Skip to main content

Roles and permissions

warning

This document covers roles and permissions intended for stVaults on mainnet. The implementation on deployed testnet contracts may vary.

Vault contract role

Node Operator provides validation service for the vault: handles depositing ETH from the vault balance to validators and exiting validators if necessary. Address of the Node Operator can’t be changed after the vault is created.

Node Operator's non-delegable permissions

Operation
Deposit ETH from Staking Vault to validators using Predeposit Guarantee contract.

Dashboard contract roles and permissions

There are three key roles in the stVaults:

  1. Vault Owner [Dashboard contract role DEFAULT_ADMIN (VAULT_OWNER)] is one of the two admin roles for the stVault, allows to manage permissions and change key vault parameters from the Vault Owner (Staker) perspective. Multiple addresses supported.

  2. Node Operator Manager [Dashboard contract role NODE_OPERATOR_MANAGER] is another of the two admin roles for the stVault, allows to manage permissions and change key vault parameters from the Node Operator perspective. Multiple addresses supported.

By default, Vault Owner and Node Operator Manager addresses have permissions for all actions they are supposed to do in stVaults. They can grant some of these permissions (sub-roles) to other addresses. If the permission is assigned to another addresses only, the address with the admin role can't do this action. To keep permission when the admin grants access to the action to another address, one needs to provide access to own address and another address.

Permissionless operations

PermissionOperation
PermissionlessDisburse Node Operator fees.

Vault Owner's non-delegable permissions

These operations are available only for addresses with the admin role.

PermissionOperation
DEFAULT_ADMIN_ROLEGrant/Remove role or permission, including own role DEFAULT_ADMIN (VAULT_OWNER).
Confirm the transfer of the StakingVault ownership (Abandon Dashboard, Connect to VaultHub, Reconnect to VaultHub).
Confirm changing NO fee by Multi-roles confirmation.
Confirm changing Confirmation Expiry parameter by Multi-roles confirmation.
Confirm AccruedRewardsAdjustment: Marks transferred directly ETH as funded (supplied) so that these assets wouldn’t considered as rewards.

Vault Owner's delegatable permissions (sub-roles)

info

By default, if no override admin role is set, the Vault Owner can perform all the actions described below.

PermissionOperation
FUND_ROLESupply (fund) ETH to the stVault.
WITHDRAW_ROLEWithdraw ETH from the stVault Balance
MINT_ROLEMint stETH in a boundaries of stETH minting capacity
BURN_ROLERepay (burn) previously minted stETH to decrease stETH Liability
REBALANCE_ROLEPerform volunteering rebalance
PAUSE_BEACON_CHAIN_DEPOSITS_ROLEPause deposits ETH to Beacon chain.
RESUME_BEACON_CHAIN_DEPOSITS_ROLEResume deposits ETH to Beacon chain.
REQUEST_VALIDATOR_EXIT_ROLEAsk Node Operator to exit validator and return ETH to stVault Balance
TRIGGER_VALIDATOR_WITHDRAWAL_ROLEForce fully or partially withdraw ETH from validator
VOLUNTARY_DISCONNECT_ROLEDisconnect from Lido VaultHub (disable minting stETH, stop paying fees to Lido, distribute Node Operator's fee)
PDG_PROVE_VALIDATOR_ROLEIf validator exists on Beacon chain, user can prove this validator to PDG
UNGUARANTEED_BEACON_CHAIN_DEPOSIT_ROLEWithdraws ether from vault and deposits directly to provided validators bypassing the default PDG process
VAULT_CONFIGURATION_ROLE— Request to OperatorGrid to change the vault tier (specify new tier)
— Request to OperatorGrid to change the sync with tier params
— Request to OperatorGrid to update share limit on the vault
— Accept new tier on connection to the VaultHub
RECOVER_ASSETS_ROLEAllows to recover assets wrongly transferred to the Dashboard contract.

Node Operator Manager's non-delegable permissions (sub-roles)

PermissionOperation
NODE_OPERATOR_MANAGER_ROLEGrant/Remove role or permission, including own role NODE_OPERATOR_MANAGER.
Confirm changing NO fee by Multi-roles confirmation.
Confirm changing Confirmation Expiry parameter by Multi-roles confirmation.
Confirm AccruedRewardsAdjustment: Marks transferred directly ETH as funded (supplied) so that these assets wouldn’t considered as rewards.
Set NO fee recipient address.

Node Operator Manager's delegatable permissions (sub-roles)

info

By default, if no override admin role is set, the Node Operator Manager can perform all the actions described below.

PermissionOperation
NODE_OPERATOR_REWARDS_ADJUST_ROLEIncreases rewards adjustment to correct fee calculation due to non-rewards ether on CL.

Predeposit guarantee contract roles and permissions

Permissionless operations

PermissionOperation
PermissionlessProvide Merkle Proof of validator existence on CL (positive).
Provide Merkle Proof of invalid validator existence on CL (negative).

Predeposit guarantee contract configurable permissions

RoleOperation
Node OperatorSet Node Operator’s guarantor. Set Node Operator’s depositor.
Vault OwnerProve unknown validator.
GuarantorTop up Node Operator’s guarantor bond. Withdraw Node Operator’s guarantor bond. Claim bond refund.
DepositorPre-deposit validators to Beacon Chain. Deposit validators to Beacon Chain.