forceAllowMaskin protocolParams overrides the permission for all addresses (if a bit in this mask is set)
pullmethod is used (available for anyone approved for ERC721 vault NFT). If it's called on any subvault except the first, it pulls tokens into the first vault. If it's called on the first vault then tokens can be pulled to any Vault of the Vault System.
externalCallfunction is used. External calls are allowed to be called by Strategy on behalf of the Vault to external DEXes like Uniswap and Curve.