The ZeroExGovernor is a time-locked multi-signature wallet that has permission to perform administrative functions within the protocol. By default, submitted transactions must pass a 14 day timelock before they are executed. However, the ZeroExGovernor also allows custom timelocks to be registered to arbitrary function calls at different destination addresses. Many functions that can be used to mitigate damage in case of emergencies (for example, if a vulnerability is discovered that puts user funds at risk) do not have a timelock. Other functions that affect the system of staking contracts have timelocks that are denominated in terms of 10 day epochs in order to maximize security of upgrades.
The ZeroExGovernor has authorizations to perform the following functions within the protocol:
The ZeroExGovernor can transfer ownership of any contract for which it is the owner by calling the following function:
/// @dev Transfers ownership to a new address.
/// @param newOwner Address of the new owner.
function transferOwnership(address newOwner)
public;Most AssetProxy require that the caller of their transferFrom function is authorized to make the call. The ZeroExGovernor is responsible for adding or removing authorizations (and may bypass the timelock when removing an authorization). This is also the mechanism used for upgrading the Exchange contract without redeploying each individual AssetProxy. A new Exchange contract can be authorized while the authorizations of old Exchange contracts are removed. Multiple contracts can also be simultaneously authorized.
The ZeroExGovernor can also manage authorizations for the StakingProxy and ZrxVault contracts. While the ZeroExGovernor itself is currently the only authorized address in these contracts, this feature can be used to allow new contracts to perform admin functions under different conditions in the future (such as with an on-chain token vote).
AssetProxy contracts must be registered in the Exchange and MultiAssetProxy contracts in order to be utilized when filling orders. The ZeroExGovernor can register new AssetProxy contracts by calling the following function:
/// @dev Registers an asset proxy to its asset proxy id.
/// Once an asset proxy is registered, it cannot be unregistered.
/// @param assetProxy Address of new asset proxy to register.
function registerAssetProxy(address assetProxy)
external;The ZeroExGovernor can update the protocol fee multiplier by calling the following function:
/// @dev Allows the owner to update the protocol fee multiplier.
/// @param updatedProtocolFeeMultiplier The updated protocol fee multiplier.
function setProtocolFeeMultiplier(uint256 updatedProtocolFeeMultiplier)
external;Setting the protocolFeeMultiplier will emit a ProtocolFeeMultiplier event.
The ZeroExGovernor can update the protocol fee collector contract (currently the Staking contract) by calling either of the following functions:
/// @dev Allows the owner to update the protocolFeeCollector address.
/// @param updatedProtocolFeeCollector The updated protocolFeeCollector contract address.
function setProtocolFeeCollectorAddress(address updatedProtocolFeeCollector)
external;
/// @dev Sets the protocolFeeCollector contract address to 0.
/// Only callable by owner.
function detachProtocolFeeCollector()
external;Setting the protocolFeeCollector will emit a ProtocolFeeCollectorAddress event.
The ZeroExGovernor can update individual staking parameters by calling the following function:
/// @dev Set all configurable parameters at once.
/// @param _epochDurationInSeconds Minimum seconds between epochs.
/// @param _rewardDelegatedStakeWeight How much delegated stake is weighted vs operator stake, in ppm.
/// @param _minimumPoolStake Minimum amount of stake required in a pool to collect rewards.
/// @param _cobbDouglasAlphaNumerator Numerator for cobb douglas alpha factor.
/// @param _cobbDouglasAlphaDenominator Denominator for cobb douglas alpha factor.
function setParams(
uint256 _epochDurationInSeconds,
uint32 _rewardDelegatedStakeWeight,
uint256 _minimumPoolStake,
uint32 _cobbDouglasAlphaNumerator,
uint32 _cobbDouglasAlphaDenominator
)
external;The ZeroExGovernor can add or remove an Exchange contract from the StakingProxy by calling either of the following functions:
/// @dev Adds a new exchange address
/// @param addr Address of exchange contract to add
function addExchangeAddress(address addr)
external;
/// @dev Removes an existing exchange address
/// @param addr Address of exchange contract to remove
function removeExchangeAddress(address addr)
external;The ZeroExGovernor can upgrade the logic of the StakingProxy by calling either of the following functions:
/// @dev Attach a staking contract; future calls will be delegated to the staking contract.
/// Note that this is callable only by an authorized address.
/// @param _stakingContract Address of staking contract.
function attachStakingContract(address _stakingContract)
external;
/// @dev Detach the current staking contract.
/// Note that this is callable only by an authorized address.
function detachStakingContract()
external;The ZeroExGovernor can replace the StakingProxy contract that triggers deposits and withdrawals in the ZrxVault by calling the following function:
/// @dev Sets the address of the StakingProxy contract.
/// Note that only the contract owner can call this function.
/// @param _stakingProxyAddress Address of Staking proxy contract.
function setStakingProxy(address _stakingProxyAddress)
external;The ZeroExGovernor can replace the AssetProxy contract used to perform deposits into the ZrxVault by calling the following function:
/// @dev Sets the Zrx proxy.
/// Note that only an authorized address can call this function.
/// Note that this can only be called when *not* in Catastrophic Failure mode.
/// @param _zrxProxyAddress Address of the 0x Zrx Proxy.
function setZrxProxy(address _zrxProxyAddress)
external;The ZeroExGovernor can enter catastrophic failure mode in the ZrxVault in emergencies by calling the following function:
/// @dev Vault enters into Catastrophic Failure Mode.
/// *** WARNING - ONCE IN CATOSTROPHIC FAILURE MODE, YOU CAN NEVER GO BACK! ***
/// Note that only the contract owner can call this function.
function enterCatastrophicFailure()
external;Function timelocks are represented in days, where one day is equivalent to 86,400 seconds. Custom timelocks are in bold.
| Contract | Function | Selector | Timelock |
|---|---|---|---|
| Exchange | registerAssetProxy |
c585bb93 | 14 days |
| Exchange | setProtocolFeeMultiplier |
9331c742 | 10 days |
| Exchange | setProtocolFeeCollectorAddress |
c0fa16cc | 20 days |
| Exchange | detachProtocolFeeCollector |
0efca185 | 0 days |
| Exchange | transferOwnership |
f2fde38b | 14 days |
| StakingProxy | addExchangeAddress |
8a2e271a | 20 days |
| StakingProxy | removeExchangeAddress |
01e28d84 | 20 days |
| StakingProxy | attachStakingContract |
66615d56 | 20 days |
| StakingProxy | detachStakingContract |
37b006a6 | 20 days |
| StakingProxy | setParams |
9c3ccc82 | 10 days |
| StakingProxy | addAuthorizedAddress |
42f1181e | 20 days |
| StakingProxy | removeAuthorizedAddress |
70712939 | 20 days |
| StakingProxy | removeAuthorizedAddressAtIndex |
9ad26744 | 20 days |
| StakingProxy | transferOwnership |
f2fde38b | 20 days |
| ZrxVault | setStakingProxy |
6bf3f9e5 | 20 days |
| ZrxVault | enterCatastrophicFailure |
c02e5a7f | 0 days |
| ZrxVault | setZrxProxy |
ca5b0218 | 20 days |
| ZrxVault | addAuthorizedAddress |
42f1181e | 20 days |
| ZrxVault | removeAuthorizedAddress |
70712939 | 20 days |
| ZrxVault | removeAuthorizedAddressAtIndex |
9ad26744 | 20 days |
| ZrxVault | transferOwnership |
f2fde38b | 20 days |
| ERC20Proxy | addAuthorizedAddress |
42f1181e | 14 days |
| ERC20Proxy | removeAuthorizedAddress |
70712939 | 0 days |
| ERC20Proxy | removeAuthorizedAddressAtIndex |
9ad26744 | 0 days |
| ERC20Proxy | transferOwnership |
f2fde38b | 14 days |
| ERC721Proxy | addAuthorizedAddress |
42f1181e | 14 days |
| ERC721Proxy | removeAuthorizedAddress |
70712939 | 0 days |
| ERC721Proxy | removeAuthorizedAddressAtIndex |
9ad26744 | 0 days |
| ERC721Proxy | transferOwnership |
f2fde38b | 14 days |
| ERC1155Proxy | addAuthorizedAddress |
42f1181e | 14 days |
| ERC1155Proxy | removeAuthorizedAddress |
70712939 | 0 days |
| ERC1155Proxy | removeAuthorizedAddressAtIndex |
9ad26744 | 0 days |
| ERC1155Proxy | transferOwnership |
f2fde38b | 14 days |
| ERC20BridgeProxy | addAuthorizedAddress |
42f1181e | 14 days |
| ERC20BridgeProxy | removeAuthorizedAddress |
70712939 | 0 days |
| ERC20BridgeProxy | removeAuthorizedAddressAtIndex |
9ad26744 | 0 days |
| ERC20BridgeProxy | transferOwnership |
f2fde38b | 14 days |
| MultiAssetProxy | addAuthorizedAddress |
42f1181e | 14 days |
| MultiAssetProxy | removeAuthorizedAddress |
70712939 | 0 days |
| MultiAssetProxy | removeAuthorizedAddressAtIndex |
9ad26744 | 0 days |
| MultiAssetProxy | transferOwnership |
f2fde38b | 14 days |
| MultiAssetProxy | registerAssetProxy |
c585bb93 | 14 days |