smom-dbis-138/docs/deployment/ADMIN_ADDRESS_OPTIONS.md

# Admin Address Options

**Date**: 2025-12-11
**Status**: Updated - Defender No Longer Available

---

## ⚠️ Important Update

**OpenZeppelin Defender is no longer offered**. The deployment scripts have been updated to use direct admin addresses instead.

---

## 🔐 Admin Address Options

### Option 1: Multisig Wallet (Recommended)

**Best for**: Production deployments requiring multiple approvals

**Options**:
- **Gnosis Safe**: https://gnosis-safe.io/
  - Most popular multisig solution
  - Supports multiple chains
  - Web interface for managing transactions
  - Configurable threshold (e.g., 2-of-3, 3-of-5)

- **Safe (formerly Gnosis Safe)**: https://safe.global/
  - Updated branding, same functionality
  - Enhanced security features
  - Mobile app support

**Setup**:
1. Create a Safe wallet on Ethereum Mainnet
2. Add signers (e.g., 3-5 trusted addresses)
3. Set threshold (e.g., 2-of-3)
4. Copy the Safe address
5. Set in `.env`:
   ```bash
   TETHER_ADMIN=<safe_wallet_address>
   MIRROR_ADMIN=<safe_wallet_address>  # Can be same or different
   ```

**Benefits**:
- ✅ Multiple approvals required
- ✅ Enhanced security
- ✅ Audit trail
- ✅ Recovery options
- ✅ No single point of failure

---

### Option 2: EOA (Externally Owned Account)

**Best for**: Development, testing, or simple deployments

**Setup**:
1. Use a secure wallet (hardware wallet recommended)
2. Copy the address
3. Set in `.env`:
   ```bash
   TETHER_ADMIN=<wallet_address>
   MIRROR_ADMIN=<wallet_address>
   ```

**Security Considerations**:
- ⚠️ Single point of failure
- ⚠️ Private key must be secured
- ⚠️ Consider using hardware wallet
- ⚠️ Not recommended for production

---

### Option 3: Custom Access Control Contract

**Best for**: Complex permission requirements

You can deploy a custom access control contract that implements:
- Role-based access control
- Timelock delays
- Multi-signature requirements
- Custom permission logic

**Example**: Deploy OpenZeppelin's `AccessControl` or `AccessManager` and set it as admin.

---

## 📋 Current Implementation

### Deployment Scripts

Both deployment scripts now use:
- `TETHER_ADMIN` for MainnetTether
- `MIRROR_ADMIN` for TransactionMirror

```solidity
address admin = vm.envAddress("TETHER_ADMIN");
require(admin != address(0), "TETHER_ADMIN not set in .env");
```

### Contract Pattern

Contracts use simple admin pattern (similar to OpenZeppelin's `Ownable`):
- Single `admin` address
- `onlyAdmin` modifier for protected functions
- `setAdmin()` function to transfer admin (requires current admin)

---

## 🚀 Deployment Steps

### 1. Choose Admin Address Type

**Recommended**: Gnosis Safe (multisig)

### 2. Set Up Admin Address

**For Multisig (Gnosis Safe)**:
1. Go to https://safe.global/
2. Create a new Safe on Ethereum Mainnet
3. Add signers (minimum 2, recommended 3-5)
4. Set threshold (e.g., 2-of-3)
5. Complete setup and copy Safe address

**For EOA**:
1. Use secure wallet (hardware wallet recommended)
2. Copy wallet address

### 3. Update .env File

```bash
# Admin addresses (multisig recommended)
TETHER_ADMIN=0x...  # Your admin address (Safe or EOA)
MIRROR_ADMIN=0x...  # Can be same as TETHER_ADMIN or different

# Other required variables
PRIVATE_KEY=0x...  # Deployer private key
ETH_MAINNET_RPC_URL=https://eth-mainnet.g.alchemy.com/v2/YOUR_API_KEY
ETHERSCAN_API_KEY=...
```

### 4. Deploy Contracts

```bash
# Deploy MainnetTether
forge script script/DeployMainnetTether.s.sol \
  --rpc-url $ETH_MAINNET_RPC_URL \
  --private-key $PRIVATE_KEY \
  --broadcast \
  --verify \
  -vvvv

# Deploy TransactionMirror
forge script script/DeployTransactionMirror.s.sol \
  --rpc-url $ETH_MAINNET_RPC_URL \
  --private-key $PRIVATE_KEY \
  --broadcast \
  --verify \
  --via-ir \
  -vvvv
```

---

## 🔒 Security Best Practices

### For Production

1. **Use Multisig**: Always use Gnosis Safe or similar for production
2. **Multiple Signers**: Use 3-5 signers with 2-of-3 or 3-of-5 threshold
3. **Hardware Wallets**: Use hardware wallets for signers
4. **Separate Admin Addresses**: Consider different admin addresses for different contracts
5. **Regular Reviews**: Periodically review admin addresses and permissions

### For Development/Testing

1. **Testnet First**: Deploy to testnet first
2. **Secure Storage**: Keep private keys secure
3. **Hardware Wallet**: Use hardware wallet even for testing
4. **Documentation**: Document admin addresses and recovery procedures

---

## 📝 Post-Deployment

### Verify Admin Address

After deployment, verify the admin address:

```bash
# Check MainnetTether admin
cast call <MAINNET_TETHER_ADDRESS> "admin()" --rpc-url $ETH_MAINNET_RPC_URL

# Check TransactionMirror admin
cast call <TRANSACTION_MIRROR_ADDRESS> "admin()" --rpc-url $ETH_MAINNET_RPC_URL
```

### Transfer Admin (If Needed)

If you need to transfer admin to a different address:

```bash
# Transfer MainnetTether admin
cast send <MAINNET_TETHER_ADDRESS> \
  "setAdmin(address)" \
  <NEW_ADMIN_ADDRESS> \
  --rpc-url $ETH_MAINNET_RPC_URL \
  --private-key $CURRENT_ADMIN_PRIVATE_KEY

# Transfer TransactionMirror admin
cast send <TRANSACTION_MIRROR_ADDRESS> \
  "setAdmin(address)" \
  <NEW_ADMIN_ADDRESS> \
  --rpc-url $ETH_MAINNET_RPC_URL \
  --private-key $CURRENT_ADMIN_PRIVATE_KEY
```

**Note**: For multisig, execute this transaction through the Safe interface.

---

## 🔄 Migration from Defender

If you previously used Defender:

1. **Create New Admin Address**: Set up Gnosis Safe or choose EOA
2. **Update .env**: Replace `DEFENDER_ADMIN` with `TETHER_ADMIN`/`MIRROR_ADMIN`
3. **Deploy New Contracts**: Deploy with new admin addresses
4. **Or Transfer Admin**: If contracts already deployed, transfer admin to new address

---

## 📚 References

- [Gnosis Safe Documentation](https://docs.safe.global/)
- [OpenZeppelin Access Control](https://docs.openzeppelin.com/contracts/5.x/access-control)
- [OpenZeppelin Ownable](https://docs.openzeppelin.com/contracts/5.x/access-control#ownership-and-ownable)

---

**Last Updated**: 2025-12-11
**Status**: Updated - Defender Removed