Skip to main content

Operator Onboarding Guide

From the operator perspective, the address that needs authorization is your protocol contract or vault factory, not the investor wallet.

What "operator" means

An operator is the address that calls:

registerVault(vaultAddress, investorWalletAddress, deadline, signature)

That address must hold OPERATOR_ROLE on the target VaultRegistrar.

Registering on this testnet (permissionless)

This sandbox VaultRegistrar was deployed with permissionless addOperator(). You do not need admin approval.

  1. Go to the Register as Operator page.
  2. Enter your protocol contract address (not your personal wallet, unless your wallet is the one calling registerVault()).
  3. Click Register as Operator. Your wallet signs and submits the addOperator() transaction.
  4. Wait for confirmation. The page will show "Already registered" once the role is on-chain.
  5. Verify with isOperator(yourAddress) == true via any RPC or Etherscan.

Registering on a production VaultRegistrar (admin-gated)

In production, addOperator() requires DEFAULT_ADMIN_ROLE. Contact the registrar admin and provide:

  • Your protocol contract address
  • The target chain
  • The VaultRegistrar proxy address you're targeting

The admin will call addOperator(yourContract) and the RoleGranted event (OZ AccessControl) will be emitted on-chain.

Alternatively, if you control the admin key:

# from bc-vault-registrar
npx hardhat add-operator \
  --registrar <VAULT_REGISTRAR_PROXY_ADDRESS> \
  --operator  <YOUR_FACTORY_OR_PROTOCOL_ADDRESS> \
  --network   <NETWORK>

The task is idempotent — if the address already has the role, it exits without sending a transaction.

Verifying the role

const isOp = await publicClient.readContract({
  address: registrar,
  abi: vaultRegistrarAbi,
  functionName: "isOperator",
  args: [yourProtocolAddress],
});
// isOp === true

Operational checks before collecting investor signatures

  • Your operator contract address is final and deployed — the EIP-712 signature binds the investor to exactly one operator address.
  • The target VaultRegistrar points at the expected DS Token (token() returns the right address).
  • Your frontend or backend uses the same operator address that holds OPERATOR_ROLE.
  • Your investor signatures are built against the same chain ID and VaultRegistrar address.

Common mistake

Do not sign with or register a wallet unless that wallet is the actual msg.sender for registerVault(). If you relay through a backend or gateway, the gateway's wallet is the operator — and investor EIP-712 signatures must encode the gateway wallet as operator, not your factory.

Next step

Integration Guide