Platform Access Control

Any staking platform through the AccessControlStakingFacet employs a role-based access control system where roles are identified by their bytes32 identifiers. This system ensures fine-grained access control and delegation of responsibilities.

Key Concepts

Admin Role

The Admin is distinct from the owner of the StakingDiamond.sol contract and does not possess the same privileges. This role represents the central authority for managing all roles except default ones within the platform.

Default Role: OPEN_ROLE

Every account inherently possesses the OPEN_ROLE. This role cannot be granted or revoked as it is the default.

Role Management Capabilities

Admin Privileges

Admins can grant and revoke all roles except for ADMIN_ROLE and OPEN_ROLE. Furthermore, they can designate or dismiss users as role handlers using the addRoleHandler() and removeRoleHandler functions:

Role Handlers

Designated handlers can only manage the roles they are assigned to. They can grant or revoke their managed roles from/to users.

Admin Role Restrictions

The Admin role cannot Grant or revoke ADMIN_ROLE and cannot grant or revoke OPEN_ROLE.

Role Assignments

The Admin is a handler of all roles except for ADMIN_ROLE and OPEN_ROLE. Only one Admin is supported per staking platform instance.

Transferring Admin Role

You can transfer your ADMIN_ROLE by using the changeAdmin(address newAdmin) function defined in the AccessControlStakingFacet.