# SymbioticVerifier ### Overview `SymbioticVerifier` is a custom `ICustomVerifier` implementation used to authorize interactions with the Symbiotic protocol. It restricts access to `deposit`, `withdraw`, `claim`, and `claimRewards` calls across Symbiotic vaults and farm contracts. All permissions are tightly scoped using role-based access control via `MellowACL`. This verifier ensures that only allowed addresses (typically curators) can perform specific actions within the Symbiotic ecosystem. ### Purpose The verifier ensures that: * Only whitelisted vaults can act on behalf of themselves in Symbiotic vaults and farms * All interactions are strictly validated against exact calldata to prevent misuse or encoding variation * Only allowed selectors and targets can be used ### Role Definitions | Role Constant | Description | | ---------------------- | ------------------------------------------------------------------------------------------------------ | | `CALLER_ROLE` | Who is allowed to initiate Symbiotic operations (typically curators) | | `MELLOW_VAULT_ROLE` | Addresses that are allowed to be the recipient of deposits, withdrawals, or claims (usually Subvaults) | | `SYMBIOTIC_VAULT_ROLE` | Contracts that are approved as Symbiotic vault | | `SYMBIOTIC_FARM_ROLE` | Contracts that are approved as Symbiotic farm | ### Constructor ```solidity constructor(address vaultFactory_, address farmFactory_, string memory name_, uint256 version_) ``` ### `verifyCall` ```solidity function verifyCall( address who, address where, uint256 value, bytes calldata callData, bytes calldata /* verificationData */ ) public view returns (bool) ``` ### High-Level Behavior * Verifies caller (`who`) has `CALLER_ROLE` * Matches target contract (`where`) with either a Symbiotic vault or farm * Validates exact function selector and arguments using full `keccak256(callData)` hash * Rejects any calls with non-zero ETH value ### Supported Calls | Target Type | Function | Signature | Additional Checks | | --------------- | -------------------------------------- | ----------------------------------------------- | --------------------------------------------------------- | | Symbiotic Vault | `deposit(onBehalfOf, amount)` | `ISymbioticVault.deposit.selector` | `onBehalfOf` must have `MELLOW_VAULT_ROLE`, `amount > 0` | | Symbiotic Vault | `withdraw(claimer, amount)` | `ISymbioticVault.withdraw.selector` | `claimer` must have `MELLOW_VAULT_ROLE`, `amount > 0` | | Symbiotic Vault | `claim(recipient, epoch)` | `ISymbioticVault.claim.selector` | `recipient` must have `MELLOW_VAULT_ROLE` | | Symbiotic Farm | `claimRewards(recipient, token, data)` | `ISymbioticStakerRewards.claimRewards.selector` | `recipient` must have `MELLOW_VAULT_ROLE`, `token != 0x0` | * For all calls, the calldata must exactly match the selector and parameters * All other selectors or targets are denied ### Security Properties * **Strict call gating**: Only explicitly allowed selectors, targets, and roles pass * **Calldata hash check**: Enforces strict encoding to avoid alternate ABI variants or garbage data * **Zero-value enforcement**: Prevents accidental ETH transfers * **Factory pattern compatibility**: Target contracts can be validated indirectly via registries --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://metavaults.mellow.finance/architecture/permissions/protocols/symbioticverifier.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.