Multi-Tier Permissioning
Protocol Permissions System
NashPoint implements a multi-tiered permissioning system where protocol-level governance controls which contracts can be used, routers control which components can be integrated, and Node owners select from these approved options. This ensures security while maintaining Node owner autonomy over their strategy.
Registry Level (Top)
Registry Owner controls global whitelist of valid contracts:
function setRegistryType(address addr, RegistryType type_, bool status) external onlyOwner {
if (type_ == RegistryType.UNUSED) revert ErrorsLib.InvalidRole();
if (type_ == RegistryType.NODE) revert ErrorsLib.NotFactory();
roles[addr][type_] = status;
}Types: ROUTER, QUOTER, REBALANCER, FACTORY
Router Level (Middle)
Registry owner controls which components each router can use:
function setWhitelistStatus(address component, bool status) external onlyRegistryOwner {
isWhitelisted[component] = status;
}Node Level (Bottom)
Node owners can only add protocol-whitelisted services:
function addRouter(address router) external onlyOwner {
if (!protocol.isRouterWhitelisted(router)) revert ErrorsLib.NotWhitelisted();
if (routers[router]) revert ErrorsLib.AlreadySet();
routers[router] = true;
}
function addRebalancer(address newRebalancer) external onlyOwner {
if (!registry.isRegistryType(newRebalancer, RegistryType.REBALANCER)) {
revert ErrorsLib.NotWhitelisted();
}
}
function setQuoter(address newQuoter) external onlyOwner {
if (!registry.isRegistryType(newQuoter, RegistryType.QUOTER))
revert ErrorsLib.NotWhitelisted();
}No Forced Upgrades
The Registry Owner can revoke protocol-level permissions for routers, rebalancers, quoters, and components. However, these changes only affect future additions - any Node's existing configuration continues to function normally. This ensures Node owners maintain full control over their strategy and cannot be forced to upgrade or change their Node's setup.
Node operations don't check current registry status:
function execute(address target, bytes calldata data) external onlyRouter {
// Only checks router is added to Node, not registry status
if (!isRouter[msg.sender]) revert ErrorsLib.InvalidSender();
}Router operations don't recheck registry status:
modifier onlyNodeRebalancer(address node) {
// Only checks Node's rebalancer list, not registry
if (!INode(node).isRebalancer(msg.sender)) revert ErrorsLib.NotRebalancer();
}Component operations continue after whitelist removal:
function invest(address node, address component) external {
// Only checks Node's component list, not router whitelist
if (!INode(node).isComponent(component)) revert ErrorsLib.InvalidComponent();
}Adding Components & Routers
To correctly configure a Node to use new Routers and Components follow this guide:
Last updated