Roles
The smart contract enforces specific admin roles. The roles divide responsibilities to reduce abuse vectors and create checks and balances. Ideally each role should be managed by a separate admin with separate key control.
In some cases, such as for the Contract Admin or Wallets Admin, it is recommended that the role's private key is managed through multi-signature (e.g. requiring 2 of 3 or N of M approvers) authentication.
Admin Types
The Admin functionality breaks down into 6 distinct roles using a sophisticated bitwise role system. Each role provides granular control over specific contract operations while maintaining security boundaries:
Core Administrative Roles (Constructor-Required)
-
Contract Admin (1)
- Root-level administrator with system configuration authority
- Can upgrade contract dependencies (
RestrictedSwap,TransferRules,IdentityRegistry) - Manages role assignments and emergency controls
- Security: Recommended to be a secure multi-sig wallet
-
Reserve Admin (2)
- Primary token supply authority for issuance operations
- Controls
mint(),burn(), andforceTransferBetween()functions - Manages maximum supply limits and emergency transfers
- Use Case: Issuer's primary minting and burning authority
Granted Operational Roles (Assigned by Contract Admin)
-
Wallets Admin (4)
- Identity and compliance management authority
- Manages AML/KYC verification, regional assignments, and accreditation levels
- Controls wallet freeze/unfreeze and holder management
- Integration: Works closely with
IdentityRegistrycontract
-
Transfer Admin (8)
- Transfer restriction and payment operations authority
- Configures token type rules, transfer restrictions, and holding periods
- Manages interest payments, dividend distributions, and regulatory compliance
- Capabilities: Superset of Wallets Admin permissions
- Integration: Primary controller of
TransferRulescontract
Specialized Administrative Roles
-
Soft Burn Admin (16)
- Allowance-based token burning authority
- Uses
softBurn()mechanism requiring token allowances - Use Case: DeFi protocol integrations, automated burning systems
- Security: Cannot burn arbitrary tokens without holder approval
-
Mint Admin (32)
- Specialized minting authority with explicit token type control
- Can use
mintTokenType()for regulatory-specific token issuance - Use Case: Purchase contracts, specialized token distribution systems
- Flexibility: Provides minting capability without broader reserve powers
Role Assignment Strategies
Traditional Transfer Agent Setup
Most legal entity transfer agents require both Transfer Admin and Wallets Admin roles for comprehensive investor management.
Exchange Integration
Exchanges typically receive Wallets Admin role for investor onboarding and compliance, but not Transfer Admin to prevent rule modifications.
Automated System Integration
- Purchase Contracts: Require Mint Admin role for automated token purchases
- Interest Payment Systems: Require Soft Burn Admin role for principal repayments
- DeFi Protocols: Use Soft Burn Admin for allowance-based token burning
Security-Focused Distribution
- Contract Admin: Multi-sig wallet with 3+ signers
- Reserve Admin: Cold storage wallet for issuer operations
- Transfer Admin: Operational wallet for day-to-day rule management
- Wallets Admin: Customer service or compliance team wallet
- Mint Admin: Automated system or purchase contract
- Soft Burn Admin: DeFi integration or repayment system
Admin Functionality
| Function | Contract Admin (1) | Reserve Admin (2) | Wallets Admin (4) | Transfer Admin (8) | Soft Burn Admin (16) | Mint Admin (32) |
|---|
Core System Administration
| Function | Contract Admin (1) | Reserve Admin (2) | Wallets Admin (4) | Transfer Admin (8) | Soft Burn Admin (16) | Mint Admin (32) |
|---|---|---|---|---|---|---|
grantRole() | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
revokeRole() | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
upgradeTransferRules() | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
upgradeIdentityRegistry() | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
setAmlKycValidityDuration() | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
pause() / unpause() | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ |
Token Supply Management
| Function | Contract Admin (1) | Reserve Admin (2) | Wallets Admin (4) | Transfer Admin (8) | Soft Burn Admin (16) | Mint Admin (32) |
|---|---|---|---|---|---|---|
mint() | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
mintTokenType() | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ |
burn() | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
softBurn() | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ |
burnHolding() | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
forceTransferBetween() | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
setMaxTotalSupply() | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
Identity & Compliance Management
| Function | Contract Admin (1) | Reserve Admin (2) | Wallets Admin (4) | Transfer Admin (8) | Soft Burn Admin (16) | Mint Admin (32) |
|---|---|---|---|---|---|---|
setIdentity() | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ |
removeIdentity() | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ |
grantAmlKyc() / revokeAmlKyc() | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ |
grantAccreditation() / revokeAccreditation() | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ |
setRegions() / addRegion() / removeRegion() | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ |
freeze() / unfreeze() | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ |
Transfer Rules & Restrictions
| Function | Contract Admin (1) | Reserve Admin (2) | Wallets Admin (4) | Transfer Admin (8) | Soft Burn Admin (16) | Mint Admin (32) |
|---|---|---|---|---|---|---|
setTokenTypeRule() | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
setTransferRule() | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
updateTransferRule() | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
deactivateTransferRule() | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
setHolderMax() | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
Release Schedule Management
| Function | Contract Admin (1) | Reserve Admin (2) | Wallets Admin (4) | Transfer Admin (8) | Soft Burn Admin (16) | Mint Admin (32) |
|---|---|---|---|---|---|---|
createReleaseSchedule() | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
mintReleaseSchedule() | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ |
batchMintReleaseSchedule() | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ |
fundReleaseSchedule() | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
batchFundReleaseSchedule() | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
cancelReleaseSchedule() | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
Holder Management
| Function | Contract Admin (1) | Reserve Admin (2) | Wallets Admin (4) | Transfer Admin (8) | Soft Burn Admin (16) | Mint Admin (32) |
|---|---|---|---|---|---|---|
createHolderFromAddress() | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ |
appendHolderAddress() | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ |
addHolderWithAddresses() | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ |
removeHolder() | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ |
removeWalletFromHolder() | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ |
batchRemoveWalletFromHolder() | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ |
Interest Payment & Dividend Operations
| Function | Contract Admin (1) | Reserve Admin (2) | Wallets Admin (4) | Transfer Admin (8) | Soft Burn Admin (16) | Mint Admin (32) |
|---|---|---|---|---|---|---|
fundDividend() | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
fundInterest() | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
fundPrincipal() | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
reclaimInterest() | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
reclaimPrincipal() | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
createPaymentPeriod() | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
updateInterestRateForPeriod() | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
earlyRepayment() | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ |
forceClaim() / forceClaimForPeriod() | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ |
setReclaimerAddress() | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
setMaxInterestRate() | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
shiftInterestAccrualEnd() | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ |
pausePaymentPeriod() / unpausePaymentPeriod() | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ |
pausePaymentAfter() / unpausePaymentAfter() | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ |
Advanced Token Operations
| Function | Contract Admin (1) | Reserve Admin (2) | Wallets Admin (4) | Transfer Admin (8) | Soft Burn Admin (16) | Mint Admin (32) |
|---|---|---|---|---|---|---|
transferHolding() | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
timelockTransfer() | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
updateTimelockTokenType() | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
updateHoldingTokenType() | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
Notes:
- ✅ = Function accessible with this role
- ❌ = Function not accessible with this role
- Transfer Admin permissions include Wallets Admin capabilities (superset)
- Advanced Token Operations are available to token holders themselves, not admins
- Some functions may have additional parameter-based restrictions beyond role requirements