Access Control
Role-based permissions across the Heliox protocol
Heliox uses a small set of clearly separated roles. Governance controls product configuration, vault owners control their Safe-backed vault workflows, and automation can act only through explicitly allowed product paths.
Roles
| Role | Can Do | Error on Violation |
|---|---|---|
| Governance Owner | Protocol configuration, pause controls, and governed engine-registry lifecycle updates | NotOwner() |
| Allowed Automation | Call the allowlisted rebalance paths for supported vaults | NotAllowed() |
| Live Safe Owner | Manage vault-level cycle controls, manual execution, and owner-level billing or referral actions | Function-specific revert or require |
| Heliox (contract) | Only writer for HelioxPayments and several Treasury setup flows | OnlyHeliox() |
| Payments (contract) | Only caller allowed to accrue commissions in ReferralTreasury | OnlyPayments() |
| Anyone | Read functions and buyTokenFromNative() | — |
Ownership Transfer
Ownership can be transferred via transferOwnership(newOwner) from the MinimalOwnable base. This is a single-step transfer (not two-step). Setting the new owner to address(0) reverts with NewOwnerZeroAddress().
Safe Control MattersFor Safe-backed vault actions, Heliox checks both the registry mapping and the live Safe control state before it allows owner-sensitive vault operations. If those drift apart, vault actions fail closed until governance resolves the mismatch.