Protocol Token Authority

The guardian that decides who can mint or burn protocol tokens

1. Summary

The ProtocolTokenAuthority allows governance to specify which addresses are allowed to mint or burn protocol tokens. This is done by either setting an address as the root of the contract, the owner of the contract or by whitelisting an address in the authorizedAccounts mapping.

2. Contract Variables & Functions


  • root - contract's root controlling address.

  • owner - the second most powerful address controlling the contract. It cannot set the root but it can set another owner.

  • authorizedAccounts[account: address] - mapping of addresses that are allowed to print protocol tokens.


  • isRootCalling - modifier checking if the msg.sender is the root

  • isRootOrOwnerCalling - modifier checking if the msg.sender is the root or the owner


  • setRoot(usr: address) - sets a new root

  • setOwner(usr: address) - sets a new owner

  • addAuthorization(usr: address) - authorize a new address to print tokens

  • removeAuthorization(usr: address) - de-authorize an address from printing tokens

  • canCall(src: address, address, sig: bytes4) - checks whether an address can call mint, burn or burnFrom inside the protocol token

3. Walkthrough

authed accounts, owner and root are the ones who pass the canCall check and thus, are able mint, burn and burnFrom. root and owner can add or remove authorized addresses. owner cannot set a new root but can only change the owner. root has complete power and can change both the root and the owner.

Last updated