SuperRBAC manages role-based access control in the Superform Protocol. It allows for granting and revoking various roles to specific addresses.

Core Concepts

There are multiple roles in the Superform ecosystem that serve to ensure uptime for the protocol and future upgrade capabilities. The responsibilities of these roles will be decentralized over time.

Generic Roles

These roles are multi-sigs given their potential to impact liveliness of the overall protocol.

  • PROTOCOL_ADMIN_ROLE: Role for managing overall protocol administration. More on this here Protocol Admin Functionality

  • EMERGENCY_ADMIN_ROLE: Role for managing emergency administrative actions

Contract Specific Roles

These roles serve specialized functions in individual contracts for added security and improved UX.

  • PAYMENT_ADMIN_ROLE: Role for managing payment-related actions in PayMaster.

  • BROADCASTER_ROLE: Role for managing broadcasting payloads in BroadcastRegistry.

  • CORE_STATE_REGISTRY_PROCESSOR_ROLE: Role for managing processing operations in CoreStateRegistry.

  • TIMELOCK_STATE_REGISTRY_PROCESSOR_ROLE: Role for managing processing operations in TimelockStateRegistry.

  • BROADCAST_REGISTRY_PROCESSOR_ROLE : Role for managing processing broadcast payloads in BroadcastRegistry.

  • CORE_STATE_REGISTRY_UPDATER_ROLE: Role for managing updating operations in CoreStateRegistry.

  • DST_SWAPPER_ROLE: Role for managing swapping operations on DstSwapper.

  • CORE_STATE_REGISTRY_RESCUER_ROLE: Role for managing rescue operations in CoreStateRegistry.

  • CORE_STATE_REGISTRY_DISPUTER_ROLE: Role for managing dispute operations in CoreStateRegistry.

  • WORMHOLE_VAA_RELAYER_ROLE: Role that will be reading VAAs for broadcast functionality in WormholeSRImplementation.

Protocol Admin Functionality


This function sets the SuperRegistry contract address.

function setSuperRegistry(
    address superRegistry_
) external override onlyRole(PROTOCOL_ADMIN_ROLE)


address of the SuperRegistry contract


This function allows the existing PROTOCOL_ADMIN to create a new role in the Superform ecosystem with an admin address for it (typically still PROTOCOL_ADMIN)

function setRoleAdmin(
    bytes32 role_,
    bytes32 adminRole_
) external override onlyRole(PROTOCOL_ADMIN_ROLE)


bytes32 hash of the role_ to set


bytes32 hash of the administrator who is allowed to make changes to that role


This function revokes the role from SuperRegistry on all chains. Note that neither of the general roles (Protocol Admin or Emergency Admin) may be revoked in this manner.

function revokeRoleSuperBroadcast(
    bytes32 role_,
    address addressToRevoke_,
    bytes memory extraData_,
    bytes32 superRegistryAddressId_
) external payable override onlyRole(PROTOCOL_ADMIN_ROLE)


bytes32 hash of the role


bytes broadcasting data


bytes32 super registry id

Granting and Revoking Roles

Inherited from

Checking Roles

All addresses can be checked if they have a role by calling the appropriate check if an address has a role (i.e. hasProtocolAdminRole), returns a bool, which wrappers

Last updated