Management Model

Dephi's permission model ensures users maintain full sovereignty over their assets while enabling efficient protocol operation.

Role Hierarchy

Three distinct roles with clearly separated permissions. Users always have ultimate control over their positions.

User

Manager

Admin

User

  • Select and change manager
  • Set risk tier preference
  • Enable/disable Guardian 2FA
  • Withdraw at any time
  • Emergency exit option

Manager

  • Rebalance positions within bounds
  • Execute approved strategies
  • Respond to market conditions
  • Cannot access user funds directly
  • Cannot withdraw for users

Admin

  • Adjust protocol fees (capped)
  • Collect accrued fees
  • Cannot access user deposits
  • Cannot upgrade contracts
  • Cannot pause withdrawals

User Sovereignty

Users are never locked in. All control remains with the position owner.

Manager Selection

Choose which strategy manager handles your position. You can change managers at any time without penalty.

Risk Tier Control

Adjust your risk preference (Conservative, Optimal, Aggressive) whenever you want. Changes take effect immediately.

Exit Rights

Withdraw your funds at any time. No lock-ups, no vesting periods, no admin approval required.

Guardian Control

Enable, disable, or change your Guardian 2FA settings. Requires current guardian signature to change.

Manager Boundaries

Managers operate within strict boundaries enforced by smart contracts.

Error-bounded actions

Each action has limits preventing cascading failures. Max 5% of position per rebalance.

Approved protocols only

Managers can only interact with whitelisted protocols (Spark, Aave, Curve, etc.)

No direct asset access

Managers route funds through contracts, never hold user assets directly.

Transparent execution

All manager actions are recorded on-chain with full audit trail.

Reversible decisions

Users can override manager decisions by withdrawing or changing managers.

Admin Limitations

Admin permissions are intentionally minimal. This is by design.

Cannot Touch Assets

No function exists for admin to withdraw or transfer user funds.

Cannot Upgrade

Contracts are immutable. No proxy patterns, no upgrade paths.

Cannot Pause

No emergency pause. Users can always withdraw their funds.

Can Collect Fees

Only permission: collect accrued protocol fees from yield.

User Control Functions

// Change manager preference
function setManager(uint256 tokenId, address manager) external;

// Update risk tier
function setRiskTier(uint256 tokenId, uint8 newTier) external;

// Enable Guardian 2FA
function setGuardian(
    uint256 tokenId,
    address guardian,
    bytes calldata currentGuardianSig  // Required if changing
) external;

// Disable Guardian 2FA
function removeGuardian(
    uint256 tokenId,
    bytes calldata guardianSig
) external;
← Withdrawal FlowAI Analytics →