Registry Access Control

The simplest access control model where a single Ethereum address (the owner) has exclusive administrative privileges. This pattern uses a modifier like onlyOwner to restrict critical functions.

• Common Use: Basic contract upgrades, fee parameter changes.
• Limitation: Creates a single point of failure; the owner's private key must be meticulously secured.

A flexible system where permissions are grouped into discrete roles (e.g., MINTER_ROLE, PAUSER_ROLE), which are then assigned to addresses. This is implemented using libraries like OpenZeppelin's AccessControl.

• Advantage: Enables fine-grained, multi-admin security.
• Example: A registry could grant a REGISTRAR_ROLE to multiple trusted entities for adding new entries.

Requires a predefined number of signatures from a set of authorized addresses (M-of-N) to execute a transaction that modifies the registry. This is often implemented via a separate Gnosis Safe wallet that owns the registry contract.

• Use Case: High-security governance for treasury management or protocol parameter updates.
• Benefit: Eliminates single points of control and enables decentralized oversight.

Imposes a mandatory delay between when a governance proposal is approved and when it can be executed. This gives users time to react to potentially harmful changes.

• Core Mechanism: Queues transactions in a TimelockController contract.
• Purpose: A critical security primitive for decentralized autonomous organizations (DAOs) and protocol upgrades, providing a last-resort exit window.

A circuit-breaker pattern that allows authorized accounts to temporarily halt most non-essential functions of a registry in an emergency, such as the discovery of a critical bug.

• Implementation: Uses a whenNotPaused modifier from libraries like OpenZeppelin.
• Function: While paused, state-changing operations (e.g., new registrations, transfers) are blocked, but view functions and user exits remain active.

Decentralized control where changes to a registry are proposed and enacted based on the outcome of an on-chain vote by holders of a governance token (e.g., UNI, COMP).

• Typical Flow: 1. Proposal submitted. 2. Voting period. 3. Timelock delay. 4. Execution.
• Nature: This is often the final, overarching access control layer that governs the parameters of the other mechanisms.

A common pattern where access to a registry's functions is restricted to holders of a specific non-fungible token (NFT) or fungible token. This is the foundation for:

• Membership DAOs: Only token holders can vote on proposals or access treasury funds.
• Gated Content Platforms: Users must own a creator's NFT to unlock exclusive content or community channels.
• Loyalty Programs: Token ownership grants access to special offers or services recorded in a registry.

A granular permission system where different user roles (e.g., Admin, Minter, Updater) are assigned specific privileges within a smart contract registry.

• DeFi Protocols: An ADMIN role can adjust fee parameters in a vault registry, while a MINTER role can only issue new LP tokens.
• NFT Collections: A MINTER role is granted to a trusted party to create new tokens, separate from the OWNER who can withdraw funds.
• Enterprise Consortia: Different member organizations have predefined roles for reading, writing, or approving entries in a shared supply chain registry.

A critical application of access control where a registry (the wallet) requires multiple private keys to authorize a transaction. This is a form of M-of-N authentication.

• Treasury Management: DAOs use multi-sig wallets like Gnosis Safe to secure funds, requiring 5 of 9 council members to approve large withdrawals.
• Protocol Upgrades: Changes to a core protocol's contract registry (like a governor) often require signatures from a majority of key holders.
• Escrow Services: Funds are held in a registry wallet that only releases assets upon approval from both the buyer and seller, or a neutral arbitrator.

Registries act as authoritative sources for decentralized identifiers (DIDs) and attestations, with access control determining who can issue or revoke credentials.

• Soulbound Tokens (SBTs): A university's accredited registry (controlled by admins) can issue non-transferable SBTs as diplomas to student wallets.
• KYC/AML Compliance: A regulated entity controls a registry of verified addresses. DApps query this permissioned registry to check user status without exposing private data.
• Professional Licenses: A medical board maintains a registry of licensed doctors; only authorized signers can add or suspend entries.

Access control governs the most critical function in upgradeable contracts: the ability to change the underlying logic. A proxy registry points to the current implementation address.

• Protocol Evolution: Only a designated UPGRADER address (often a Timelock contract) can propose and execute updates to the logic contract registry.
• Security Response: In case of a vulnerability, a pre-defined emergency multisig can quickly upgrade the contract to a patched version.
• Module Registry: Systems like EIP-2535 Diamonds use access control to manage a registry of modular functions, allowing for granular upgrades.

Decentralized oracle networks use access-controlled registries to maintain the list of authorized data nodes and the data specifications they must follow.

• Chainlink Data Feeds: The Feed Registry controls which oracle nodes are permitted to submit price data for a specific asset pair.
• Custom Data Jobs: A business can run a private registry where only approved API providers can submit off-chain data for on-chain contracts.
• Threshold Signatures: Registries manage the group of nodes in a decentralized oracle; access control ensures only consensus-approved data is accepted.

A registry that maps user addresses to specific permissions for individual functions or resources within a system. It provides fine-grained control beyond simple roles.

• Granularity: Can define permissions like canCall(actor, target, functionSelector).
• Use Case: Complex DeFi protocols where different actors (keepers, liquidators, governors) need specific, non-overlapping abilities.

A design pattern that separates a contract's storage and logic. A proxy contract holds the state and delegates function calls to a logic contract. Access control governs who can upgrade the logic contract's address.

• UUPS (ERC-1967): A standard where upgrade logic is in the implementation contract itself, making proxies more gas-efficient.
• Critical Permission: The upgradeTo function is typically protected by the registry's access control (e.g., onlyOwner or a TIMELOCK role).