Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

ACLManager

Overview

The Access Control List Manager (ACLManager) is the main registry of system roles and permissions. It inherits from OpenZeppelin's AccessControl contract and implements the IACLManager interface.

ACLManager allows a Role Admin to manage roles. Role Admin is itself a role that is managed by the DEFAULT_ADMIN_ROLE.

DEFAULT_ADMIN_ROLE is held by the ACLAdmin, which is initialized in PoolAddressesProvider. The ACL admin must be set in the PoolAddressesProvider before deploying the ACLManager.

Constructor

constructor(IPoolAddressesProvider provider)

Initializes the ACLManager with the PoolAddressesProvider. The ACL admin must be set in the provider beforehand and cannot be the zero address.

Role Constants

All role constants are keccak256 hashes of their respective role names:

  • POOL_ADMIN_ROLE = keccak256('POOL_ADMIN')
  • EMERGENCY_ADMIN_ROLE = keccak256('EMERGENCY_ADMIN')
  • RISK_ADMIN_ROLE = keccak256('RISK_ADMIN')
  • FLASH_BORROWER_ROLE = keccak256('FLASH_BORROWER')
  • BRIDGE_ROLE = keccak256('BRIDGE')
  • ASSET_LISTING_ADMIN_ROLE = keccak256('ASSET_LISTING_ADMIN')

Roles

Below we outline the powers/responsibilities of the roles and the specific methods that are only accessible to the holders of these roles.

RoleResponsibilities / PowersMethods Accessible
FLASH_BORROWER_ROLEFlash loan premium is waived for the holders of this role.⛔️ Does not include flashLoanSimpleflashLoan
BRIDGE_ROLECan leverage the Portal featuremintUnbacked backUnbacked
ASSET_LISTING_ADMIN_ROLECan update asset oracle sources fallback oracle add new assets to the Spark marketsetAssetSources setFallbackOracle initReserves
RISK_ADMIN_ROLECan update grace period of Oracle Sentinels reserve params unbacked mint cap liquidation protocol fee existing eMode categories and create new. (not category 0) add/remove asset in silo modesetGracePeriod setReserveBorrowing setReserveFlashLoaning configureReserveAsCollateral setReserveStableRateBorrowing setReserveFreeze setBorrowableInIsolation setReserveFactor setDebtCeiling setBorrowCap setSupplyCap setLiquidationProtocolFee setEModeCategory setAssetEModeCategory setUnbackedMintCap setReserveInterestRateStrategyAddress setSiloedBorrowing
DEFAULT_ADMIN_ROLEOpenZeppelin's 0x00 admin role, held by the ACL_ADMIN address registered on PoolAddressesProvider. Manages the role admins in the ACLManagersetRoleAdmin addPoolAdmin removePoolAdmin addEmergencyAdmin removeEmergencyAdmin addRiskAdmin removeRiskAdmin addFlashBorrower removeFlashBorrower addBridge removeBridge addAssetListingAdmin removeAssetListingAdmin
EMERGENCY_ADMIN_ROLECan pause/unpause the pool or individual reservesetPoolPause setReservePause
POOL_ADMIN_ROLECan update token implementations drop reserves pause/unpause reserves activate/deactivate reserves update premiums do all the things available to RISK_ADMIN_ROLE and ASSET_LISTING_ADMIN_ROLEall methods available to RISK_ADMIN_ROLE all methods available to ASSET_LISTING_ADMIN_ROLE dropReserve updateAToken updateStableDebtToken updateVariableDebtToken setReserveActive updateBridgeProtocolFee updateFlashloanPremiumTotal updateFlashloanPremiumToProtocol

View Methods

isPoolAdmin

function isPoolAdmin(address admin)

Returns true if the address has POOL_ADMIN_ROLE role.

isEmergencyAdmin

function isEmergencyAdmin(address admin)

Returns true if the address has EMERGENCY_ADMIN_ROLE role.

isRiskAdmin

function isRiskAdmin(address admin)

Returns true if the address has RISK_ADMIN_ROLE role.

isFlashBorrower

function isFlashBorrower(address borrower)

Returns true if the address has FLASH_BORROWER_ROLE role.

isBridge

function isBridge(address bridge)

Returns true if the address has BRIDGE_ROLE role.

isAssetListingAdmin

function isAssetListingAdmin(address admin)

Returns true if the address has ASSET_LISTING_ADMIN_ROLE role.

Write Methods

setRoleAdmin

setRoleAdmin(bytes32 role, bytes32 adminRole)

Setup admin to manage Roles. This method can only be called by an address with DEFAULT_ADMIN_ROLE.

Call Params

NameTypeDescription
rolebytes32One of the role constants: POOL_ADMIN_ROLE, EMERGENCY_ADMIN_ROLE, RISK_ADMIN_ROLE, FLASH_BORROWER_ROLE, BRIDGE_ROLE, or ASSET_LISTING_ADMIN_ROLE
adminRolebytes32The role that will be able to grant/revoke the specified role. 0x00 is reserved for DEFAULT_ADMIN_ROLE

addPoolAdmin

addPoolAdmin(address admin)

Add address to the list of members in POOL_ADMIN_ROLE role. Holders of this role can update token implementations, drop, (un)pause and (de)activate reserves, update premiums and do everything the ASSET_LISTING_ADMIN_ROLE and RISK_ADMIN_ROLE can do.

Call Params

NameTypeDescription
adminaddressaddress which will be granted POOL_ADMIN role.

removePoolAdmin

removePoolAdmin(address admin)

Remove given address from the list of members in POOL_ADMIN_ROLE role.

Call Params

NameTypeDescription
adminaddressaddress for which POOL_ADMIN role permissions must be revoked.

addEmergencyAdmin

addEmergencyAdmin(address admin)

Add address to the list of members in EMERGENCY_ADMIN_ROLE role. Holders of this role can pause and unpause the pool or an individual reserve.

NameTypeDescription
adminaddressaddress which will be granted EMERGENCY_ADMIN role.

removeEmergencyAdmin

function removeEmergencyAdmin(address admin)

Remove given address from the list of members in EMERGENCY_ADMIN_ROLE role.

NameTypeDescription
adminaddressaddress for which EMERGENCY_ADMIN role permissions must be revoked.

addRiskAdmin

function addRiskAdmin(address admin)

Add address to the list of members in RISK_ADMIN_ROLE role. Holders of this role can update grace period of Oracle Sentinels, reserve params, unbacked mint cap, liquidation fee and eMode categories.

NameTypeDescription
adminaddressaddress which will be granted RISK_ADMIN role.

removeRiskAdmin

Remove given address from the list of members in RISK_ADMIN_ROLE role.

NameTypeDescription
adminaddressaddress for which RISK_ADMIN role permissions must be revoked.

addFlashBorrower

function addFlashBorrower(address borrower)

Add address to the list of members in FLASH_BORROWER_ROLE role. Holders of this role do not pay premium for flash loan (Does not apply to flashLoanSimple).

removeFlashBorrower

function removeFlashBorrower(address borrower)

Remove given address from the list of members in FLASH_BORROWER_ROLE role.

NameTypeDescription
borroweraddressaddress for which FLASH_BORROWER role permissions must be revoked.

addBridge

addBridge(address bridge)

Add contract address to the list of bridges. Holders of this role can leverage the Portal feature to seamlessly move supplied assets across SparkLend markets on different networks.

NameTypeDescription
bridgeaddressaddress which will be granted BRIDGE role.

removeBridge

removeBridge(address bridge)

Remove contract address from the list of bridges.

NameTypeDescription
bridgeaddressaddress for which BRIDGE role permissions must be revoked.

addAssetListingAdmin

function addAssetListingAdmin(address admin)

Add address to the list of member in ASSET_LISTING_ADMIN_ROLE role. Holder of this role can update oracles & add new asset to the Spark market.

NameTypeDescription
adminaddressaddress which will be granted ASSET_LISTING_ADMIN role.

removeAssetListingAdmin

function removeAssetListingAdmin(address admin)

Remove address from the list of members in ASSET_LISTING_ADMIN_ROLE role.

NameTypeDescription
adminaddressaddress for which ASSET_LISTING_ADMIN role permissions must be revoked.