Skip to main content

OllaGovernance

What is OllaGovernance?

OllaGovernance is the governance contract for the Olla protocol. It inherits OpenZeppelin's TimelockControllerUpgradeable, meaning all governance actions must be scheduled, wait for a delay, and then executed. This gives the community time to review proposed changes before they take effect.

OllaGovernance is the owner of OllaCore and OllaVault (via Ownable2Step) and holds DEFAULT_ADMIN_ROLE on all satellite contracts (WithdrawalQueue, RewardsAccumulator, StakingManager, StakingProviderRegistry, SafetyModule).

Key responsibilities:

  • Time-delaying all parameter changes and upgrades.
  • Providing passthrough setters that forward configuration to OllaCore, OllaVault, and SafetyModule.
  • Managing the treasury address.
  • Handling governance transfer (two-step: propose then accept).
  • Emergency pause/unpause without timelock delay.

OllaGovernance is upgradeable via UUPS proxy (self-authorized).

Timelock flow

All governance actions (except emergency pause) follow this pattern:

  1. Governance admin schedules the action with the timelock.
  2. The timelock delays execution for the configured duration.
  3. Governance admin executes the action after the delay.

The governance admin wallet holds the proposer, executor, and canceller roles on the timelock.

Governance transfer

Governance transfer is a two-step process to prevent accidental transfers:

  1. Current governance schedules proposeGovernance(newGov) through the timelock.
  2. New governance calls acceptGovernance() (direct call, not timelocked).
  3. On acceptance, timelock roles and DEFAULT_ADMIN_ROLE on all satellites are atomically transferred.

See Governance Actions for detailed sequence diagrams.

Methods

Emergency

Callable directly by the governance admin, not timelocked, for rapid incident response.

emergencyPauseAll()

Pause both OllaCore and OllaVault in a single transaction.

function emergencyPauseAll() external

emergencyUnpauseAll()

Unpause both OllaCore and OllaVault.

function emergencyUnpauseAll() external

Timelocked parameter setters

All forwarded to the target contract after timelock delay.

setProtocolFeeBP()

Set the protocol fee on rewards (0–50%). Forwarded to OllaCore.

function setProtocolFeeBP(uint256 newFeeBP) external

setTreasuryFeeSplitBP()

Set the treasury share of protocol fee (10–90%). Forwarded to OllaCore.

function setTreasuryFeeSplitBP(uint256 newSplitBP) external

setTargetBufferedAssets()

Set the target buffer size. Forwarded to OllaCore.

function setTargetBufferedAssets(uint256 newBuffer) external

setRebalanceCooldown()

Set the cooldown between rebalance cycles. Forwarded to OllaCore.

function setRebalanceCooldown(uint256 cooldown_) external

setInstantRedemptionFeeBP()

Set the fee on instant redemptions (0–20%). Forwarded to OllaVault.

function setInstantRedemptionFeeBP(uint256 newFeeBP) external

setDepositCap()

Set the maximum total deposits. Forwarded to SafetyModule.

function setDepositCap(uint256 cap) external

setMinRateDropBps()

Set the rate drop circuit breaker threshold. Forwarded to SafetyModule.

function setMinRateDropBps(uint256 bps) external

setMaxQueueRatioBps()

Set the queue ratio circuit breaker threshold. Forwarded to SafetyModule.

function setMaxQueueRatioBps(uint256 bps) external

setMaxAccountingDelay()

Set the accounting staleness circuit breaker. Forwarded to SafetyModule.

function setMaxAccountingDelay(uint256 delay) external

setTreasury()

Set the protocol treasury address.

function setTreasury(address newTreasury) external

Upgrades

Timelocked.

upgradeCore()

Upgrade OllaCore to a new implementation.

function upgradeCore(address newImplementation) external

upgradeSatellite()

Upgrade a satellite contract (WQ, RA, SM, SPR).

function upgradeSatellite(address proxy, address newImplementation) external

Governance transfer

proposeGovernance()

Propose a new governance admin. Timelocked.

function proposeGovernance(address newGovernance) external

acceptGovernance()

Accept a pending governance transfer. Permissionless, must be the proposed address.

function acceptGovernance() external

cancelGovernanceProposal()

Cancel a pending governance transfer. Timelocked.

function cancelGovernanceProposal() external

View methods

core()

Returns the OllaCore contract address.

function core() external view returns (address)

treasury()

Returns the treasury address.

function treasury() external view returns (address)

pendingGovernance()

Returns the pending governance address for two-step transfer.

function pendingGovernance() external view returns (address)

Events

event GovernanceTransferProposed(address indexed proposer, address indexed newGovernance)

New governance address proposed.

event GovernanceTransferAccepted(address indexed oldGovernance, address indexed newGovernance)

Governance transfer completed.

event GovernanceTransferCancelled(address indexed pendingGovernance)

Pending governance transfer cancelled.

event TreasuryUpdated(address indexed oldTreasury, address indexed newTreasury)

Treasury address changed.

event EmergencyPauseAll()
event EmergencyUnpauseAll()
event CoreSet(address indexed core)
event AdminRolePropagationFailed(address indexed satellite, address indexed account, bool indexed isGrant)

Emergency and setup events.