Skip to content

Protocol Engineer Guide

What To Understand First

  1. System Map
  2. Generated Solidity Inventory
  3. Source References
  4. Upgradeability Model
  5. Solidity Conformance

What You Are Allowed To Do

Protocol engineers may prepare implementation changes, storage-layout analysis, metadata review, test additions, and release notes. They do not bypass governance or mutate production roles directly unless separately assigned an operational role.

What You Must Never Do

  • Change implementation metadata casually.
  • Add functions that collide with reserved proxy selectors.
  • Treat beacon upgrades like transparent-proxy upgrades with atomic reinitialization.
  • Reintroduce the removed deposit false-freeze model.
  • Claim behavior from comments without source or test evidence.

Responsibilities

Maintain source-grounded docs, update the inventory script when parser coverage is insufficient, provide upgrade evidence packages, and map code changes to permission, state-machine, and runbook changes.

Failure Modes To Recognize

Storage slot drift, policy hash mismatch, uninitialized proxy state, target-kind mismatch, source ledger double counting, claim-state broadening, and deposit custody bypass are high-severity engineering risks.

Escalation

Escalate any code path that changes admission, custody, upgrade authority, claimability, reserve accounting, settlement, or funds movement.

Role Operating Guide

What This Person Must Understand First

The Protocol engineer must understand source contracts, generated inventory, tests, formal evidence, upgrade policy, storage risk. The four questions must stay separate: Upgrade governance asks which code is official, Deposit permissioning asks who may deposit, Custody/readiness asks whether the deposit route is safe, and Economic/claim safety asks whether funds can later leave safely.

Allowed To Do

This role may change source/docs/tests and prepare evidence when the relevant runbook, permission matrix, and reviewer approval support the action.

Must Never Do

This role must never claim external verification or deployed safety without inspected evidence.

Pages To Read In Order

  1. System Map
  2. Permissioned vs Permissionless Deposits
  3. Permission Matrix
  4. Source Manifest
  5. The runbook for the exact action being performed.

Routine Responsibilities

Keep evidence current, record decisions, reconcile action tickets to onchain events, and raise drift quickly. Do not rely on memory when a source manifest, event log, or contract read can answer the question.

Incident Responsibilities

Stop routine automation for the affected layer, preserve evidence, notify the correct owner, and avoid broad remediation until the failing layer is identified.

Escalation Triggers

Escalate on unknown governance actions, mismatched implementation metadata, unexpected allowlist-admin transfer, stale oracle data, slashing/exit anomalies, failed custody readiness, or any claim that cannot be tied to current source and onchain evidence.