Skip to content

Commit

Permalink
chore: update permission mechanism
Browse files Browse the repository at this point in the history
  • Loading branch information
blockgroot committed Sep 30, 2024
1 parent 77907d8 commit 417425e
Show file tree
Hide file tree
Showing 8 changed files with 32 additions and 17 deletions.
7 changes: 5 additions & 2 deletions contracts/PoolSelector.sol
Original file line number Diff line number Diff line change
Expand Up @@ -108,12 +108,15 @@ contract PoolSelector is IPoolSelector, AccessControlUpgradeable {

/**
* @notice update the target weights of existing pools
* @dev only `CONFIGURATOR's` can call,
* @dev only authorised callers can call,
* @param _poolTargets new target weights of pools
* `_poolTargets` array provide pool target in the same order of poolIDs that are stored in poolIdArray of poolUtils
*/
function updatePoolWeights(uint256[] calldata _poolTargets) external {
UtilLib.onlyConfiguratorRole(msg.sender, staderConfig);
if (!staderConfig.isAllowedToCall(msg.sender, "updatePoolWeights(uint256[])")) {
revert AccessDenied(msg.sender);
}

uint8[] memory poolIdArray = IPoolUtils(staderConfig.getPoolUtils()).getPoolIdArray();
uint256 poolCount = poolIdArray.length;
uint256 poolTargetLength = _poolTargets.length;
Expand Down
5 changes: 4 additions & 1 deletion contracts/PoolUtils.sol
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,10 @@ contract PoolUtils is IPoolUtils, AccessControlUpgradeable {
* @dev emit an event containing validator pubkey for offchain to exit the validator
*/
function processValidatorExitList(bytes[] calldata _pubkeys) external override {
UtilLib.onlyConfiguratorRole(msg.sender, staderConfig);
if (!staderConfig.isAllowedToCall(msg.sender, "processValidatorExitList(bytes[])")) {
revert AccessDenied(msg.sender);
}

uint256 exitValidatorCount = _pubkeys.length;
for (uint256 i; i < exitValidatorCount; ) {
emit ExitValidator(_pubkeys[i]);
Expand Down
1 change: 1 addition & 0 deletions contracts/interfaces/IPoolSelector.sol
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ interface IPoolSelector {
error InvalidTargetWeight();
error InvalidNewTargetInput();
error InvalidSumOfPoolWeights();
error AccessDenied(address account);

// Events

Expand Down
1 change: 1 addition & 0 deletions contracts/interfaces/IPoolUtils.sol
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ interface IPoolUtils {
error OperatorIsNotOnboarded();
error InvalidLengthOfSignature();
error ExistingOrMismatchingPoolId();
error AccessDenied(address account);

// Events
event PoolAdded(uint8 indexed poolId, address poolAddress);
Expand Down
14 changes: 11 additions & 3 deletions contracts/interfaces/IStaderConfig.sol
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ interface IStaderConfig {
event SetAccount(bytes32 key, address newAddress);
event SetContract(bytes32 key, address newAddress);
event SetToken(bytes32 key, address newAddress);
event PermissionGranted(address indexed accountToPermit, address indexed contractAddress, string functionSig);
event PermissionRevoked(address indexed accountToRevoke, address indexed contractAddress, string functionSig);

//Contracts
function POOL_UTILS() external view returns (bytes32);
Expand Down Expand Up @@ -74,8 +76,6 @@ interface IStaderConfig {

function OPERATOR() external view returns (bytes32);

function CONFIGURATOR() external view returns (bytes32);

// Constants
function getStakedEthPerNode() external view returns (uint256);

Expand Down Expand Up @@ -174,5 +174,13 @@ interface IStaderConfig {

function onlyOperatorRole(address account) external view returns (bool);

function onlyConfiguratorRole(address account) external view returns (bool);
function isAllowedToCall(address account, string calldata functionSig) external view returns (bool);

function giveCallPermission(address contractAddress, string calldata functionSig, address accountToPermit) external;

function revokeCallPermission(
address contractAddress,
string calldata functionSig,
address accountToRevoke
) external;
}
7 changes: 0 additions & 7 deletions contracts/library/UtilLib.sol
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ library UtilLib {
error CallerNotStaderContract();
error CallerNotWithdrawVault();
error TransferFailed();
error CallerNotConfigurator();

uint64 private constant VALIDATOR_PUBKEY_LENGTH = 48;

Expand All @@ -36,12 +35,6 @@ library UtilLib {
}
}

function onlyConfiguratorRole(address _addr, IStaderConfig _staderConfig) internal view {
if (!_staderConfig.onlyConfiguratorRole(_addr)) {
revert CallerNotConfigurator();
}
}

//checks if caller is a stader contract address
function onlyStaderContract(address _addr, IStaderConfig _staderConfig, bytes32 _contractName) internal view {
if (!_staderConfig.onlyStaderContract(_addr, _contractName)) {
Expand Down
7 changes: 5 additions & 2 deletions test/foundry_tests/PoolSelector.t.sol
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ contract PoolSelectorTest is Test {
address staderManager;
address operator;
address configurator;
address naiveAddress;

address staderStakePoolManager;

Expand All @@ -30,6 +31,7 @@ contract PoolSelectorTest is Test {
staderManager = vm.addr(101);
operator = vm.addr(102);
configurator = vm.addr(116);
naiveAddress = vm.addr(117);
staderStakePoolManager = vm.addr(110);

address ethDepositAddr = vm.addr(103);
Expand Down Expand Up @@ -61,7 +63,7 @@ contract PoolSelectorTest is Test {
staderConfig.updateStakePoolManager(staderStakePoolManager);
staderConfig.grantRole(staderConfig.MANAGER(), staderManager);
staderConfig.grantRole(staderConfig.OPERATOR(), operator);
staderConfig.grantRole(staderConfig.CONFIGURATOR(), configurator);
staderConfig.giveCallPermission(address(poolSelector), "updatePoolWeights(uint256[])", configurator);
vm.stopPrank();
}

Expand Down Expand Up @@ -98,7 +100,8 @@ contract PoolSelectorTest is Test {
invalidSizePoolWeight[1] = 4000;
invalidSizePoolWeight[2] = 4000;

vm.expectRevert(UtilLib.CallerNotConfigurator.selector);
vm.prank(naiveAddress);
vm.expectRevert(abi.encodeWithSignature("AccessDenied(address)", naiveAddress));
poolSelector.updatePoolWeights(poolWeight);

vm.startPrank(configurator);
Expand Down
7 changes: 5 additions & 2 deletions test/foundry_tests/PoolUtils.t.sol
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ contract PoolUtilsTest is Test {
address staderManager;
address operator;
address configurator;
address naiveAddress;

PoolUtils poolUtils;
StaderConfig staderConfig;
Expand All @@ -33,6 +34,7 @@ contract PoolUtilsTest is Test {
staderManager = vm.addr(101);
operator = vm.addr(102);
configurator = vm.addr(114);
naiveAddress = vm.addr(117);

address ethDepositAddr = vm.addr(103);
nodeRegistry = new NodeRegistryMock(operator);
Expand Down Expand Up @@ -61,7 +63,7 @@ contract PoolUtilsTest is Test {
vm.startPrank(staderAdmin);
staderConfig.grantRole(staderConfig.MANAGER(), staderManager);
staderConfig.grantRole(staderConfig.OPERATOR(), operator);
staderConfig.grantRole(staderConfig.CONFIGURATOR(), configurator);
staderConfig.giveCallPermission(address(poolUtils), "processValidatorExitList(bytes[])", configurator);
vm.stopPrank();
}

Expand Down Expand Up @@ -137,7 +139,8 @@ contract PoolUtilsTest is Test {
pubkey[0] = "0x8faa339ba46c649885ea0fc9c34d32f9d99c5bde336750";
pubkey[1] = "0x8faa339ba46c649885ea0fc9c34d32f9d99c5bde336750";

vm.expectRevert(UtilLib.CallerNotConfigurator.selector);
vm.prank(naiveAddress);
vm.expectRevert(abi.encodeWithSignature("AccessDenied(address)", naiveAddress));
poolUtils.processValidatorExitList(pubkey);

vm.prank(configurator);
Expand Down

0 comments on commit 417425e

Please sign in to comment.