search
Ctrlk

Access Control

All Strike contracts that use role-based access control inherit OpenZeppelin's AccessControl, except PythResolver which uses a simpler custom ownership model.

hashtag
Roles Overview

Role
Defined In
Granted To
Purpose

DEFAULT_ADMIN_ROLE

All AccessControl contracts

Deployer EOA

Can grant/revoke any role

OPERATOR_ROLE

OrderBook

BatchAuction, MarketFactory

Manage markets and settle orders

PROTOCOL_ROLE

Vault

OrderBook, BatchAuction, Redemption

Lock/unlock/transfer collateral

MINTER_ROLE

OutcomeToken

BatchAuction, Redemption

Mint and burn outcome tokens

ESCROW_ROLE

OutcomeToken

BatchAuction

Burn escrowed sell-order tokens on fill via burnEscrow()

ADMIN_ROLE

MarketFactory

PythResolver

Manage market state transitions

hashtag
Role Definitions

hashtag
DEFAULT_ADMIN_ROLE (all contracts)

bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;

Held by the deployer EOA. Can call grantRole and revokeRole on any role. This is the OpenZeppelin default admin role that governs all other roles.

hashtag
OPERATOR_ROLE (OrderBook)

bytes32 public constant OPERATOR_ROLE = keccak256("OPERATOR_ROLE");

Grants access to:

  • registerMarket(minLots, batchInterval, expiryTime) -- create a new trading market

  • haltMarket(marketId) / resumeMarket(marketId) -- pause/resume trading

  • deactivateMarket(marketId) -- permanently close a market

  • reduceOrderLots(orderId, lotsToReduce) -- remove filled lots from an order

  • updateTreeVolume(marketId, side, tick, delta) -- adjust segment tree after fills

  • advanceBatch(marketId) -- increment the batch counter

Granted to BatchAuction (settlement operations) and MarketFactory (market lifecycle).

hashtag
PROTOCOL_ROLE (Vault)

Grants access to:

  • lock(user, amount) -- lock collateral for open orders

  • unlock(user, amount) -- unlock collateral on cancel/prune

  • transferCollateral(from, to, amount) -- move locked funds between accounts

  • settleFill(user, marketId, toPool, feeCollector, protocolFee, unlockAmount) -- combined settlement

  • addToMarketPool(user, marketId, amount) -- move funds into redemption pool

  • redeemFromPool(marketId, to, amount) -- pay out from redemption pool

Granted to OrderBook (lock/unlock on order placement/cancel), BatchAuction (settlement), and Redemption (payout from pool).

hashtag
MINTER_ROLE (OutcomeToken)

Grants access to:

  • mintPair(to, marketId, amount) -- mint YES + NO token pair

  • mintSingle(to, marketId, amount, isYes) -- mint a single outcome token

  • burnPair(from, marketId, amount) -- burn YES + NO token pair

  • redeem(from, marketId, amount, winningOutcome) -- burn winning tokens

Granted to BatchAuction (mints tokens during atomic settlement in clearBatch) and Redemption (burns winning tokens during redemption).

hashtag
ESCROW_ROLE (OutcomeToken)

Grants access to:

  • burnEscrow(from, marketId, amount, isYes) -- burn escrowed outcome tokens held by OrderBook when sell orders (SellYes/SellNo) are filled during batch settlement

Granted to BatchAuction. When a SellYes or SellNo order is filled, the tokens were custodied by OrderBook on placement. BatchAuction calls burnEscrow() to burn those tokens as part of the settlement flow.

hashtag
ADMIN_ROLE (MarketFactory)

Grants access to:

  • setResolving(factoryMarketId) -- transition market to Resolving state

  • setResolved(factoryMarketId, outcomeYes, settlementPrice) -- finalize resolution

  • payResolverBounty(factoryMarketId, resolver) -- pay creation bond to resolver

  • pauseFactory(paused) -- pause/unpause market creation

  • setDefaultParams(batchInterval, minLots) -- update default market params

  • setCreationBond(bond) -- update creation bond amount

  • setFeeCollector(collector) -- update fee collector

Granted to PythResolver (resolution state transitions) and the deployer (admin controls). Note: the deployer also receives ADMIN_ROLE in the MarketFactory constructor.

hashtag
PythResolver Admin (custom ownership)

PythResolver does not use OpenZeppelin AccessControl. It has a simple admin address set to msg.sender in the constructor. Transfer uses a two-step pattern:

The admin can call:

  • setConfThreshold(newBps) -- update confidence interval threshold

hashtag
Role Graph (ASCII)

Detailed flow diagram:

hashtag
Wiring Commands

Run these after deployment (the deployer must hold DEFAULT_ADMIN_ROLE on each contract):

hashtag
Security Notes

  • The deployer holds DEFAULT_ADMIN_ROLE on all contracts. This should be transferred to a multisig or timelock for production deployments.

  • PythResolver admin should also be transferred to a multisig via setPendingAdmin / acceptAdmin.

  • Role grants are additive -- grantRole does not revoke existing holders.

  • Missing role grants will cause AccessControl: account ... is missing role ... reverts at runtime.

PreviousRedemption.solNextDeployments

Last updated