# OpSec

This page explains how Lince's on-chain access control is designed to protect user funds and what each role can and cannot do.

Lince has four roles with different permissions within the program for different purposes, aligned with the protocol's operational needs and security requirements.

| Role         | Upgrade Program | Can add assets to strategies funds? | Can modify strategy? | Can pause?        | Setup                       |
| ------------ | --------------- | ----------------------------------- | -------------------- | ----------------- | --------------------------- |
| Upgrader     | ✅               | ❌                                   | ❌                    | ❌                 | 3/6 multisig + 12h timelock |
| Admin        | ❌               | ✅                                   | ✅                    | Pause and unpause | 3/6 multisig + 12h timelock |
| PoolsManager | ❌               | ❌                                   | ✅                    | ❌                 | 2/5 multisig                |
| Pauser       | ❌               | ❌                                   | ❌                    | Only pause        | 4 cold wallets              |

*\* The Lince manager can ONLY operate with assets within the contract with limitations; it can not move funds out of the program.*

#### Upgrade Multisig

The upgrade multisig can:

* `upgrade-program` — upgrade the smart contract.

Setup:

4/6 multisig with 12h timelock. Cold wallets.

[https://app.squads.so/squads/AQiRFiqsPS6FKbhnEzAF83oX3mDFT9FQNqjMVz3cX1Mx](https://app.squads.so/squads/AQiRFiqsPS6FKbhnEzAF83oX3mDFT9FQNqjMVz3cX1Mx/home)

#### Admin Multisig

The admin multisig can:

* `update-configuration` — set fees and assign roles
* `pause` - `true` or `false` — pause the program and enable it when it's paused. `set-pause` - `true` can also be executed by "Pauser Role", but `set-pause` - `false` is only enabled with this admin multisig.

Setup:

3/5 multisig with 1h timelock. Cold wallets.

[https://app.squads.so/squads/HPP34a4qVEv2EYybFcKDqdes5GYBTFDBxygUixmjPQAv](https://app.squads.so/squads/HPP34a4qVEv2EYybFcKDqdes5GYBTFDBxygUixmjPQAv/home)

#### PoolsManager Multisig

The PoolsManager multisig can:

* `add-asset` — add a new asset to the protocol
* `edit-asset` — modify an asset within the protocol `isActive`, `pythAcc`, etc.

Setup:

3/5 multisig. Cold wallets.

[https://app.squads.so/squads/44qfRTL9vXmKmtaNpYkC5CYkedaDphs6aKq6rdzycGag/](https://app.squads.so/squads/44qfRTL9vXmKmtaNpYkC5CYkedaDphs6aKq6rdzycGag/home)

#### Pauser Role

The Pauser Role can:

* `pause` - `true` (emergency ix) — pause the program in case of an emergency. `set-pause` - `false` can ONLY be executed by "Admin Multisig".

Setup:

4 cold wallets has pauser role.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.lince.finance/resources/opsec.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.