EUROe implements strict access & admin controls both on- and off-chain.
Smart Contract Roles
The EUROe Stablecoin defines multiple roles with differing levels of access. At high level, we define the following roles:
|Role name||Role description|
|PROXYOWNER_ROLE||Controls the proxy contract and implements contract upgrades.|
|BLOCKLISTER_ROLE||May assign and remove the BLOCKED_ROLE to addresses. The role can also: a) block the 0 address, effectively disabling mint & burn; and b) unblock the contract address. For more information about blocked roles and blocklisting, see 'Blocklisting'.|
|PAUSER_ROLE||Has the sole privilege of pausing the EUROe stablecoin contract.|
|UNPAUSER_ROLE||Has the sole privilege of unpausing the EUROe stablecoin contract.|
|MINTER_ROLE||May mint new EUROe stablecoins using |
|BLOCKED_ROLE||Addresses with this role have limited access to the EUROe stablecoin. Among others, they cannot transfer EUROe from or to their address. For more information about blocked roles and blocklisting, see 'Blocklisting'.|
|RESCUER_ROLE||This address may call |
|BURNER_ROLE||May burn EUROe stablecoins using |
|DEFAULT_ADMIN_ROLE||Role that administers other roles.|
|DOMAIN_SEPARATOR||DOMAIN_SEPARATOR is not a role. It is related to signatures.|
For a more detailed description of the rights of each role, please refer directly to the inline documentation in EUROe.sol
Upgradability & Timelocks
The stablecoin smart contracts are upgradable to allow for future (non-breaking) changes to the code, including, for example, new features. Users & developers are not impacted by contract upgrades as long as they point their application to the proxy contract.
There are no timelocks enforced at the smart contract level. Timelocks are not implemented to ensure EUROe can respond to any change quickly. However, EUROe may employ timelocks within its internal systems to minimise unauthorised access.
The EUROe team has strict operational guidelines and processes for responding to various emergencies and black-swan events. The most commonly used emergency procedure is assigning the "BLOCKED_ROLE" to new addresses. For more information, see Blocklisting. Other on-chain emergency procedures include but are not limited to pausing the smart contract, making changes to access controlled addresses, and changing proxy owners.
The EUROe Stablecoin defines roles as inherited from SPL. We define the following roles:
|Role name||Role description|
|payer||Pays gas expenditures for relevant program interactions|
|mintAuthority||May mint new EUROe stablecoins using |
|freezeAuthority||Has the sole privilege of blocklisting and un-blocklisting addresses. For more information about blocked roles and blocklisting, see 'Blocklisting'.|
For a more detailed description of the roles, please refer directly to the Solana documentation at spl.solana.com/token.
The EUROe team has strict operational guidelines and processes for responding to various emergencies and black-swan events. The most commonly used emergency procedure is blocklisting addresses. For more information, see Blocklisting. Other on-chain emergency procedures include but are not limited to making changes to the mintAuthority and freezeAuthority.
Common In All Implementations
All EUROe's stablecoin smart contracts are owned and operated by EUROe. Any relevant roles and access to addresses are strictly internal to EUROe. EUROe leverages MPC technology to minimise the risk of unauthorised access to the contract. Furthermore, EUROe employs various internal processes to ensure that even senior executive staff cannot make contract changes without proper authorisation.
Pausing the EUROe stablecoin is an unlikely event. It is used to prevent imminent unauthorised access and threats. The mainnet contracts are never paused without a good reason. For more information, please see Pausing.
EUROe is entirely governed by Membrane Finance, the developer of EUROe. There are no on-chain governance or voting mechanisms nor a governance token at this stage.