# Access Control ### Global Access Control (GAC.sol) Access control information is stored in a single Global Access Control contract on each chain. The GAC contract is ownable and the `owner` of the contract is also the global owner for the deployment on each chain. This global`owner` can perform privileged operations such as updating the list of bridge sender adapters on the source chain for example. On the destination chain, a global `owner` can perform operations such as updating the list of bridge receiver adapters in the `MultiBridgeMessageReceiver` contract or changing the `quorum` threshold. There are two types of GAC contracts: 1. MessageSenderGAC: Manages access control information on the source chain 2. MessageReceiverGAC: Manages access control information on the destination chain **Note:** In the case of Uniswap, to ensure that only the Uniswap DAO can control key protocol parameters, the global owner of all components that require privileged control on the source chain will be the [Uniswap V2 Timelock contract](https://etherscan.io/address/0x1a9C8182C09F50C8318d769245beA52c32BE35BC). Similarly, the global owner on destination chains would be the corresponding [Uniswap Governance Timelock contract](https://multi-message-aggregation.gitbook.io/multi-message-aggregation/security/governance-timelock). ### MultiBridgeMessageSender ```solidity /// @dev Global Access Controller (GAC) contract MessageSenderGAC public immutable senderGAC; ``` Access control for `MultiBridgeMessageSender` is managed through a Global Access Control contract, `MessageSenderGAC`, which maintains an authorised `caller` address and a global `owner` address. **Caller** `MultiBridgeMessageSender` is intended for one caller. In the case of Uniswap governance, the only caller allowed is the Uniswap timelock contract on Ethereum. Address: [0x1a9C8182C09F50C8318d769245beA52c32BE35BC](https://etherscan.io/address/0x1a9C8182C09F50C8318d769245beA52c32BE35BC) Only the `caller` is allowed to call any function within the `MultiMessageSender` contract. **Owner** The global owner of the `MultiBridgeMessageSender` contract and all adapters on the source chain is the [Uniswap V2 Timelock contract](https://etherscan.io/address/0x1a9C8182C09F50C8318d769245beA52c32BE35BC). This ensures that only the Uniswap DAO can control parameters relating to the source deployment. ### MultiBridgeMessageReceiver MultiMessageReceiver has two access control elements: **Owner** The global owner of the `MultiBridgeMessageReceiver` is the [Uniswap Governance Timelock contract](https://multi-message-aggregation.gitbook.io/multi-message-aggregation/security/governance-timelock) on the destination chain. This ensures that only the Uniswap DAO can control parameters relating to the remote deployment. **Receiver Adapters** Message delivery to the `MultiBridgeMessageReceiver` can only be performed by a list of approved bridge receiver adapters. The list is controlled by the global `owner`. ```solidity /// @notice Checks whether the caller is an approved bridge receiver adapter modifier onlyReceiverAdapter() { if (!isTrustedExecutor(msg.sender)) { revert Error.INVALID_RECEIVER_ADAPTER(); } _; } ```