[BIP XXX] Permissions Update Request #8

kpk · December 11, 2025, 3:23pm

PR with payloads

github.com/BalancerMaxis/multisig-ops

Permissions Update Request #8

main ← taravellokpk:PUR8

opened 10:26AM - 11 Dec 25 UTC

taravellokpk

+9201 -0

Add **Permissions Update Request #8** JSONs for Mainnet, Arbitrum and Gnosis Cha…in. Tenderly simulations below: [Ethereum](https://dashboard.tenderly.co/public/safe/safe-apps/simulator/6d4bfc58-6d33-4789-8ab2-b41c838fde30) [Arbitrum ](https://dashboard.tenderly.co/public/safe/safe-apps/simulator/5e4f8037-b376-4947-a225-545e5a771ae4) [Gnosis Chain](https://dashboard.tenderly.co/public/safe/safe-apps/simulator/aecaecc7-2bf0-4eef-a801-c316a787ba17)

Abstract

This proposal requests BalancerDAO’s approval for updates and new actions to the permissions policy governing the kpk-managed treasuries on Ethereum Mainnet, Arbitrum, and Gnosis Chain.

The proposed changes expand the existing permissions to include new strategies, protocols, swaps, and bridging routes, while removing obsolete or deprecated contracts and interactions. They also streamline kpk’s fee-collection process and revoke the delegation’s permissions from the Zodiac Roles Modifier, as outlined in BIP-890 .

The additional permissions focus on strategies that aim to increase the treasury’s risk-adjusted yield without introducing material new risk vectors to the current allocation. These include allocations to Aave Umbrella, Ethena, Spark, Resolv, new markets on Compound as well as kpk-curated vaults on Morpho and curated markets on Gearbox, among others.

Motivation

Treasury management must evolve in line with market conditions and protocol developments, including migrations, new pool launches, and improved access to financial instruments. Protocols and pools previously assessed as too immature or risky for BalancerDAO may become viable over time as they demonstrate reliability, liquidity, and operational robustness.

The proposed additions will allow kpk to implement advanced investment strategies such as delta-neutral stablecoin exposure, curated vaults, and the upgraded version of the Aave safety module, while deprecating outdated or higher-risk contracts.

Changes to the Permissions Policy

This proposal outlines the following modifications to the permissions policy:

Ethereum Mainnet:

Aave Umbrella: deposit and withdraw USDC, USDT, WETH, GHO
Compound markets: deposit and withdraw ETH, USDT, USDS
Ethena: stake, unstake and withdrawal of USDE/sUSDE
Spark:
- Savings: deposit and withdraw of USDC, USDT
- Markets: deposit and withdraw of USDT, USDC
Morpho: deposit and withdraw - kpk EURC, kpk USDC, kpkETH
Gearbox: deposit and withdraw of wstETH, ETH
Balancer v2: unwinding permissions for USDC/WETH, BAL/WETH, 80BAL/20WETH
Gyroscope: GYD and sGYD removal
Merkl rewards claim: GHO and stGHO
Swaps (Cow Swap):
- COW, SYRUP <> USDC, ETH, WETH
- aETHBAL, aBAL, anyBAL, ETH, WETH <> aETHBAL, aBAL, anyBAL, ETH, WETH
- USR, stUSR, wstUSR, USDE, sUSDE, stUSD, USDA, DAI, USDT, USDC<> USR, stUSR, wstUSR, USDE, sUSDE, stUSD, USDA, DAI, USDT, USDC
- EURC, AaveEURC, EURA, stEUR <> EURC, AaveEURC, EURA, stEUR
Bridge:
- Omnibridge:
  - Update and addition of the following bridging routes from Mainnet to Gnosis Chain: USDC, USDT, WBTC, WETH, USDS
Roles:
- Removal of stkAAVE’s delegation permissions
- Allowance for transferring max. 100k USDC/quarter to kpk treasury for fee payment

Gnosis Chain:

Bridge:
- Omnibridge:
  - Update and addition of bridging routes from Gnosis Chain to Mainnet (same as above)
Stakewise: removal of SeedNode vault (deprecated)

Arbitrum:

Morpho: deposit and withdrawal into - kpk - USDC Yield
Balancer v2: withdrawal permissions for Balancer BAL - axBAL
Swaps (Cow Swap):
- COW, ARB <> USDC/ETH/WETH/ sUSDE/USDE
- USDC, USDT, USDE, sUSDE <> USDC, USDT, USDE, sUSDE
- WETH, wstETH, ETH <> WETH, wstETH, ETH
- ARB <> USDC, ETH, WETH

Zodiac Roles Modifier Permissions Policy

Permissions page

Ethereum: link here

Gnosis Chain: link here

Arbitrum: link here

Permissions diff page