Access Control

Role-based permissions across the Heliox protocol

Heliox uses a small set of clearly separated roles. Governance controls product configuration, vault owners control their Safe-backed vault workflows, and automation can act only through explicitly allowed product paths.

Roles

RoleCan DoError on Violation
Governance OwnerProtocol configuration, pause controls, and governed engine-registry lifecycle updatesNotOwner()
Allowed AutomationCall the allowlisted rebalance paths for supported vaultsNotAllowed()
Live Safe OwnerManage vault-level cycle controls, manual execution, and owner-level billing or referral actionsFunction-specific revert or require
Heliox (contract)Only writer for HelioxPayments and several Treasury setup flowsOnlyHeliox()
Payments (contract)Only caller allowed to accrue commissions in ReferralTreasuryOnlyPayments()
AnyoneRead functions and buyTokenFromNative()

Ownership Transfer

Ownership can be transferred via transferOwnership(newOwner) from the MinimalOwnable base. This is a single-step transfer (not two-step). Setting the new owner to address(0) reverts with NewOwnerZeroAddress().

Safe Control MattersFor Safe-backed vault actions, Heliox checks both the registry mapping and the live Safe control state before it allows owner-sensitive vault operations. If those drift apart, vault actions fail closed until governance resolves the mismatch.