The question that matters
“What can the Varla team do to my funds?”This page answers that question directly.
No one can access, move, or freeze your collateral. All custody rules are enforced purely by on-chain smart contracts. Admin roles control protocol parameters, not user funds.
What admins can do
Varla uses OpenZeppelin’s AccessManager for role-based access control. Here’s what each role can do:| Role | Capabilities |
|---|---|
| ADMIN | Grant/revoke other roles, configure protocol-wide parameters |
| RISK_MANAGER | Adjust LTV tiers, liquidation config, max positions |
| ORACLE_UPDATER | Push price updates (off-chain service → on-chain oracle) |
| POOL_MANAGER | Set deposit/borrow caps, interest rate strategy |
| GUARDIAN | Emergency position invalidation, early market resolution |
| TREASURY | Receive protocol fees (no fund access) |
What admins cannot do
These are not promises — they are impossible given the contract design.
| Cannot | Why |
|---|---|
| Access user collateral | ERC1155 custody is in VarlaCore; only the depositor can withdraw (if healthy) |
| Freeze withdrawals | No admin function exists to block withdrawals — only health checks |
| Modify debt arbitrarily | Scaled debt is computed from pool index; no admin override |
| Redirect liquidation proceeds | Collateral goes to liquidator, not admin |
| Take lender deposits | Pool shares are ERC4626; admins can only set caps |
Contract immutability
Varla contracts are currently immutable — they are deployed without proxy wrappers.The deployed contracts cannot be changed. This provides strong security guarantees: the code you interact with today is the code that will run forever.
- Proxy admin will be a multisig with timelock
- Upgrades will require multiple signatures + delay period
- This page will be updated accordingly
Oracle trust
The oracle is push-based: an off-chain service pushes prices to the on-chainVarlaOracle.
Trust assumptions (for now):
- You trust the
ORACLE_UPDATERto push accurate prices - On-chain guards mitigate some risks: staleness checks, conservative pricing (min of spot/TWAP), liquidation grace windows
- Multi-reporter oracles (planned)
- Decentralized oracle network (planned)
- On-chain price bounds (planned)
Trust spectrum
| Component | Trust Level | Notes |
|---|---|---|
| Collateral custody | Trustless | Pure on-chain; no admin access |
| Debt accounting | Trustless | Math-based; no admin override |
| Contract code | Immutable | Contracts cannot be upgraded |
| Protocol parameters | Trusted (for now) | Admin-controlled; DAO governance via VRLA token planned |
| Oracle prices | Trusted (for now) | Off-chain updater; decentralized oracle planned |