Governance & Administration
Protocol administration, emergency controls, and launch operations
TL;DR: Protocol parameters are managed by an owner-controlled admin contract (ProtocolConfigurator). Emergency pool pausing is handled by a privileged committee address. Launch claims follow deterministic contract rules instead of governance voting.
Design Philosophy
LayerCover does not use a traditional DAO or token-voting governance model. Instead, the protocol uses a minimalist admin architecture designed for speed, security, and clarity:
- Protocol configuration is controlled by the
ProtocolConfiguratorowner (DAO multisig or timelock) - Emergency response (pausing pools during incidents) is delegated to a privileged committee address
This separation keeps day-to-day operations fast while ensuring launch claims remain rules-based and on-chain.
Architecture
| Component | Role |
|---|---|
| ProtocolConfigurator | Central admin hub - pool management, fees, system parameters |
| Committee | Privileged address for emergency pool pausing during incidents |
| PolicyManager | Entry point for policy lifecycle actions and claim execution |
| RiskManager | Executes incident reports and processes approved claims |
ProtocolConfigurator
The ProtocolConfigurator is the administrative hub of the protocol. It consolidates all configuration functions into a single owner-controlled contract.
What Can the Owner Configure?
| Function | Description |
|---|---|
| Add risk pools | Register new coverable protocols/assets |
| Configure pool parameters | Risk ratings, vault cover, claim fees, and coverage caps |
| Set yield adapters | Register Aave/Compound adapters for capital deployment |
| Configure syndicates | Max allocations, leverage ratios, permissionless creation |
| Set system contracts | Update SystemRegistry with new contract addresses |
| Configure PolicyManager | Cooldown periods, reserve factors, claim lock periods |
| Configure CapitalPool | Backstop buffer, deposit caps, max draw per call |
| Upgrade contracts | UUPS proxy upgrades for PolicyManager and other contracts |
The owner is expected to be a timelock contract or multisig, ensuring all configuration changes have an execution delay for transparency.
Emergency Committee
The committee is a single privileged address (typically a multisig) with limited emergency powers:
- Pause a pool - Blocks new policy purchases when an incident is detected
- Redirect pool fees - Routes fees to a designated recipient during an incident
- Unpause a pool - Restores normal operation after resolution
The committee cannot:
- Change protocol parameters
- Upgrade contracts
- Access or move user funds
- Modify claim logic
Claim Operations For Launch Pools
Launch pools use the same operational pattern:
- The committee can pause new purchases when an incident is confirmed.
- Existing policies remain active and policyholders can still file claims.
RiskManager,PolicyManager, andPayoutManagerenforce eligibility, salvage transfer, and the payout waterfall on-chain.
See Filing Claims for the end-user flow.
COVR Token
The COVR token is the protocol's ERC-20 governance token:
- Fixed supply cap: 1,000,000,000 (1 billion) tokens
- Burnable: Holders can burn tokens
- EIP-2612 Permit: Supports gasless approvals
The token is deployed at genesis and is intended for future protocol governance evolution.