Access & Admin Controls
EUROe implements strict access & admin controls both on- and off-chain.
Concordium Implementation
Smart Contract Roles
The EUROe Stablecoin defines multiple roles with differing levels of access to limit which addresses can call privileged functions. At high level, we define the following roles:
| Role name | Role description |
|---|---|
| BlockUnblockRole | May assign addresses to and remove addresses from the blocklist. For more information about blocklisting, see 'Blocklisting'. |
| PauseUnpauseRole | Has the sole privilege of pausing and unpausing the EUROe stablecoin contract. |
| MintRole | May mint (create) new EUROe stablecoins. The only role with minting privileges. |
| BurnRole | May burn (remove from supply) EUROe stablecoins. The only role with burning privileges. |
| AdminRole | Role that administers other roles. Can also upgrade the contract. |
Upgradeability
The EUROe smart contract on Concordium is upgradable.
Emergency Procedures
The EUROe team has strict operational guidelines and processes for responding to various emergencies and black-swan events. The most commonly used emergency procedure is assigning addresses to the blocklist. For more information, see Blocklisting. Other on-chain emergency procedures include but are not limited to pausing the smart contract and making changes to access controlled addresses.
EVM Implementations
Smart Contract Roles
The EUROe Stablecoin defines multiple roles with differing levels of access. At high level, we define the following roles:
| Role name | Role description |
|---|---|
| PROXYOWNER_ROLE | Controls the proxy contract and implements contract upgrades. |
| BLOCKLISTER_ROLE | May assign and remove the BLOCKED_ROLE to addresses. The role can also: a) block the 0 address, effectively disabling mint & burn; and b) unblock the contract address. For more information about blocked roles and blocklisting, see 'Blocklisting'. |
| PAUSER_ROLE | Has the sole privilege of pausing the EUROe stablecoin contract. |
| UNPAUSER_ROLE | Has the sole privilege of unpausing the EUROe stablecoin contract. |
| MINTER_ROLE | May mint new EUROe stablecoins using mint() or mintSet(). The only role with minting privileges. |
| BLOCKED_ROLE | Addresses with this role have limited access to the EUROe stablecoin. Among others, they cannot transfer EUROe from or to their address. For more information about blocked roles and blocklisting, see 'Blocklisting'. |
| RESCUER_ROLE | This address may call rescueERC20() to move misplaced ERC20 tokens from the smart contract address to another. |
| BURNER_ROLE | May burn EUROe stablecoins using burn(), burnFrom() and burnFromWithPermit() functions (subject to conditions defined in the smart contracts). |
| DEFAULT_ADMIN_ROLE | Role that administers other roles. |
| DOMAIN_SEPARATOR | DOMAIN_SEPARATOR is not a role. It is related to signatures. |
For a more detailed description of the rights of each role, please refer directly to the inline documentation in EUROe.sol
Upgradability & Timelocks
The stablecoin smart contracts are upgradable to allow for future (non-breaking) changes to the code, including, for example, new features. Users & developers are not impacted by contract upgrades as long as they point their application to the proxy contract.
There are no timelocks enforced at the smart contract level. Timelocks are not implemented to ensure EUROe can respond to any change quickly. However, EUROe may employ timelocks within its internal systems to minimise unauthorised access.
Emergency Procedures
The EUROe team has strict operational guidelines and processes for responding to various emergencies and black-swan events. The most commonly used emergency procedure is assigning the "BLOCKED_ROLE" to new addresses. For more information, see Blocklisting. Other on-chain emergency procedures include but are not limited to pausing the smart contract, making changes to access controlled addresses, and changing proxy owners.
Solana Implementation
Program Roles
The EUROe Stablecoin defines roles as inherited from SPL. We define the following roles:
| Role name | Role description |
|---|---|
| payer | Pays gas expenditures for relevant program interactions |
| mintAuthority | May mint new EUROe stablecoins using createMintToInstruction() and burn EUROe stablecoins using createBurnInstruction() functions. |
| freezeAuthority | Has the sole privilege of blocklisting and un-blocklisting addresses. For more information about blocked roles and blocklisting, see 'Blocklisting'. |
For a more detailed description of the roles, please refer directly to the Solana documentation at spl.solana.com/token.
Emergency Procedures
The EUROe team has strict operational guidelines and processes for responding to various emergencies and black-swan events. The most commonly used emergency procedure is blocklisting addresses. For more information, see Blocklisting. Other on-chain emergency procedures include but are not limited to making changes to the mintAuthority and freezeAuthority.
Common In All Implementations
Contract ownership
All EUROe's stablecoin smart contracts are owned and operated by EUROe. Any relevant roles and access to addresses are strictly internal to EUROe. EUROe leverages MPC technology to minimise the risk of unauthorised access to the contract. Furthermore, EUROe employs various internal processes to ensure that even senior executive staff cannot make contract changes without proper authorisation.
Emergency Pausing
Pausing the EUROe stablecoin is an unlikely event. It is used to prevent imminent unauthorised access and threats. The mainnet contracts are never paused without a good reason. For more information, please see Pausing.
Governance
EUROe is entirely governed by Membrane Finance, the developer of EUROe. There are no on-chain governance or voting mechanisms nor a governance token at this stage.