (including this [payload](https://gist.github.com/JeronimoHoulin/848a514985f0f3a1003b4ecfe403cffa)) and share their insights with us. For effective testing of the permissions policy configuration, we have utilized a [Testing Avatar Safe](https://app.safe.global/balances?safe=eth:0xC01318baB7ee1f5ba734172bF7718b5DC6Ec90E1). This safe mirrors the current state of the [permissions policy v3](https://docs.google.com/document/d/1QQjkn6DAqXhdqYag0KSIfqJvdkLilOb6dM4KqaiybXc/) granted by the DAO treasury (or Avatar SAFE) to the Manager SAFE operated by karpatkey. The enhancements in the Zodiac Roles app interface now allow for a clear visualization of all existing permissions, accessible [here](https://roles.gnosisguild.org/eth:0xbd1099dfd3c11b65fb4bb19a350da2f5b61efb0d/roles/BALANCER-MANAGER-V1). The updated interface also simplifies the process of identifying [changes](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false) by displaying the current permissions policy on the left side and the newly proposed policy on the right side. To further aid in the adoption and understanding of these tools for audit purposes, we have detailed the proposed changes in [version 4 documentation](https://docs.google.com/document/d/1tEeXMJXsz48MKxiST1rmAHT7Pwr0H1fhnoPBo4y24A4/), following our standard Policy Update Request (PUR) format. # Additional considerations ## Roles Modifier v1 and Enabling of v2 The existing Roles Modifier v1 module will remain active to ensure a smooth transition and prevent any unexpected disruptions in operational execution. Ownership of the deployed [Roles Modifier v2 module](https://etherscan.io/address/0x13c61a25DB73e7a94a244bD2205aDba8b4a60F4a), equipped with the new proposed permissions policy, has been [transferred ](https://etherscan.io/tx/0xfca048b5f788c502c8e1aba7a386d4a228622abd582b77497ec6d71d4a549891)to the treasury’s Avatar Safe. The payload will only activate this module, marking the first phase of the migration process. A subsequent policy update proposal will seek to disable the v1 module. ## Policy Visualization in Terms of DeFi Kit Actions The “show annotations” button, located at the top-right [here](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false), provides a visualization of the proposed permissions policy expressed through the DeFi Kit Protocol Actions. This feature offers a more abstract and simplified description of the policy, enhancing understanding and accessibility. --- # Auditing Steps ## Current Permissions Policy * [Link 1](https://docs.google.com/document/d/1QQjkn6DAqXhdqYag0KSIfqJvdkLilOb6dM4KqaiybXc): Current Permissions Policy v3 (PP v3). * [Link 2](https://app.safe.global/apps/open?safe=eth:0x0efccbb9e2c09ea29551879bd9da32362b32fc89&appUrl=https%3A%2F%2Fzodiac.gnosisguild.org%2F): PP v3 currently deployed in the Roles v1 module as displayed in the Zodiac app (navigate to "edit roles", toggle the roles, review target contracts). * [Link 3](https://roles.gnosisguild.org/eth:0xbd1099dfd3c11b65fb4bb19a350da2f5b61efb0d/roles/BALANCER-MANAGER-V1): Same policy as Link 2, but deployed in a Roles v2 module. First auditing step: Verify that the permissions in Link 3 match those in Link 2. ## Comparison of Current Permissions Policy vs New Proposed Policy * [Link 4](https://roles.gnosisguild.org/eth:0xBd1099dFD3c11b65FB4BB19A350da2f5B61Efb0d/roles/BALANCER-MANAGER-V1/diff/iTJ1ur6sArvnFgJ87Auppx8FrtbLMt68HnRmpVc?annotations=false): Comparison of the current policy (left) vs. the new proposed policy (right). Second auditing step: * Assess the newly added permissions in the proposed policy (highlighted in green on the right). * Review the revoked permissions from the old policy (highlighted in red on the left). * Examine the updated or modified permissions (indicated in blue on both sides). Detailed descriptions of the changes in the permissions policy are available here (Link: “Changes in the Permission Policy”). ## Enabling Roles v2 by the DAO Treasury * Ownership of the [Roles Modifier v2 module](https://etherscan.io/address/0x13c61a25DB73e7a94a244bD2205aDba8b4a60F4a), equipped with the new proposed permissions policy, has been [transferred](https://etherscan.io/tx/0xfca048b5f788c502c8e1aba7a386d4a228622abd582b77497ec6d71d4a549891) to the DAO Treasury. * [Link 5](https://roles.gnosisguild.org/eth:0x13c61a25DB73e7a94a244bD2205aDba8b4a60F4a/roles/MANAGER): The new permissions policy deployed in the Roles v2 module. Third auditing step: Verify that the new proposed policy is consistent with the policy in Roles v1 (as per Link 4, right side) and with the policy in Roles v2 (Link 5). # Future Audits * Future audits will require only the "Current Permissions Policy vs. New Proposed Policy" step. * Changes in policies will be assessed by identifying which [DeFi Kit actions](https://kit.karpatkey.com/learn/protocols) are added or removed, streamlining the process by bypassing the analysis of individual permissions.
Last changed by  
karpatkey
29

Read more

[BIP XXX] Claim Extra Safe Airdrop

https://github.com/BalancerMaxis/multisig-ops/pull/920

4/25/2024
Self Audit: [BIP-XXX] Permissions Preset Update Request #2 (Revised version of BIP-442)

This is an attempt into improved transparency and efficiency for preset update requests. It aims to make payloads readable and summarize the most relevant information for stakeholders to quickly be able to understand proposed changes.

11/7/2023
Self Audit: [ENS] - PUR #3 - New ETH-Neutral Strategies

This is an attempt into improved transparency and efficiency for preset update requests. It aims to make payloads readable and summarize the most relevant information for stakeholders to quickly be able to understand proposed changes.

11/1/2023
Read more from karpatkey
Published on HackMD