A Vault is an organization with a fairly simple topography. It doesn't require a Proposal Manager to execute code such as when adding a new Component, transferring tokens, or executing smart contract code.

As a result, a Vault can execute any kind of code--as a one time active component, so that it can write directly on the Organization and its other components--not just that of pre-fixed functionalities.

This is for two main reasons:

• By having a set of known addresses that must place a minimum number of signatures, a Vault does not require the creation of a Proposal to be voted on and then executed.

• To execute code, a Vault has a specific function called request. The equivalent of this is a Proposal in a root or governance layer organization equipped with a Proposal Manager.

function request(CallRequest[] calldata requests) external payable;

As input, the request function takes an array of CallRequest structs, provided by IMultiSigOrganization, each composed as follows:

struct CallRequest {
    Call call;
    bytes[] requestSignatures;
}

struct Call {
    address location;
    bytes bytecode;
    bytes payload;
    uint256 value;
    bool asActiveComponent;
}

• address location -> this is the address of the contract with the code to be executed; you can pass the address of a contract that is already deployed

• bytes bytecode -> this represents the bytecode of the code to deploy and execute; rather than or as well as passing an already deployed contract in address location, you can deploy and execute the bytecode directly.

• bytes payload -> this can contains a payload or data to be executed on the smart contract code via a call function, specified in the location and / or bytes bytecode parameters, once those are executed.

• uint256 value -> this represents the amount of ETH that will eventually be sent to the contract(s) (specified in the location or bytecode parameters) using a call function at the time of code execution.

• bool asActiveComponent -> this parameter represents if the code (i.e that specified the location or bytecode) must be executed as an active one-time component. The code will be executed as an active one-time component if asActiveComponent is true; if so, the code (as a component) is temporarily attached to the Organization as an active one; its code is executed; and then it is detached.

For example, to transfer money from the organization to an address, or to use the organization's money in any contract, the code must be executed as a one-time Component, as it must be an authorized component linked to an active key.

As another example, to attach or remove a Component to or from the Organization, or to be able to call the setAddresses and setMinimumSignatures functions discussed on the previous page, the code must also be executed as a one-time component.

asActiveComponent can be false if code doesn't need to be executed as an active one-time component; i.e, when it doesn't need to write on an Organization.

Keep in mind that for an organization, write permissions are only required by active components, as well as by the organization itself (see here for more info).

• bytes[] requestsSignatures -> this parameter contains all of the encoded signatures generated off-chain to approve the transaction. To learn more, see the next page.

As input, the request function takes an array of CallRequest structs; if so desired, multiple operations can be performed at once, one per struct.

Who Can Call the request Function

As the request function is freely callable from outside, the msg.sender can be one of the address signatories registered; or not, as long as the function already has the minimum required signatures. If msg.sender is one, its signature is valid.

Example

Minimum signatures = 5

You have two choices:

1. call request with an anonymous wallet -> all 5 off-chain signatures need to come from authorized wallets.

2. call request with a wallet authorized to sign -> only 4 off=chain signatures need to come from authorized wallets; the msg.sender serves as the 5th.