[BIP XXX] Permissions Update Request #8

kpk · December 11, 2025, 3:23pm

PR with payloads

github.com/BalancerMaxis/multisig-ops

Permissions Update Request #8

main ← taravellokpk:PUR8

opened 10:26AM - 11 Dec 25 UTC

taravellokpk

+9201 -0

Add **Permissions Update Request #8** JSONs for Mainnet, Arbitrum and Gnosis Cha…in. Tenderly simulations below: [Ethereum](https://dashboard.tenderly.co/public/safe/safe-apps/simulator/6d4bfc58-6d33-4789-8ab2-b41c838fde30) [Arbitrum ](https://dashboard.tenderly.co/public/safe/safe-apps/simulator/5e4f8037-b376-4947-a225-545e5a771ae4) [Gnosis Chain](https://dashboard.tenderly.co/public/safe/safe-apps/simulator/aecaecc7-2bf0-4eef-a801-c316a787ba17)

Abstract

This proposal requests BalancerDAO’s approval for updates and new actions to the permissions policy governing the kpk-managed treasuries on Ethereum Mainnet, Arbitrum, and Gnosis Chain.

The proposed changes expand the existing permissions to include new strategies, protocols, swaps, and bridging routes, while removing obsolete or deprecated contracts and interactions. They also streamline kpk’s fee-collection process and revoke the delegation’s permissions from the Zodiac Roles Modifier, as outlined in BIP-890 .

The additional permissions focus on strategies that aim to increase the treasury’s risk-adjusted yield without introducing material new risk vectors to the current allocation. These include allocations to Aave Umbrella, Ethena, Spark, Resolv, new markets on Compound as well as kpk-curated vaults on Morpho and curated markets on Gearbox, among others.

Motivation

Treasury management must evolve in line with market conditions and protocol developments, including migrations, new pool launches, and improved access to financial instruments. Protocols and pools previously assessed as too immature or risky for BalancerDAO may become viable over time as they demonstrate reliability, liquidity, and operational robustness.

The proposed additions will allow kpk to implement advanced investment strategies such as delta-neutral stablecoin exposure, curated vaults, and the upgraded version of the Aave safety module, while deprecating outdated or higher-risk contracts.

Changes to the Permissions Policy

This proposal outlines the following modifications to the permissions policy:

Ethereum Mainnet:

Aave Umbrella: deposit and withdraw USDC, USDT, WETH, GHO
Compound markets: deposit and withdraw ETH, USDT, USDS
Ethena: stake, unstake and withdrawal of USDE/sUSDE
Spark:
- Savings: deposit and withdraw of USDC, USDT
- Markets: deposit and withdraw of USDT, USDC
Morpho: deposit and withdraw - kpk EURC, kpk USDC, kpkETH
Gearbox: deposit and withdraw of wstETH, ETH
Balancer v2: unwinding permissions for USDC/WETH, BAL/WETH, 80BAL/20WETH
Gyroscope: GYD and sGYD removal
Merkl rewards claim: GHO and stGHO
Swaps (Cow Swap):
- COW, SYRUP <> USDC, ETH, WETH
- aETHBAL, aBAL, anyBAL, ETH, WETH <> aETHBAL, aBAL, anyBAL, ETH, WETH
- USR, stUSR, wstUSR, USDE, sUSDE, stUSD, USDA, DAI, USDT, USDC<> USR, stUSR, wstUSR, USDE, sUSDE, stUSD, USDA, DAI, USDT, USDC
- EURC, AaveEURC, EURA, stEUR <> EURC, AaveEURC, EURA, stEUR
Bridge:
- Omnibridge:
  - Update and addition of the following bridging routes from Mainnet to Gnosis Chain: USDC, USDT, WBTC, WETH, USDS
Roles:
- Removal of stkAAVE’s delegation permissions
- Allowance for transferring max. 100k USDC/quarter to kpk treasury for fee payment

Gnosis Chain:

Bridge:
- Omnibridge:
  - Update and addition of bridging routes from Gnosis Chain to Mainnet (same as above)
Stakewise: removal of SeedNode vault (deprecated)

Arbitrum:

Morpho: deposit and withdrawal into - kpk - USDC Yield
Balancer v2: withdrawal permissions for Balancer BAL - axBAL
Swaps (Cow Swap):
- COW, ARB <> USDC/ETH/WETH/ sUSDE/USDE
- USDC, USDT, USDE, sUSDE <> USDC, USDT, USDE, sUSDE
- WETH, wstETH, ETH <> WETH, wstETH, ETH
- ARB <> USDC, ETH, WETH

Zodiac Roles Modifier Permissions Policy

Permissions page

Ethereum: link here

Gnosis Chain: link here

Arbitrum: link here

Permissions diff page

Ethereum: link here

Gnosis Chain: link here

Arbitrum: link here

gosuto · January 12, 2026, 1:43pm

Gnosis

TX 1-7: Remove Deprecated StakeWise SEEDnode Vault

revokeTarget: stakewise seednode vault

revokeFunction: deposit, update, mint, burn, queue, claim

lgtm

TX 9-11, 18-19: Omnibridge Routes

USDC/USDT/WETH/WBTC.transferAndCall(_to: HomeOmnibridge, _data: AVATAR)

lgtm

TX 12: Change Approvals of GNO

GNO.approve(Genesis/Axol/Serenita/NEDO/Stakecat/Stakesaurus, *)

Note: roles ui is showing all of these vaults are being revoked a lot of calls (eg burnOsToken, updateState, etc). I dont see those revokes being present in the proposed payload (https://github.com/taravellokpk/multisig-ops/blob/03457c49fb6bdb28f29934acf6cf19c48705b03c/BIPs/2025-W51/balancer-pur8-gno.json)

eg left column here in this screenshot:

what am i missing, how are those permissions being revoked if there is no mention of them in the payload?

same goes for these approvals disappearing which is not in line with what i am seeing in the payload (tx 12 explicitly keeps them?)

bug in ui? iiuc, the intention is simply to remove the GNO.approve(seednode, *) permission

TX 8, 13-17: Enable Use of USDC Transmuter

USDC/USDCe.approve(USDCTransmuter, *)

USDCTransmuter.deposit(*)/withdraw(*)

Note1: not mentioned in your forum post

Note2: i interpret the roles ui here to show a replacement of the GPv2VaultRelayer address with the USDCTransmuter address. but as far as i understand, the transmuter here is being added (ie besides the permission to approve * to the vault relayer). Bug in the roles ui?

imo the ui should show a blue table on the right side with _to 0x0392... OR _to 0xc92e...

scopeFunction args from the payload:

{
    "roleKey": "0x4d414e4147455200000000000000000000000000000000000000000000000000",
    "targetAddress": "0xDDAfbb505ad214D7b80b1f830fcCc89B60fb7A83",
    "selector": "0x095ea7b3",
    "conditions": "[
        [\"0\",\"5\",\"5\",\"0x\"],
        [\"0\",\"0\",\"2\",\"0x\"],
        [\"1\",\"1\",\"16\",\"0x0000000000000000000000000392a2f5ac47388945d8c84212469f545fae52b2\"],
        [\"1\",\"1\",\"16\",\"0x000000000000000000000000c92e8bdf79f0507f65a392b0ab4667716bfe0110\"]
    ]",
    "options": "0"
}

TX 20-21: Enable Use of USDS

USDSDepositContract.relayTokens(*)

Solidity source code:

function relayTokens(address recipient) external payable {
    IHomeBridgeErcToNative(xDAIBridge).relayTokens{value: msg.value}(recipient);
}

Note: is there a reason this is unconstrained? Looks like this gives the module a blank check to bridge xdai to any address? Why not limit recipient to AVATAR only?

TX 22: KPK Kit Metadata

Log some stuff via erc3722 poster contract (ERC-3722: Poster).

FYI this contract is not verified on gnosisscan (i did get a partial verification via blockscout)

Topic		Replies	Views
[BIP-748] Permissions Policy Update Request #5 (ETH Mainnet) Karpatkey Updates	7	209	December 18, 2024
[BIP-732] Permissions Policy Update Request #6 (Gnosis Chain) Karpatkey Updates	4	153	November 6, 2024
[BIP-885] Permissions Update Request #7 Karpatkey Updates	4	178	October 31, 2025
[BIP-473] Permissions Preset Update Request #2 (Revised version of BIP-442) Karpatkey Updates	11	1875	November 15, 2023
[BIP-667] Roles V2 Migration & New Treasury Permissions Karpatkey Updates	6	667	August 7, 2024