Roles and Permissions

To improve resilience and security, the Particle system introduces a flexible, role-based permission model. Each role is assigned a limited set of responsibilities to reduce the impact of key compromise and ensure secure multi-party control.

Defined Roles

Core roles are predefined for secure configuration and transaction workflows. Smart contracts can also define custom roles (e.g. requester, approver) for finer-grained control within each phase of execution.)

Owner

Owner Role

• Holds primary authority over the contract

• Approves time-delayed operations after timelock

• Can cancel or modify pending operations

Broadcaster

Broadcaster Role

• Relays signed meta-transactions to the contract

• Verifies signatures and enforces deadlines

• Has no direct authority over privileged actions

Recovery

Recovery Role

• Serves as a backup in the event the owner is lost

• Can initiate secure ownership recovery or role changes

• All recovery actions are subject to enforced delays

Permission Model

Each role is allowed specific capabilities:

Action	Owner	Broadcaster	Recovery
Initiate Timelocked Ops	✅	❌	✅ (transfer ownership only)
Approve Timelocked Ops	✅	❌	❌
Relay Meta-Transactions	❌	✅	❌
Transfer Ownership	✅	❌	✅ (delayed)
Update Broadcaster Role	✅	❌	❌
Initiate Recovery	❌	❌	✅

Security Benefits

• Separation of Duties: Critical functions are isolated between roles

• Recovery Path: Robust fallback mechanisms for compromised accounts

• Auditability: All actions are role-bound and traceable via emitted events

This decentralized role system underpins the secure operation and upgradeability of all Particle CS smart contracts.