Auditing Steps

Current Permissions Policy

• Link 1: Current Permissions Policy v4 (PP v4).
• Link 2: PP v4 currently deployed in the Roles v1 module as displayed in the Zodiac app (navigate to “edit roles”, toggle the roles, review target contracts).
• Link 3: Same policy as Link 2, but deployed in a Roles v2 module.

First auditing step: Verify that the permissions in Link 3 match those in Link 2.

Comparison of Current Permissions Policy vs New Proposed Policy

• Link 4: Comparison of the current policy (left) vs. the new proposed policy (right).

Second auditing step:

• Assess the newly added permissions in the proposed policy (highlighted in green on the right).
• Review the revoked permissions from the old policy (highlighted in red on the left).
• Examine the updated or modified permissions (indicated in blue on both sides).

Detailed descriptions of the changes in the permissions policy are available here.

Enabling Roles v2 by the Endowment

• Ownership of the Roles Modifier v2 module, equipped with the new proposed permissions policy, has been transferred to the Endowment.
• Link 5: The new permissions policy deployed in the Roles v2 module.

Third auditing step: Verify that the new proposed policy is consistent with the policy in Roles v1 (as per Link 4, right side) and with the policy in Roles v2 (Link 5).

Future Audits:

• Future audits will require only the “Current Permissions Policy vs. New Proposed Policy” step.
• Changes in policies will be assessed by identifying which DeFi Kit actions are added or removed, streamlining the process by bypassing the analysis of individual permissions.