Today marks the launch of the newly revamped Zodiac Roles Modifier, an onchain permissions module for smart accounts. With Roles, onchain entities can extend secure transaction permissions to any address through customizable roles, allowing any account to act on its behalf.
To get started, visit the Roles website and developer repo. To learn more about and participate in the Zodiac ecosystem, follow @gnosisguild and join the Gnosis Guild Discord.
How an onchain entity moves is in part determined by the interactions of its constituent parts. But how do we ourselves move within an onchain entity?
Perhaps it’s unsurprising that we can draw inspiration not from academia or a thinkpiece, but from one of the most culturally enduring anime of our time, 1995’s Neon Genesis Evangelion.
In the series, humans deploy bio-mechanical units called Evangelions to counter the existential threat of giant entities known as Angels. Each Evangelion can be operated when a chosen pilot immerses themselves in an Entry Plug, a modular, capsule-shaped cockpit that is inserted into an Evangelion’s spine. Access control of each Entry Plug is tailored to the neural impulses of specific pilots, blurring the boundary between the pilot’s role and the Evangelion’s operational system.
If DAOs and other onchain entities could be considered spiritual equivalents to Evangelions, what could serve as their Entry Plug? What kinds of relationships can we establish with our decentralized systems that also transcend the traditional operator-machine dynamic? And how can such specialized access control function across systems in a similarly modular and dynamic way?
Introducing: Zodiac Roles Modifier
Enter Zodiac Roles Modifier, an onchain permissions module for smart accounts. With Roles, onchain entities can extend secure transaction permissions to any address through customizable roles, allowing any account to act on its behalf. Featuring a smart contract that attaches to any Safe, Roles enables onchain entities of all sizes to create any number of roles with granular permissions and assign them to specific addresses, whether to an independent treasury manager, AI agent, or even another Zodiac module.
What makes Roles particularly novel is its hyper compatibility with diverse systems. Utilizing the accompanying Roles Toolkit, which includes a powerful SDK and subgraph, onchain entities can implement nearly any role-based access control pattern on top of nearly any existing onchain system.
This programmatic ability is especially powerful, as access control for most current systems are rudimentary (you can only move an asset if you’re a contract owner or have specific permissions), and more nuanced systems are implemented on a per-contract basis or are static after deployment. Using Roles, any onchain entity can benefit immediately from an access control solution that’s modular and dynamic, resulting in a composable ecosystem of roles and permissions that together orchestrate its movements — a sort of Entry Plug for onchain entities.
The newly revamped Zodiac Roles Modifier evolved from a smart contract originally released in late 2022. Based on feedback from that release, Gnosis Guild completely rewrote the module, applying significant gas optimizations and introducing the most expressive and powerful conditions system for permissioning EVM calls. These new features — including allowances (threshold/rate limits), arbitrary parameter decoding, multiple call variants, and more — greatly enhance its flexibility and customization options, offering onchain entities highly scalable and resilient infrastructure.
Overview
-
Zodiac Roles Modifier (v2): A smart contract module (accessible currently through Github and soon through the Zodiac Safe App) that allows onchain entities to create roles with granular permissions and grant them to any address.
-
Zodiac Roles Toolkit: An accompanying kit for developers to make building with Roles more powerful and interacting with it simpler.
-
SDK: A TypeScript software development kit to programmatically manage and navigate roles and permissions
-
Subgraph: A specialized querying tool to easily explore roles and permissions associated with any Zodiac Roles Modifier
Note: Zodiac Roles Modifier is designed to work seamlessly with Zodiac Pilot, a new paradigm in wallet-dapp interaction that allows authorized roles to easily craft multi-send batch transactions on behalf of an onchain entity through a simple interface.
-
Core Benefits
-
Role-Based Access Control: Extends onchain permissions beyond owners/signers, allowing professionals like treasury managers to efficiently manage an org’s critical functions
-
Streamlined Transaction Execution: Enables permissioned transactions with clear parameters, eliminating the need for Safe owners/signers to approve every transaction
-
Hyper Compatibility: Allows onchain entities to implement nearly any access control pattern on top of nearly any existing onchain system
-
Robust Security: Ensures secure transaction environments through meticulous permission scoping and access control safeguards
-
Efficient Role Management: Simplifies and streamlines user management tasks and transaction permissions
Key Features
-
Create & Assign Roles: Generate custom roles and assign them to any address
-
Fine-Tune Permissions: Assign granular permissions to each role, scoping authorized addresses, designated functions, and allowed parameter values through a highly expressive conditions system
-
Set Rate and Threshold Limits: Set limits on how frequently a given role or permission can be used, along with thresholds for the scoped parameters granted by a given permission
-
Execute Secure Transactions: Authorize role members to perform secure transactions on behalf of the avatar (e.g. a Safe or other compatible smart account)
-
Manage Roles & Permissions: Oversee roles and query permissions using the TypeScript SDK and integrated subgraph
Leveraging Zodiac Roles Modifier
Zodiac Roles Modifier has already proven to be critical infrastructure for a number of visionary organizations.
Gnosis Pay, the world's first decentralized payment network, utilizes Roles to increase access control, heighten security, and enhance functionality for its first product, the Visa-powered Gnosis Card. In fact, every single Gnosis Card transaction flows through Roles, enabling the management of fund movement, defining eligible settlement addresses, and enforcing daily transfer limits as determined by individual cardholders.
Gnosis Pay leverages a combination of Zodiac modules, along with Gnosis Guild’s unique expertise building on top of Safe, to create a best-in-class user experience, combining the familiar form factor of a debt card with a non-custodial web3 account. Every Gnosis Pay transaction is routed through a Zodiac Module!
—Laurent De Marez, Gnosis Pay Tech Lead
HOPR, a Swiss-based org building a decentralized privacy mixnet, uses Roles for its incentivized staking feature, SafeStaking. With Roles, HOPR can limit exposure of funds to certain contracts and specific actions. It also enables a more secure environment for stakers by separating node keys from multisig owners.
Most notably, Roles has become integral to the trust-minimized treasury management of onchain entities like ENS DAO, GnosisDAO, and Balancer. By setting up roles in a Safe with fine-grained, tightly scoped permissions, these and other organizations employ karpatkey to manage their onchain assets and provide financial services that would otherwise be impossible in a non-custodial way. karpatkey has already reported a 5x increase in operational speed, $150M+ increase in valuation, and $100M+ increase in assets under management.
Taking it a step further, karpatkey executes transactions on behalf of these organizations using Zodiac Pilot, a user-friendly application that overlays a novel wallet-dapp interface on top of the dapp. Through Pilot, authorized addresses through Roles can create, simulate, and execute multi-send batch transactions on behalf of an onchain entity for gas savings and easy signing. The whole process occurs directly within the dapp's interface, with no additional developer lift from the dapps they interact with.
Pilot and its underlying Zodiac modules for the Safe have been instrumental in karpatkey's success. The improved operational efficiency and security it affords has already enabled us to take on more than $100M in additional AUM."
—Marcelo Ruiz de Olano, karpatkey CEO
VISION CREATION NEWSUN
These examples offer just a glimpse into the power of Zodiac Roles Modifier. By enabling flexible and modifiable transactional frameworks that work dynamically across systems, Roles has the potential to inspire patterns and ideas yet to be imagined, encouraging onchain entities to adapt and evolve over time, becoming both situated and alive. While its current use cases are rooted in finance, Roles opens up space for play, for experimentation, for more novel ways of interacting with our decentralized systems: A Neon Gospel Origin Story, where intuition and emergence lead to wild visions and daydreams within a wider rhizomatic network context.
Zodiac Roles Modifier, then, is a module not only for role-based access control and permission management, but also for envisioning, creating, and better comprehending our complex decentralized systems. In addition to enabling how onchain entities can move in a world of systems, Roles shows us (and literally codes) how we ourselves can move through these systems. And by combining an interoperable tool like Roles with other convivial software, the usability, functionality, and flexibility of our decentralized systems can herald exciting new patterns, resulting in more secure, composable, and resilient infrastructure on which to build our cultures.
To get started with Zodiac Roles Modifier, visit the Roles website and developer repo.
To learn more about and participate in the Zodiac ecosystem, follow @gnosisguild and join the Gnosis Guild Discord.
Security: The Roles audit has been performed by the G0 group and Omniscia. The audit reports are available as PDFs in this repo.
Legal disclaimer: This post and the tutorial is for informational purposes only. It may contain errors. It is not a risk assessment, nor investment advice. We take no liability for any losses arising in connection with the information provided or any other action related thereto.