Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Begin adding tracking for "real world" state of permissions granted onchain #2027

Draft
wants to merge 9 commits into
base: master
Choose a base branch
from

Conversation

TomAFrench
Copy link
Contributor

Description

This PR starts the creation of the v2-permissions package which includes various scripts which aim to pull the current state of the Authorizer from onchain (through a subgraph) and reconstruct a human readable representation of the permissions which have been granted.

Using the subgraph we can get a list of addresses and for each address a list of action ids which they have permissions over. We can then map from action ids to a list of contract-function pairs which it allows them to call, and from addresses to a human readable name, e.g.

{
  "GNOSIS_PROTOCOL_RELAYER": [
    {
      "taskId": "20210418-vault",
      "contractName": "Vault",
      "signature": "manageUserBalance((uint8,address,uint256,address,address)[])",
      "useAdaptor": false
    },
    {
      "taskId": "20210418-vault",
      "contractName": "Vault",
      "signature": "batchSwap(uint8,(bytes32,uint256,uint256,uint256,bytes)[],address[],(address,bool,address,bool),int256[],uint256)",
      "useAdaptor": false
    }
  ],
  "BLABS_VEBAL_MULTISIG": [
    {
      "taskId": "20220325-bal-token-holder-factory",
      "contractName": "BALTokenHolder",
      "signature": "function withdrawFunds(address,uint256)",
      "useAdaptor": false
    }
  ],
}

The state of this package is very rough and will be refined but I want to share it early to help with verifying #1993

  1. Verify that all action ids in permissions/unrecognised.json are unnecessary and then renounce/revoke them.
  2. Sanity check that permissions/functions.json is a desirable end state for the system to be in post-migration.
  3. Ensure that the permissions/actionIds.json matches the input to the authorizer migration deployment task
    • This isn't 1:1 as the authorizer doesn't currently have a concept of where so we need to check that this is set properly for each action ID in the deployment task.
    • This can also be done less rigorously by just checking permissions/functions.json against the deployment task. This is likely good enough.

Type of change

  • Bug fix
  • New feature
  • Breaking change
  • Dependency changes
  • Code refactor / cleanup
  • Documentation or wording changes
  • Other

Checklist:

  • The diff is legible and has no extraneous changes
  • Complex code has been commented, including external interfaces
  • Tests are included for all code paths
  • The base branch is either master, or there's a description of how to merge

Issue Resolution

@TomAFrench
Copy link
Contributor Author

Waiting for #2031 to be merged so we can use it here.

Copy link
Contributor

@nventuro nventuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fantastic initiative!

Comment on lines 2 to 12
"0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f": "DAO_MULTISIG",
"0x166f54f44f271407f24aa1be415a730035637325": "BALLER_OPS_MULTISIG",
"0x75a52c0e32397a3fc0c052e2ceb3479802713cf4": "LINEAR_POOL_CONTROLLER_BALLER_MULTISIG",
"0xf4a80929163c5179ca042e1b292f5efbbe3d89e6": "SWAP_FEE_CONTROLLER_BALLER_MULTISIG",
"0xc38c5f97b34e175ffd35407fc91a937300e33860": "LM_MULTISIG",
"0x7c68c42de679ffb0f16216154c996c354cf1161b": "TREASURY_MULTISIG",
"0xa29f61256e948f3fb707b4b3b138c5ccb9ef9888": "EMERGENCY_SUBDAO_MULTISIG",
"0x02f35dA6A02017154367Bc4d47bb6c7D06C7533B": "BLABS_OPS_MULTISIG",
"0xd2eb7bd802a7ca68d9acd209bec4e664a9abdd7b": "BLABS_VEBAL_MULTISIG",
"0xe4a8ed6c1d8d048bd29a00946bfcf2db10e7923b": "GAUNTLET_FEE_SETTER",
"0xc92e8bdf79f0507f65a392b0ab4667716bfe0110": "GNOSIS_PROTOCOL_RELAYER"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be good if we could also have a short description of what these are, their scope, and potentially even link to gov discussion. We could add a metadata field, or make this a ts file and just write comments

],
};

const ignoredActionIds: string[] = [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are network specific, right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm making this package be mainnet only for the time being we're mostly interested in it for the authorizer migration.


body: JSON.stringify({
query: `{
accounts(first: 500) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if 500 is not enough?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'd have to do pagination at some point as the graph limits how many responses is returns. We've got much fewer than 500 permissions atm (<50) so I'm not too concerned.

I'll add something to blow up this function if we actually receive 500 accounts.

@TomAFrench
Copy link
Contributor Author

As we're migrating the authorizer on mainnet but not on L2s we'll need to have support for both authorizers for the foreseeable future. Parking this PR until we update subgraph, etc. appropriately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants