Design Principles

Secure Design Principles

Pharaoh is built with security in mind. With $1M+ spent on Audits and security reviews, Pharaoh has inherited many security principles and learnings.

Pool Segregation

Pools will ALWAYS remain immutable, and permissionless.

There is no actor in the system that can modify liquidity in pools unless explicitly approved by the relevant contracts. Neither the protocol nor the timelock can modify liquidity pools directly. This stands true for both Concentrated Liquidity (V3) and Legacy Liquidity (V2/Stableswap).

Access Control

AccessHub

There are 3 distinct access control roles in the AccessHub system.

DEFAULT_ADMIN_ROLE
The highest-level administrative role. Initially held by the Pharaoh multisig and timelock, and eventually held solely by the timelock. This role manages other role assignments.

PROTOCOL_OPERATOR
Handles governance-related operations like enabling or disabling gauges. Protocol operators can call functions such as killGauge, reviveGauge, governanceWhitelist, and similar governance controls.

SWAP_FEE_SETTER
Sets swap fees on liquidity pairs. This role supports Pharaoh's dynamic fee algorithm, allowing consistent fee adjustments based on market conditions via the setSwapFees function.

What these roles can't do

These roles don't allow operators to remove user liquidity, transfer user assets, or alter immutable pool mechanics.