Skip to Content
Example SetupsVault Curator Ops

Vault Curator Ops

Vault curators manage strategies on behalf of depositors. Examples include Morpho vault curators, Lagoon, and Rethink.finance. Curator operations typically involve rebalancing allocations, adjusting risk parameters, and harvesting/swapping rewards.

This setup shows how a curator team can use Zodiac to run day-to-day vault operations with least-privilege permissions and clear separation between execution and governance.

Goal

Enable a curator to:

  • Execute routine rebalances and maintenance from an operator wallet (or bot)
  • Keep sensitive changes (new markets, large parameter changes, fee changes, emergency actions) behind a higher-trust signer set
  • Restrict every action to known contracts, functions, and (where possible) bounded parameters

Useful for

  • Curator teams: Separate “strategy execution” from “governance approvals”.
  • Automated rebalancing: Allow a bot to run within tight rails.
  • Multi-vault operations: Reuse the same policy pattern across multiple vaults/Safes.

Example setup

A curator runs a USDC strategy and wants an operator wallet to rebalance allocations across approved markets, while a committee controls any material configuration changes.

Structure:

  • Vault/Admin Safe: The Safe that owns/controls the strategy contracts (or holds the assets if you’re managing a Safe directly).
  • Operator wallet(s): Hot wallet(s) or automation bot(s) that do routine execution.
  • Committee signers: Higher-trust signers for sensitive configuration changes.

Policies:

  • Policy 1 — Rebalance & maintenance (operators):
    • Allowed targets: only the specific strategy/vault contracts and the underlying protocol contracts they interact with
    • Allowed actions: rebalances, routine position adjustments, claiming rewards
    • Recommended limits: per-call max amounts where applicable; avoid transfers to arbitrary recipients
  • Policy 2 — Governance changes (committee):
    • Allowed targets: the strategy/vault contracts’ admin/config functions
    • Allowed actions: adding/removing markets, changing caps/queues, fee updates, other high-impact parameters

Result: Operators can keep the strategy running smoothly, but they can’t expand scope or change high-impact settings without committee involvement.

Setup steps

1. Import the controlling Safe

Import the Safe that will execute the strategy’s transactions (typically the vault/admin Safe).

2. Create the “Rebalance & maintenance” policy

  1. Navigate to Policies and click Create Policy.
  2. Name the policy (e.g., “Curator Rebalancing”).
  3. Select the Safe(s) it applies to.
  4. Add the operator wallet(s) or bot address(es) as Members.

3. Add scoped actions for routine operations

Add actions that reflect your day-to-day playbook:

  • DeFi templates (when available) for the protocols you use (supply/withdraw, borrow/repay, etc.)
  • Custom actions (recorded via Pilot) for protocol- or vault-specific calls (common for curator systems like MetaMorpho/Lagoon/Rethink)
  • Swap actions if you swap harvested rewards into the strategy asset

Scope the action as tightly as possible:

  • Targets: only the exact contracts your strategy needs
  • Functions: only the specific methods used in your rebalance/maintenance flow
  • Parameters: cap amounts and constrain recipient/receiver fields when the function supports it

4. Create a separate “Governance changes” policy

Create a second policy with a different member set (committee signers), and include only the admin/config calls you want gated.

This makes it harder for routine operator keys to accidentally (or maliciously) expand scope.

5. Apply changes

Click Apply Changes to deploy the policies onchain.

Operators can now run the allowed workflows through Pilot, with simulations before execution. Every transaction is checked onchain by the Roles Modifier against the policy.

Last updated on
Cold Storage, Hot Wallet DeFiFAQ