Skip to main content

Vault V2 Allowlist Gate

The Vault V2 Allowlist Gate gives vault operators full control over who can deposit, withdraw, and transfer shares on a Vault V2, enabling permissioned vaults for institutional or compliance use cases.

For example, an institutional vault curator can deploy an allowlist gate with a list of approved wallets. Only those wallets can deposit into the vault or receive shares, and the vault's fee recipients are allowed automatically.

Setup

Vault V2 Allowlist Gates are deployed via the VaultV2AllowlistGateFactory using CREATE2 for deterministic addresses. After deployment, the gate blocks all transfers by default because every permission flag defaults to false, with the sole exception of the vault's own fee recipients (described below).

Setup takes two steps:

  1. Deploy the gate via the factory, passing the owner address.
  2. The owner calls setAllowlist(roles[]) to configure permissions for participating addresses.

The owner can later call renounceOwnership() to make the allowlist permanently immutable.

Gate Logic

Role-Based Permissions

Each allowlisted address has four independent permission flags.

  • canReceiveShares: Whether the address can receive vault shares (for example, via deposit or transfer).
  • canSendShares: Whether the address can send vault shares (for example, via withdraw or transfer).
  • canReceiveAssets: Whether the address can receive underlying assets from the vault.
  • canSendAssets: Whether the address can send underlying assets to the vault.

The gate checks these flags before executing share and asset transfers.

Ownership

The gate uses OpenZeppelin's Ownable2Step for safe two-step ownership transfers.

  • The owner is the only address that can call setAllowlist to update permissions for one or more addresses in a single call.
  • The owner can call renounceOwnership() to permanently lock the allowlist, making it immutable.

Gate Interface

The gate implements four view functions that a V2 vault queries:

  • canReceiveShares(address) → bool
  • canSendShares(address) → bool
  • canReceiveAssets(address) → bool
  • canSendAssets(address) → bool
Fee recipients are auto-allowed

For canReceiveShares, canSendShares, and canReceiveAssets, the gate falls back to the calling vault's managementFeeRecipient() and performanceFeeRecipient() when an account is not on the allowlist, so both fee recipients are allowed by default for these three flags. This keeps fee accrual working, since a V2 vault skips fee minting when the recipient's gate check returns false. canSendAssets has no such exemption.

Use Cases

  • Permissioned vaults for institutional users.
  • Compliance-controlled vaults that restrict participation to KYC-verified addresses.
  • Vaults with restricted transfer capabilities, such as non-transferable shares.