The protocol contains various permissions held in multi-sigs, and is potentially upgradeable in the future to timelocks or even governance contracts. At launch, the protocol team believes that the right balance between speed in resolving any issue found in the wild and security for end users is by utilizing a multi-sig to upgrade the contracts with no time delay. Time delays allow attackers to evaluate the fix (potentially identifying a vulnerability) and make less sense in the context of a protocol that holds and locks assets for long periods of time.

Protocol Permissions

• ALLOWLISTER_ROLE The holder of this role can create new call option markets and new multi-vaults
• PAUSER_ROLE the holder of this role can pause the protocol at the protocol level
• VAULT_UPGRADER the holder of this role can upgrade the implementation pointed to by the vault beacons
• CALL_UPGRADER the holder of this role can upgrade the implementation pointed to by the call instrument beacon
• MARKET_CONF the holder of this role can make changes to the market configurations on any call option instrument
• COLLECTION_CONF the holder of this role can make changes to collection configurations on the protocol level. These configurations may be referenced by any vault (or, technically, any call option) which supports a specific ERC-721 contract address