Access control management is crucial for securing onchain operations, where remote teams or token holders control assets and smart contracts. In remote environments, managing who has access to which type of functionalities is critical to ensure security and effectiveness.
Over the past years, onchain tools have evolved to facilitate advanced access control functions on par with their Web2 and institutional counterparts. This Blog introduces practices and tools for managing onchain access control for teams, DAOs, and networks.
This Blog is part of a series of Web3 Financial Operations guides and case studies produced by FinOps3. Explore all FinOps3 tools and content on the FinOps3 Platform.
Due to Web3's programmability, the depth and span of functions that can be called are vast. Because some of these functions can have a significant impact, such as pausing a smart contract or increasing the supply of a token, teams often decide to delegate control of all their smart contracts through a single or handful of Token voting systems or multi-signature Safe {Wallets}.
While multi-signature Safes have proven reliable tools for managing smart contracts and tokens, the process has a downside. To ensure the multi-signature members operate in line with the organization's mandate, highly reputable individuals are invited to participate in the multi-signature Safe, and a relatively high threshold (often a majority) for accepting a transaction is set.
As a result, individuals who are already very busy must coordinate around each transaction, leading to a costly and often slow process. With teams frequently split between different time zones, these multi-signature wallet transactions can take anywhere from a couple of hours to a few days.
With transactions (related to, for example, a security bug) requiring near-instant changes, many teams have created a separate multi-signature Safe that can pause specific smart contracts. This allows them to react quickly in an emergency but scatters the control of an organization/ protocol.
With the launch of new tools such as spending limits and Zodiac Roles, various levels of access control in a safe environment can now be managed. These tools allow for programmable and gradual control of many elements of the Safe.
Examples include setting a spending limit per multi-sig signer, which they can freely send over given periods, perfect for small team payments, or providing asset management rights to a third party while ensuring they can't send the assets out of the Safe.
We'll further explore these solutions below.
In the Settings tab of your Safe {Wallet}, it’s possible to create spending limits. Select the beneficiary (which address will receive the ability to spend), specify which token and the amount, and finally, over which period the limit will reset.
The spending limit is created once you've defined the above and confirmed the transaction in Safe. At any point, you can cancel the spending limit through a Safe transaction by heading to the Modules tab under Settings and removing the specific AllowanceModule.
Zodiac Roles is a Safe App that provides the ability to create and manage custom roles that give third-party addresses the ability to act on behalf of a Safe {Wallet} or smart account. By creating a Roles mod contract, a third party can manage any contract function and parameter change without needing approval from the Safe {Wallet} signers.
The Zodiac Roles allow for advanced access control set-ups such as the DeFi Kit by Karpatkey, which streamlines DeFi engagements for Treasuries managed by third parties. While the functionality is nearly endless, some coding is required to create and operate through Zodiac Roles.
Do you want to use Zodiac Roles but lack the technical capacity? Good news! The team behind Zodiac Roles is currently developing a simple interface for creating and managing roles in a Safe. We will update this article as soon as the new Roles functions are live.
FinOps3 is a platform and knowledge hub for Safe-powered on-chain finance. It aims to accelerate the adoption and retention of Treasury Managers and Financial Operators in the Safe Ecosystem by providing resources and guidance that make setting up and running a Treasury Management System powered by Safe easy and rewarding.