Curate

Roles & permissions

Who can change what after launch. The short version: you manage the underlying vault, you choose who manages the premium, and we manage protocol-wide fees.

Three things you control as the curator

After launch, you have authority over:

Everything on the underlying Morpho vault. Caps, adapters, allocators, sentinels, emergency actions, rebalancing. This is the entirety of the Morpho curator dashboard, the same surface you'd have on a non-wrapped vault.
The senior-to-junior premium rate, only if you kept the lever at deploy. If you handed it to the protocol, the protocol will hand ownership back if you request it.
The deposit pause, with the premium lever. Pausing only blocks new deposits; withdrawals always remain open.

You're not gated on any of these. You move when you decide to move.

Three things the LayerCover protocol controls

The performance fee rate. Default 5% of profits, capped at 20%. Only charged on positive yield, never on losses.
Where the performance fee goes. Default: the LayerCover Safe.

We don't have authority over:

Your Morpho vault's caps, adapters, allocations, sentinels, or any operational lever.
The premium rate, unless you handed it to us at deploy.
Your lenders' deposits, withdrawals, or notice timing. Nobody can confiscate or freeze user funds.

Things that are permanent

A few decisions at deploy time can never be reversed:

The Morpho vault that this wrapper is bound to. You can't repoint a live wrapper at a different Morpho vault. If you ever need to switch, you launch a new wrapper.
The protective gate between Morpho and the wrapper. Welded on at deploy, with the controls disabled. This is what gives lenders confidence that the wrapper can't be swapped out from under them.
The wrapper's senior and junior receipt tokens. Same address forever, even if you transfer ownership.

Everything else (premium rate, fee, fee recipient, who holds which role) can change over time.

Recommended setup for production

What	Address you should use
Curator (day-to-day vault management)	A Safe multisig you control
Premium lever (if you keep it)	The same Safe, or a timelock contract owned by that Safe if you want a built-in delay
Premium lever (if you hand it over)	The LayerCover protocol Safe (we set this automatically)
Performance fee recipient	The LayerCover protocol Safe (default)

The curator app shows a one-time acknowledgement banner the first time you sign in. It reminds you that you're operating from a Safe. Confirm it before you sign your first deploy.

What to do if a key is lost or compromised

Curator key compromised. Pause deposits on the underlying vault from a sentinel address, transfer ownership to a fresh Safe, then resume.
Premium-lever key compromised. Premium can be set as high as 100% / yr by a malicious holder, which would heavily favour junior over senior. Mitigation: use a Safe with multiple signers, or put a timelock in front of the lever so there's a notice window for any change.
Lenders concerned about a single point of failure. Curators should run all critical roles from multisigs. If your strategy targets risk-averse senior lenders, this matters.