Permissions Architecture

Scion is a non-custodial protocol. This means the admins of the Scion smart contracts should never be able to walk away with user funds.
For a protocol like Scion this is a challenge because the team needs to have an ability to add, remove and update investment strategies. To ensure the protocol remains non-custodial, we are putting all critical owner actions like adding strategies or changing configuration parameters behind a Timelock contract with an initial delay of 2 days. This means any owner transactions will first need to be submitted to the Timelock contract and 2 days will need to pass before the transaction can be executed. This gives users 2 days to inspect the pending admin transaction and decide whether it is safe to keep their deposits in the pool.
Diagram of the permissions architecture: