Matrix of Multisig and Timelocks
Transparency on the role of the multisig
CAMP is required to implement safeguards in order to provide connective tissue between DeFi and centralized liquidity venues. The multisig is used to minimize these trust assumptions for core onchain functions.
Roles
Multi sig
Number of role
Functions
Notes
Owner
Yes, CAMP org
1
transferOwnership, add/remove supported collateral asset, add/remove custodian addresses, setUSDca address
If desired, owner and admin can be different multi sigs
setUSDca address is redundant, to be removed
Admin
Yes, CAMP org
1
grant/revoke Minter, Redeemer, Gatekeeper roles
Gatekeepers
No, EOA controlled by CAMP plus external trusted organisations
At least 3
Disable mint/redeem functionality, remove Minter, Redeemer roles
Will include external trusted organisations to be gatekeepers. Limits damage on mint/redeem roles compromise. Disables mint/redeems when they execute at incorrect prices on chain.
Minter
No, EOA controlled by CAMP
20
mint()transferToCustody
Mint/Redeemer roles to be the same set of 20 addresses. This is to ensure the system can handle a high load of mint transaction concurrently.
Redeemer
No, EOA controlled by CAMP
20
redeem()
Mint/Redeemer roles to be the same set of 20 addresses. This is to ensure the system can handle a high load of mint transaction concurrently.
Last updated