Governance
Comptroller and Admins
The Sablier Comptroller is a smart contract that acts as an intermediary between the protocols and the Sablier admin addresses. It has exclusive access to specific protocol functions. This design provides a more flexible approach to access control across all protocols while maintaining security.
Current
Used in Lockup v2.0, v3.0 and v4.0, Flow v1.1, v2.0 and v3.0, and Airdrops v1.3, v2.0 and v3.0. The table below lists the deployed Comptroller and the admin that controls it on each chain.
Old
Used in all previous versions: Lockup v1.0, v1.1 and v1.2; Flow v1.0; and Airdrops v1.1 and v1.2. Each of these addresses had direct admin authority over the corresponding protocol contracts before the Comptroller was introduced.
Contract Permissions
Comptroller
The Comptroller itself has admin- and role-gated functions. Roles are managed by the admin via grantRole /
revokeRole; the admin can also call any role-gated function directly.
Admin Only
| Permission | Function |
|---|---|
| Execute | execute |
| Grant Role | grantRole (inherited) |
| Revoke Role | revokeRole (inherited) |
| Set Oracle | setOracle |
| Transfer Admin | transferAdmin (inherited) |
| Upgrade To And Call | upgradeToAndCall (inherited) |
| Withdraw ERC-20 | withdrawERC20Token |
Fee Management Role
| Permission | Function |
|---|---|
| Disable Custom Fee USD For | disableCustomFeeUSDFor |
| Lower Min Fee USD Campaign | lowerMinFeeUSDForCampaign |
| Set Custom Fee USD For | setCustomFeeUSDFor |
| Set Min Fee USD | setMinFeeUSD |
Attestor Manager Role
| Permission | Function |
|---|---|
| Set Attestor | setAttestor |
| Set Attestor For Campaign | setAttestorForCampaign |
Fee Collector Role
| Permission | Function |
|---|---|
| Transfer Fees | transferFees |
Lockup
Comptroller has the following permissions on each chain where Lockup is deployed:
| Permission | Function |
|---|---|
| Allow to Hook | allowToHook |
| Recover | recover |
| Set Native Token | setNativeToken |
| Set NFT Descriptor | setNFTDescriptor |
Merkle Factory
Comptroller has the following permission on each chain where the Merkle Factories are deployed:
| Permission | Function |
|---|---|
| Set Native Token | setNativeToken |
Flow
Comptroller has the following permissions on each chain where Flow is deployed:
| Permission | Function |
|---|---|
| Recover | recover |
| Set Native Token | setNativeToken |
| Set NFT Descriptor | setNFTDescriptor |
Bob
Comptroller has the following permissions on each chain where Bob is deployed:
| Permission | Function |
|---|---|
| Set Default Adapter | setDefaultAdapter |
| Set Native Token | setNativeToken |
Lido Adapter
Comptroller has the following permissions on the Lido Adapter:
| Permission | Function |
|---|---|
| Request Lido Withdrawal | requestLidoWithdrawal |
| Set Slippage Tolerance | setSlippageTolerance |
| Set Yield Fee | setYieldFee |
Trustlessness
Despite having an admin, the Sablier Protocol remains trustless. Here's why:
- The protocol is permissionless, i.e. it can be freely accessed by anyone with an Internet connection.
- The protocol is persistent, i.e. the admin cannot pause it.
- The streaming logic is non-upgradeable, i.e. the admin cannot tamper with the streams created by users.
- There are no escape hatches that allow the admin to claim user funds.
Timelocks
The parameter changes that can be effected are NOT subject to a timelock. This means that the admin can execute any of the functions listed above at any time.
Governance
As a startup, Sablier has to deal with uncertainty regarding:
- Protocol-market fit
- Smart contract security
Attaining success in these areas is no easy feat, and as such, decentralizing the protocol's governance will not be an initial priority.
Nonetheless, we believe that progressive decentralization is the most effective approach to scaling a smart contract protocol. As the protocol matures, we will decentralize its governance incrementally.