Roles and Permissions
To improve resilience and security, the Particle system introduces a flexible, role-based permission model. Each role is assigned a limited set of responsibilities to reduce the impact of key compromise and ensure secure multi-party control.
Defined Roles
Core roles are predefined for secure configuration and transaction workflows. Smart contracts can also define custom roles (e.g. requester, approver) for finer-grained control within each phase of execution.)
Owner Role
Holds primary authority over the contract
Approves time-delayed operations after timelock
Can cancel or modify pending operations
Broadcaster Role
Relays signed meta-transactions to the contract
Verifies signatures and enforces deadlines
Has no direct authority over privileged actions
Recovery Role
Serves as a backup in the event the owner is lost
Can initiate secure ownership recovery or role changes
All recovery actions are subject to enforced delays
Permission Model
Each role is allowed specific capabilities:
Initiate Timelocked Ops
✅
❌
✅ (transfer ownership only)
Approve Timelocked Ops
✅
❌
❌
Relay Meta-Transactions
❌
✅
❌
Transfer Ownership
✅
❌
✅ (delayed)
Update Broadcaster Role
✅
❌
❌
Initiate Recovery
❌
❌
✅
Security Benefits
Separation of Duties: Critical functions are isolated between roles
Recovery Path: Robust fallback mechanisms for compromised accounts
Auditability: All actions are role-bound and traceable via emitted events
This decentralized role system underpins the secure operation and upgradeability of all Particle CS smart contracts.
Last updated