modify access controll

Author: zimpha

script/DeployScroll.s.sol

@@ -152,6 +152,7 @@ contract DeployScroll is Script {
             (
                 address(usxProxy),
                 address(0), // Treasury address (will be set later)
+                admin,
                 governance
             )
         );
@@ -179,7 +180,7 @@ contract DeployScroll is Script {
         console.log("2.2. Deploying Treasury Proxy...");
         bytes memory treasuryInitData = abi.encodeCall(
             TreasuryDiamond.initialize,
-            (usdcAddress, address(usxProxy), address(susxProxy), governance, governanceWarchest, assetManager, insuranceVault)
+            (usdcAddress, address(usxProxy), address(susxProxy), admin, governance, governanceWarchest, assetManager, insuranceVault)
         );
 
         treasuryProxy = address(new ERC1967Proxy(address(treasuryImpl), treasuryInitData));

src/StakedUSX.sol

@@ -25,6 +25,7 @@ contract StakedUSX is ERC4626Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgrad
     error ZeroAddress();
     error ZeroAmount();
     error NotGovernance();
+    error NotAdmin();
     error NotTreasury();
     error WithdrawalAlreadyClaimed();
     error WithdrawalPeriodNotPassed();
@@ -38,6 +39,7 @@ contract StakedUSX is ERC4626Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgrad
 
     event TreasurySet(address indexed treasury);
     event GovernanceTransferred(address indexed oldGovernance, address indexed newGovernance);
+    event AdminTransferred(address indexed oldAdmin, address indexed newAdmin);
     event EpochAdvanced(uint256 oldEpochBlock, uint256 newEpochBlock);
     event WithdrawalRequested(address indexed user, uint256 sharesAmount, uint256 withdrawalId);
     event WithdrawalClaimed(address indexed user, uint256 withdrawalId, uint256 usxAmount);
@@ -62,6 +64,11 @@ contract StakedUSX is ERC4626Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgrad
         _;
     }
 
+    modifier onlyAdmin() {
+        if (msg.sender != _getStorage().admin) revert NotAdmin();
+        _;
+    }
+
     modifier onlyTreasury() {
         if (msg.sender != address(_getStorage().treasury)) revert NotTreasury();
         _;
@@ -88,6 +95,7 @@ contract StakedUSX is ERC4626Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgrad
     struct SUSXStorage {
         IERC20 USX; // USX token reference (the underlying asset)
         ITreasury treasury; // treasury contract
+        address admin; // address that controls admin of the contract
         address governance; // address that controls governance of the contract
         uint256 withdrawalPeriod; // withdrawal period in seconds, (default == 15 * 24 * 60 * 60 (15 days))
         uint256 withdrawalFeeFraction; // fraction of withdrawals determining the withdrawal fee, (default 0.05% == 500) with precision 6 decimals
@@ -126,7 +134,7 @@ contract StakedUSX is ERC4626Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgrad
     /// @param _usx Address of the USX token
     /// @param _treasury Address of the Treasury contract
     /// @param _governance Address of the governance
-    function initialize(address _usx, address _treasury, address _governance) public initializer {
+    function initialize(address _usx, address _treasury, address _admin, address _governance) public initializer {
         if (_usx == address(0) || _governance == address(0)) revert ZeroAddress();
 
         // Initialize ERC4626, ERC20, and ReentrancyGuard
@@ -137,6 +145,7 @@ contract StakedUSX is ERC4626Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgrad
         SUSXStorage storage $ = _getStorage();
         $.USX = IERC20(_usx);
         $.treasury = ITreasury(_treasury);
+        $.admin = _admin;
         $.governance = _governance;
 
         // Set default values
@@ -147,7 +156,7 @@ contract StakedUSX is ERC4626Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgrad
 
     /// @notice Set the initial Treasury address - can only be called once when treasury is address(0)
     /// @param _treasury Address of the Treasury contract
-    function initializeTreasury(address _treasury) external onlyGovernance {
+    function initializeTreasury(address _treasury) external onlyAdmin {
         if (_treasury == address(0)) revert ZeroAddress();
         SUSXStorage storage $ = _getStorage();
         if ($.treasury != ITreasury(address(0))) revert TreasuryAlreadySet();
@@ -216,15 +225,6 @@ contract StakedUSX is ERC4626Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgrad
 
     /*=========================== Governance Functions =========================*/
 
-    /// @notice Sets withdrawal period in seconds
-    /// @param _withdrawalPeriod The new withdrawal period in seconds
-    function setWithdrawalPeriod(uint256 _withdrawalPeriod) public onlyGovernance {
-        SUSXStorage storage $ = _getStorage();
-        uint256 oldPeriod = $.withdrawalPeriod;
-        $.withdrawalPeriod = _withdrawalPeriod;
-        emit WithdrawalPeriodSet(oldPeriod, _withdrawalPeriod);
-    }
-
     /// @notice Sets withdrawal fee with precision to 0.001 percent
     /// @param _withdrawalFeeFraction The new withdrawal fee fraction
     function setWithdrawalFeeFraction(uint256 _withdrawalFeeFraction) public onlyGovernance {
@@ -235,16 +235,6 @@ contract StakedUSX is ERC4626Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgrad
         emit WithdrawalFeeFractionSet(oldFraction, _withdrawalFeeFraction);
     }
 
-    /// @notice Sets duration of epoch in seconds
-    /// @param _epochDurationSeconds The new epoch duration in seconds
-    function setEpochDuration(uint256 _epochDurationSeconds) public onlyGovernance {
-        if (_epochDurationSeconds < MIN_EPOCH_DURATION) revert InvalidEpochDuration();
-        SUSXStorage storage $ = _getStorage();
-        uint256 oldDuration = $.epochDuration;
-        $.epochDuration = _epochDurationSeconds;
-        emit EpochDurationSet(oldDuration, _epochDurationSeconds);
-    }
-
     /// @notice Set new governance address
     /// @param newGovernance Address of new governance
     function setGovernance(address newGovernance) external onlyGovernance {
@@ -257,15 +247,46 @@ contract StakedUSX is ERC4626Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgrad
         emit GovernanceTransferred(oldGovernance, newGovernance);
     }
 
+    /*=========================== Admin Functions =========================*/
+
+    /// @notice Set new admin address
+    /// @param newAdmin Address of new admin
+    function setAdmin(address newAdmin) external onlyAdmin {
+        if (newAdmin == address(0)) revert ZeroAddress();
+        SUSXStorage storage $ = _getStorage();
+        address oldAdmin = $.admin;
+        $.admin = newAdmin;
+        emit AdminTransferred(oldAdmin, newAdmin);
+    }
+
+    /// @notice Sets withdrawal period in seconds
+    /// @param _withdrawalPeriod The new withdrawal period in seconds
+    function setWithdrawalPeriod(uint256 _withdrawalPeriod) public onlyAdmin {
+        SUSXStorage storage $ = _getStorage();
+        uint256 oldPeriod = $.withdrawalPeriod;
+        $.withdrawalPeriod = _withdrawalPeriod;
+        emit WithdrawalPeriodSet(oldPeriod, _withdrawalPeriod);
+    }
+
+    /// @notice Sets duration of epoch in seconds
+    /// @param _epochDurationSeconds The new epoch duration in seconds
+    function setEpochDuration(uint256 _epochDurationSeconds) public onlyAdmin {
+        if (_epochDurationSeconds < MIN_EPOCH_DURATION) revert InvalidEpochDuration();
+        SUSXStorage storage $ = _getStorage();
+        uint256 oldDuration = $.epochDuration;
+        $.epochDuration = _epochDurationSeconds;
+        emit EpochDurationSet(oldDuration, _epochDurationSeconds);
+    }
+
     /// @notice Unpause deposit, allowing users to deposit again
-    function unpauseDeposit() external onlyGovernance {
+    function unpauseDeposit() external onlyAdmin {
         SUSXStorage storage $ = _getStorage();
         $.depositPaused = false;
         emit DepositPausedChanged(false);
     }
 
     /// @notice Pause deposit, preventing users from depositing USX
-    function pauseDeposit() external onlyGovernance {
+    function pauseDeposit() external onlyAdmin {
         SUSXStorage storage $ = _getStorage();
         $.depositPaused = true;
         emit DepositPausedChanged(true);
@@ -415,6 +436,10 @@ contract StakedUSX is ERC4626Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgrad
         return _getStorage().governance;
     }
 
+    function admin() public view returns (address) {
+        return _getStorage().admin;
+    }
+
     function withdrawalPeriod() public view returns (uint256) {
         return _getStorage().withdrawalPeriod;
     }

src/TreasuryDiamond.sol

@@ -52,13 +52,14 @@ contract TreasuryDiamond is Initializable, UUPSUpgradeable, ReentrancyGuardUpgra
         address _USDC,
         address _USX,
         address _sUSX,
+        address _admin,
         address _governance,
         address _governanceWarchest,
         address _assetManager,
         address _insuranceVault
     ) public initializer {
         if (
-            _USDC == address(0) || _USX == address(0) || _sUSX == address(0) || _governance == address(0)
+            _USDC == address(0) || _USX == address(0) || _sUSX == address(0) || _admin == address(0) || _governance == address(0)
                 || _governanceWarchest == address(0)
         ) {
             revert ZeroAddress();
@@ -71,6 +72,7 @@ contract TreasuryDiamond is Initializable, UUPSUpgradeable, ReentrancyGuardUpgra
         $.USDC = IERC20(_USDC);
         $.USX = IUSX(_USX);
         $.sUSX = IStakedUSX(_sUSX);
+        $.admin = _admin;
         $.governance = _governance;
         $.assetManager = _assetManager;
         $.governanceWarchest = _governanceWarchest;
@@ -199,6 +201,16 @@ contract TreasuryDiamond is Initializable, UUPSUpgradeable, ReentrancyGuardUpgra
         emit InsuranceVaultTransferred(oldInsuranceVault, newInsuranceVault);
     }
 
+    /// @notice Set new admin address
+    /// @param newAdmin Address of new admin
+    function setAdmin(address newAdmin) external onlyAdmin {
+        if (newAdmin == address(0)) revert ZeroAddress();
+        TreasuryStorage.TreasuryStorageStruct storage $ = _getStorage();
+        address oldAdmin = $.admin;
+        $.admin = newAdmin;
+
+        emit AdminTransferred(oldAdmin, newAdmin);
+    }
     /*=========================== Fallback =========================*/
 
     /// @dev Fallback function that delegates calls to facets

src/TreasuryStorage.sol

@@ -27,13 +27,15 @@ contract TreasuryStorage {
     error InvalidInsuranceFundFraction();
 
     // Access control errors
+    error NotAdmin();
     error NotGovernance();
     error NotAllocator();
     error NotTreasury();
     error NotReporter();
 
     /*=========================== Events =========================*/
 
+    event AdminTransferred(address indexed oldAdmin, address indexed newAdmin);
     event GovernanceTransferred(address indexed oldGovernance, address indexed newGovernance);
     event GovernanceWarchestTransferred(address indexed oldGovernanceWarchest, address indexed newGovernanceWarchest);
     event InsuranceVaultTransferred(address indexed oldInsuranceVault, address indexed newInsuranceVault);
@@ -57,6 +59,12 @@ contract TreasuryStorage {
 
     /*=========================== Modifiers =========================*/
 
+    // Modifier to restrict access to admin functions
+    modifier onlyAdmin() {
+        if (msg.sender != _getStorage().admin) revert NotAdmin();
+        _;
+    }
+
     // Modifier to restrict access to governance functions
     modifier onlyGovernance() {
         if (msg.sender != _getStorage().governance) revert NotGovernance();
@@ -88,6 +96,7 @@ contract TreasuryStorage {
         IUSX USX; // USX token contract
         IStakedUSX sUSX; // sUSX vault contract
         IERC20 USDC; // USDC token contract
+        address admin; // Admin address
         address governance; // Governance address
         address reporter; // Reporter address
         address allocator; // Allocator address
@@ -126,6 +135,10 @@ contract TreasuryStorage {
         return _getStorage().USDC;
     }
 
+    function admin() public view returns (address) {
+        return _getStorage().admin;
+    }
+
     function governance() public view returns (address) {
         return _getStorage().governance;
     }

src/USX.sol

@@ -31,6 +31,7 @@ contract USX is ERC20Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgradeable, I
     /*=========================== Events =========================*/
 
     event TreasurySet(address indexed treasury);
+    event AdminTransferred(address indexed oldAdmin, address indexed newAdmin);
     event GovernanceTransferred(address indexed oldGovernance, address indexed newGovernance);
     event Deposit(address indexed user, uint256 usdcAmount, uint256 usxMinted);
     event Redeem(address indexed user, uint256 usxAmount, uint256 usdcAmount);
@@ -120,7 +121,7 @@ contract USX is ERC20Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgradeable, I
 
     /// @dev Set the initial Treasury address - can only be called once when treasury is address(0)
     /// @param _treasury Address of the Treasury contract
-    function initializeTreasury(address _treasury) external onlyGovernance {
+    function initializeTreasury(address _treasury) external onlyAdmin {
         if (_treasury == address(0)) revert ZeroAddress();
         USXStorage storage $ = _getStorage();
         if ($.treasury != ITreasury(address(0))) revert TreasuryAlreadySet();
@@ -239,34 +240,44 @@ contract USX is ERC20Upgradeable, UUPSUpgradeable, ReentrancyGuardUpgradeable, I
 
     /*=========================== Governance Functions =========================*/
 
+    /// @notice Set new governance address
+    /// @param newGovernance Address of new governance
+    function setGovernance(address newGovernance) external onlyGovernance {
+        if (newGovernance == address(0)) revert ZeroAddress();
+
+        USXStorage storage $ = _getStorage();
+        address oldGovernance = $.governance;
+        $.governance = newGovernance;
+
+        emit GovernanceTransferred(oldGovernance, newGovernance);
+    }
+
+    /*=========================== Admin Functions =========================*/
+
     /// @notice Pause deposits and withdrawals, preventing users from depositing and redeeming USX
-    function pause() public onlyGovernance {
+    function pause() public onlyAdmin {
         USXStorage storage $ = _getStorage();
         $.paused = true;
         emit PausedChanged(true);
     }
 
     /// @notice Unpause deposits and withdrawals, allowing users to deposit and withdraw again
-    function unpause() public onlyGovernance {
+    function unpause() public onlyAdmin {
         USXStorage storage $ = _getStorage();
         $.paused = false;
         emit PausedChanged(false);
     }
 
-    /// @notice Set new governance address
-    /// @param newGovernance Address of new governance
-    function setGovernance(address newGovernance) external onlyGovernance {
-        if (newGovernance == address(0)) revert ZeroAddress();
-
+    /// @notice Set new admin address
+    /// @param newAdmin Address of new admin
+    function setAdmin(address newAdmin) external onlyAdmin {
+        if (newAdmin == address(0)) revert ZeroAddress();
         USXStorage storage $ = _getStorage();
-        address oldGovernance = $.governance;
-        $.governance = newGovernance;
-
-        emit GovernanceTransferred(oldGovernance, newGovernance);
+        address oldAdmin = $.admin;
+        $.admin = newAdmin;
+        emit AdminTransferred(oldAdmin, newAdmin);
     }
 
-    /*=========================== Admin Functions =========================*/
-
     /// @notice Whitelist a user to mint/redeem USX
     /// @param _user The address to whitelist
     /// @param _isWhitelisted Whether to whitelist the user

src/asset-manager/AssetManager.sol

@@ -167,7 +167,7 @@ contract AssetManager is
     function updateWeight(
         address account,
         uint256 newWeight
-    ) external onlyRole(GOVERNANCE_ROLE) {
+    ) external onlyRole(DEFAULT_ADMIN_ROLE) {
         AssetManagerStorage storage $ = _getStorage();
         (bool exists, uint256 oldWeight) = $.weights.tryGet(account);
         if (!exists) {

src/facets/AssetManagerAllocatorFacet.sol

@@ -56,7 +56,7 @@ contract AssetManagerAllocatorFacet is
 
     /// @notice Sets the current Allocator for the protocol
     /// @param _allocator The address of the new Allocator
-    function setAllocator(address _allocator) external onlyGovernance {
+    function setAllocator(address _allocator) external onlyAdmin {
         if (_allocator == address(0)) revert ZeroAddress();
         TreasuryStorage.TreasuryStorageStruct storage $ = _getStorage();
         address oldAllocator = $.allocator;

src/facets/RewardDistributorFacet.sol

@@ -93,7 +93,7 @@ contract RewardDistributorFacet is TreasuryStorage, ReentrancyGuardUpgradeable {
 
     /// @notice Sets the current Reporter for the protocol
     /// @param _reporter The address of the new Reporter
-    function setReporter(address _reporter) external onlyGovernance {
+    function setReporter(address _reporter) external onlyAdmin {
         if (_reporter == address(0)) revert ZeroAddress();
         TreasuryStorage.TreasuryStorageStruct storage $ = _getStorage();
         address oldReporter = $.reporter;