Skip to main content

Governance Contracts

Governance contracts are essential for secure, flexible, and upgradeable management of Euler Vault Kit (EVK) vaults and oracle routers. They enable fine-grained control over vault operations, risk parameters, and emergency responses, balancing the need for rapid intervention with robust user protection.

Key Principles

Governance contracts in Euler are designed for security and flexibility, but their deployment and management require careful attention. All governance contracts must be deployed from existing, audited factories—there is no UI for these deployments, so users should rely on scripts or block explorers to perform the process. The standard Creator UI does not support the full suite of governor contracts and is only compatible with multisigs. As a result, risk curators and advanced users are encouraged to use euler-vault-scripts or develop their own custom management tools for managing clusters and advanced governance scenarios.

To ensure consistent and secure governance across all protocol components, governor contracts should be installed not only on vaults but also on the oracle router. This approach provides fine-grained control and robust protection for both lending markets and their associated price feeds.

The recommended governance suite is illustrated below. It features dual timelocks (admin and wildcard), a risk steward, guardian, and emergency roles, all allowing for the operations to be (optionally) batched via the EVC. This architecture enables:

  • Time-delayed governance for transparency and user protection
  • Emergency response capabilities for rapid risk mitigation
  • Role separation for operational and administrative security

Recommended Governance Architecture

Components

  • GovernorAccessControlEmergency: Selector-based access control contracts for fine-grained permissioning and emergency actions.
  • CapRiskSteward: Specialized risk management contract that allows authorized users to adjust supply and borrow caps within predefined safety limits and cooldowns, and to update interest rate models (IRMs) only to those deployed by a recognized factory.
  • GovernorAccessControlEmergencyFactory: Factory for deploying the full governance suite, including timelocks and emergency roles.
  • CapRiskStewardFactory: Factory for deploying CapRiskSteward contracts that work alongside selector-based governors for delegated, but limited, risk management that can bypass timelock controllers.

Deployment & Management

Deployment Process

  1. Prepare timelock parameters:

    • Set minDelay (minimum 1 day) for both admin and wildcard timelocks
    • Define proposers, cancellers, and executors for each timelock
    • Identify emergency guardians for rapid response capabilities
  2. Deploy through GovernorAccessControlEmergencyFactory:

    • Call deploy with the prepared parameters
    • Record the addresses of deployed contracts
  3. Install governance:

    • Set the GovernorAccessControlEmergency as governor for your vault(s)
    • Install the same governor on your oracle router
    • If using CapRiskSteward for delegated risk management:
      • Deploy CapRiskSteward via CapRiskStewardFactory, providing the governor access control contract, IRM factory addresses and the admin address
      • Grant setInterestRateModel.selector and setCaps.selector roles to the CapRiskSteward on the governor contract
      • Assign the wildcard role on the CapRiskSteward to a multisig or other trusted address