Governance

The hBTC protocol employs a role-based governance model with clearly scoped permissions to separate strategic control, operational execution, and risk oversight.

Roles

Owner

The Owner is the highest authority within the protocol and is responsible for assigning and managing all other roles. The Owner has the ability to modify critical protocol settings, subject to timelock constraints.

Admin

The Admin role manages day-to-day protocol configuration within predefined limits. It functions as an execution role rather than a strategic authority and is restricted to applying non-security-critical parameter updates.

Guardian

A Guardian role provides emergency risk controls, enabling protective actions such as pausing protocol functionality.

Operator

Operators are specialized operational roles who execute predefined functions within strict boundaries.

• Trader: Executes strategy-related transactions (e.g., borrow, stake, swap)

• Manager: Manages funding of withdrawal claims

• Rewarder: Performs reward logging accounting updates

• Fee Setter: Can set custom exit fee

Settings

Protocol

Defines the set of core protocol smart contracts with the ability to invoke internal contracts, move assets within the system, and execute approved external contract calls.

Assets

Specifies the assets that protocol smart contracts are authorized to custody, transfer, and deploy as part of strategy execution.

Externals

Defines the external smart contracts that the system is permitted to interact with, including money markets, yield protocols, and swap interfaces.

Timelock

All critical protocol changes—including role assignments and security-sensitive parameter updates—are subject to a governance timelock.

The current timelock period is 72 hours.

Emergency Control

In case of a owner compromise (worst case scenario) the emergency mechanism freezes the protocol and allows for the safe withdrawal of assets.