Skip to content

Roles

Introduction

The M0 Protocol operates through a carefully designed system of actors, each with distinct roles and responsibilities crucial for the protocol's operation, security, and decentralized governance. Understanding these roles is key to understanding how $M is created, secured, utilized, and how the protocol evolves.

The protocol's core functionality is implemented in several key smart contracts that these roles interact with:

  • MToken: The ERC20-compliant token contract for $M, which includes the unique earning capabilities.
  • MinterGateway: The interface for minting and burning $M, managing Minter collateral, and tracking debt obligations.
  • TTGRegistrar: The central configuration store managed by Two-Token Governance (TTG), holding approved addresses for roles and key protocol parameters.

Below is a high-level overview of the primary roles within the M0 ecosystem, categorized by their main area of interaction.

Overview of Key Protocol Roles

The M0 ecosystem comprises several key actors, each playing a vital part:

1. $M token Supply & Security:
  • Minters:
    • Description: Minters are permissioned institutions responsible for creating (minting) new $M tokens. They are the primary on/off-ramp for $M to and from fiat.
    • Function: They provide eligible off-chain collateral (such as U.S. backed reserves held in Special Purpose Vehicles) and register its value on-chain via the MinterGateway. Based on this collateral and governance-set ratios, they can mint $M. They also pay interest on their minted $M, which forms the basis for the yield distributed to Earners and the protocol.
  • Validators:
    • Description: Validators are independent, trusted entities acting as a crucial security and verification layer for the protocol.
    • Function: Their primary role is to verify the off-chain collateral reported by Minters, ensuring that all $M remains fully and transparently backed. They provide cryptographic attestations (signatures) for Minters' collateral updates to the MinterGateway. Validators also possess emergency powers, such as freezing a Minter or canceling a suspicious mint proposal, to safeguard protocol integrity.
2. $M token Usage & Yield:

To earn yield from, a user has to get the earner status. Below is an overview of the Earner status:

  • Description: Earners are addresses (users, smart contracts, or M0 Extensions) that have been approved by M0 Governance (or delegated admins for certain extensions like $wM) to accrue yield on their $M token balances.
  • Function: Once approved and activated via MToken.startEarning(), their $M balance (or the balance of an M0-powered extension they hold) automatically increases over time due to continuous compounding, based on the prevailing earner rate. This mechanism allows $M to function as a yield-bearing stablecoin for authorized participants.
3. Protocol Governance:
  • Power token (POWER) Holders:
    • Description: POWER Holders are the primary participants in the operational governance of the M0 Protocol.
    • Function: POWER tokens are used to vote on proposals in the StandardGovernor (e.g., approving Minters, Validators, Earners; setting operational parameters like interest rates or collateral ratios) and the EmergencyGovernor (for urgent protocol adjustments). Active and complete participation in StandardGovernor voting is incentivized through POWER token inflation and ZERO token rewards.
  • Zero token (ZERO) Holders:
    • Description: ZERO Holders possess meta-governance authority, effectively acting as the highest level of governance oversight for the protocol.
    • Function: ZERO holders are entitled to claim a pro-rata share of protocol revenues (e.g., excess Minter yield, Power token auction proceeds) accumulated in the DistributionVault. Additionally, ZERO tokens are used to vote in the ZeroGovernor on fundamental changes, such as upgrading the core governance contracts themselves, altering critical system parameters (like governance thresholds), or changing the accepted CashTokens for proposal fees.

Visual to point to which contracts a role / major protocol / governance part it is interacting with:

Roles

Minters

Role Definition

Minters are entities authorized to generate $M tokens by securing Eligible Collateral in off-chain Special Purpose Vehicles (SPVs) and maintaining an on-chain Collateral Value that represents these off-chain assets.

Key Functions

Minters interact with the protocol primarily through the MinterGateway contract:

1. Activation and Status Management

  • activateMinter(address minter_): A newly approved (by governance) minter must be activated before they can mint. This explicit step stores the active status locally within MinterGateway for gas efficiency, avoiding repeated external checks.
  • Once deactivated, a minter cannot be reactivated. This permanence also optimizes gas by eliminating the need for further status checks against the external TTGRegistrar.

2. Collateral Management

  • updateCollateral(collateral, retrievalIds, metadataHash, validators, timestamps, signatures): Updates collateral value with validator signatures
  • proposeRetrieval(collateral): Proposes to retrieve excess collateral
  • Must maintain sufficient collateral to support minted $M tokens according to the governance-set mint ratio

3. Minting Process

  • proposeMint(amount, destination): Proposes to mint a specific amount of tokens
  • mintM(mintId): Executes a previously proposed mint after the mint delay period and before mint time-to-live period

Lifecycle and Constraints

Minters go through several states:

  1. Inactive: Approved by governance but not activated
  2. Active: Called activateMinter() and can mint tokens
  3. Frozen: Temporarily restricted from minting (but can still burn)
  4. Deactivated: Permanently removed from the system

Minters face several key constraints:

  • Must update collateral within the required interval (typically daily). As of today, the update collateral interval is set to 30 hours as per this proposal.
  • Must maintain collateralization above the mint ratio
  • Pay interest on minted tokens at the minter rate
  • Face penalties for missed updates or undercollateralization

Penalties

Minters can receive penalties in two cases:

  1. Missed Updates Penalty: Applied when minters fail to update collateral within required intervals
    • Calculated as penaltyRate × principalOfActiveOwedM × missedIntervals
    • Charged only once per missed interval
  2. Undercollateralization Penalty: Applied when active owed M exceeds allowed maximum
    • Calculated as penaltyRate × principalOfExcessOwedM × timeSpan / updateCollateralInterval
    • Proportional to the duration of undercollateralization

Validators

Role Definition

Validators serve as a critical security layer, verifying the accuracy of Minters' collateral updates and having emergency powers to protect the protocol. They are trusted entities responsible for bridging the gap between off-chain assets and on-chain accounting.

Key Functions

Validators interact with the protocol primarily through signature generation and special authority functions:

1. Collateral Verification

  • Sign off-chain messages (updateCollateral digest) verifying collateral updates, which includes the list of retrieval proposals being resolved.
  • Signatures include timestamps to prevent replay attacks
  • Multiple validators must sign collateral updates to meet the threshold

2. Security Controls

  • cancelMint(address minter, uint256 mintId): Cancel suspicious mint proposals
  • freezeMinter(address minter): Temporarily freeze a minter's ability to mint new tokens

3. Signature Requirements

  • Signatures must be provided in ascending order by validator address
  • Each signature must have a timestamp newer than the last signature from that validator
  • The protocol enforces a threshold of validator signatures for valid collateral updates

Security Mechanisms

Validators implement several security protections:

  • Timestamp Verification: Ensures signatures aren't reused or used out of order
  • Signature Uniqueness: Each validator can only provide one valid signature per collateral update
  • Emergency Powers: Ability to cancel mints and freeze Minters to mitigate potential harm

Earners

Role Definition

Earners are approved addresses that can enable earning on their M token balance, allowing them to receive yield based on the protocol's earning rate. This is a key feature that separates M from traditional stablecoins.

Key Functions

Earners interact with the protocol primarily through the MToken contract:

1. Earning Status Management

  • startEarning(): Converts a regular balance to an earning balance (requires TTG approval)
  • stopEarning(): Converts an earning balance back to a regular balance (keeps all accrued interest)
  • stopEarning(address): Safety function allowing anyone to stop earning for an account that's been removed from the approved list

2. Balance Mechanism

When an account is in earning status:

  • Their balance automatically increases over time through continuous compounding
  • Balances are stored internally as "principal amounts" that grow with the earning index
  • No transactions are needed to accrue interest

Rate Mechanics

Earners receive yield based on the Earner Rate, which is determined by a sophisticated rate model:

  • The rate model ensures yield to earners never exceeds interest paid by minters
  • Uses a mathematical formula with both instantaneous and time-integrated approaches
  • Applied with a safety factor (98% of the theoretical safe rate)
  • Continuously updated when key functions are called

Regular $M token Holders

Role Definition

Regular $M token holders use M as a stablecoin without the earning feature. Their balances remain static and only change through explicit transactions.

Key Functions

Regular $M token holders have standard ERC20 capabilities with additional features:

Token Operations

  • Standard transfers (transfer, transferFrom), approvals (approve), and balance inquiries (balanceOf).
  • Support for gasless approvals through EIP-2612 permits (permit).
  • Support for transfers with authorization through EIP-3009 (transferWithAuthorization, receiveWithAuthorization).

Transfer Mechanics

Transfers between different types of accounts follow specific rules:

  • Between two non-earning accounts: Standard token transfer.
  • Between non-earning and earning accounts: Balance conversion occurs, using protocol-favoring rounding (principal rounded down on receive, principal rounded up on send).
  • All transfers are subject to consistency checks and appropriate balance updates in the MToken contract.

Note on Minter Debt Repayment: Regular $M token holders can choose to interact with the MinterGateway's burnM function. This allows them to burn their own $M tokens to help repay the outstanding debt of a specific Minter (either active or deactivated), acting as an indirect way to support protocol stability or participate in the informal liquidation of a deactivated minter's position. This is distinct from standard token operations.

Power token Holders

Role Definition

Power token holders act as the primary governance participants, responsible for day-to-day protocol governance through the StandardGovernor and emergency actions through the EmergencyGovernor.

Key Functions

Power token holders can influence the protocol through several mechanisms:

1. Standard Governance

  • Vote on adding/removing addresses from minter/validator/earner lists
  • Vote on key protocol parameters like mint ratio, collateral update interval, etc.
  • Propose and vote on protocol parameter changes
  • StandardGovernor proposals require a simple majority to pass (yes votes > no votes)

2. Emergency Governance

  • Vote on emergency actions through the EmergencyGovernor
  • Can take immediate action to protect the protocol in emergency situations
  • EmergencyGovernor uses a threshold ratio mechanism requiring a minimum percentage of yes votes

3. Token Mechanics

  • Power token is inflationary (10% per active voting epoch)
  • Token holders can directly vote or delegate their voting power
  • Snapshots of balances, voting powers, and delegations occur at epoch boundaries
  • Inflation rewards are only given to those who vote on ALL proposals in a voting epoch
  • Cannot transfer/delegate/mint during odd epochs (voting epochs)
  • Voting power is calculated from the previous epoch's balance

4. Dutch Auction

  • Can buy Power tokens during Dutch auctions during non-voting epochs
  • Price decreases exponentially over time, with the slope halving every period
  • Purchase price is relative to the previous epoch's total supply
  • Payments go to the Distribution Vault

Zero token Holders

Role Definition

Zero token holders possess meta-governance rights, essentially serving as the highest level of governance in the protocol. They have the unique ability to completely redeploy the governance system and receive rewards from excess yield and other protocol fees.

Key Functions

Zero token holders have special privileges in the protocol:

1. Meta-Governance

  • Can vote to completely redeploy the standard and emergency governance systems through the ZeroGovernor
  • Can reset governance to either the current Power token or Zero token holders (complete governance reset)
  • Can update the threshold ratio for proposals in ZeroGovernor or EmergencyGovernor
  • Can set new cashTokens for the entire system
  • ZeroGovernor proposals require a minimum threshold of votes to pass

2. Reward Mechanism

  • Receive Zero token rewards for participation in StandardGovernor voting
  • Claim excess yield and fees from the Distribution Vault
  • Buy Power token with a discount during Dutch auctions

3. Token Mechanics

  • ERC20 token with 6 decimals
  • Supports EIP-3009, EIP-712 with EIP-1271 support, and EIP-5805
  • Can only be minted by StandardGovernor as reward for voting participation
  • Used for voting in ZeroGovernor
  • Epochs are 15 days long with snapshots taken at the end of each epoch

Role Interactions and System Balance

The M0 Protocol maintains balance through carefully designed interactions between roles:

Minter-Validator Relationship

  • Minters propose collateral updates and mint requests
  • Validators verify collateral and can intervene when necessary
  • This creates a checks-and-balances system for minting activity

Minter-Earner Balance

  • Minters pay interest on borrowed tokens (minter rate)
  • Earners receive interest on their holdings (earner rate)
  • Rate models ensure earner yield never exceeds minter interest obligations

Governance Hierarchy

  • Power token holders control standard parameter changes through StandardGovernor
  • Zero token holders have meta-governance capabilities through ZeroGovernor
  • EmergencyGovernor provides quick response capability for urgent issues
  • This creates a tiered governance structure for different types of decisions

Distribution Vault Mechanism

  • The DistributionVault receives excess yield generated by Minters not distributed to Earners
  • It also receives cash tokens from Power token auctions and unrefunded proposal fees
  • Zero token holders can claim their pro-rata share of these accumulated assets
  • This provides an incentive mechanism for Zero token holders to participate in governance

Cash Token System

  • Cash tokens are used to pay proposal fees in StandardGovernor
  • They're also used to purchase Power tokens in Dutch auctions
  • Expected to be WETH and M according to the Whitepaper
  • Must be in an allowed set defined at ZeroGovernor deployment
  • Can be changed via ZeroGovernor proposals

Economic Incentives

  • Minters are incentivized to maintain proper collateralization
  • Validators are trusted to verify off-chain collateral accurately
  • Earners benefit from yield generated by the system
  • Power token holders are rewarded with inflation for active participation in all proposals
  • Zero token holders can claim excess yield and fees while maintaining meta-governance rights

Trust Model

The protocol operates with the following trust assumptions:

  • Validators: Fully trusted to verify off-chain collateral accurately and monitor on-chain activities. They must be reachable and able to issue valid signatures for minters in a timely manner.
  • Minters: Trusted to maintain their off-chain collateral and meet protocol obligations. Minters are expected to update their collateral at required intervals and pay any imposed penalties.
  • $M token holders: Not trusted, but can freely use the token as a stablecoin without special permissions.
  • Power token holders: Trusted to act in the best interest of the protocol for day-to-day governance. They are expected to vote on proposals and participate actively in governance.
  • Zero token holders: Trusted with meta-governance authority to reset the entire governance system if necessary. They have the highest level of governance power and are assumed to act as responsible stewards of the protocol.
  • CashTokens: Expected to be WETH and M as stated in the Whitepaper, but nothing prevents deployment with other cashTokens. These must be ERC20-compliant without special behavior (such as transfer hooks, rebasing mechanisms, or transfer fees).

The protocol incorporates several safeguards against potential trust violations:

  1. Multi-level governance (StandardGovernor, EmergencyGovernor, ZeroGovernor)
  2. Collateral verification through multiple validators
  3. Penalty systems for minters who don't follow protocol rules
  4. Economic incentives aligning with protocol health for all participants

This trust model creates a balanced system where each role has appropriate permissions and incentives to maintain protocol stability and security.