Extend onlyAuthorized to support extra functions in AccessManager
#5014
Conversation
🦋 Changeset detectedLatest commit: 5f81c0f The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
| beforeEach('set required role', function () { | ||
| this.method = this.target.fnRestricted.getFragment(); | ||
| this.role = { id: 785913n }; | ||
| this.manager.$_setTargetFunctionRole(this.target, this.method.selector, this.role.id); |
There was a problem hiding this comment.
Should we set the function role for this.manager, this.method.selector ? It feels like we are testing restricted operation on the target when we should test the restricted operation on the manager.
| @@ -611,7 +613,7 @@ contract AccessManager is Context, Multicall, IAccessManager { | |||
| */ | |||
| function _getAdminRestrictions( | |||
| bytes calldata data | |||
| ) private view returns (bool restricted, uint64 roleAdminId, uint32 executionDelay) { | |||
| ) private view returns (bool adminRestricted, uint64 roleAdminId, uint32 executionDelay) { | |||
| if (data.length < 4) { | |||
| return (false, 0, 0); | |||
There was a problem hiding this comment.
maybe we want to do
return (false, getTargetFunctionRole(address(this), bytes4(0)), 0);
so that selector 0 can be used to set restriction on the receive() function
There was a problem hiding this comment.
| return (false, 0, 0); | |
| return (false, getTargetFunctionRole(address(this), bytes4(0)), 0); |
There was a problem hiding this comment.
We need to decide on this, but otherwize the PR is good to me. @ernestognw
There was a problem hiding this comment.
I'm not sure. On one side the audit recommendation for the AccessManaged should apply here; the 0x000000 selector can also be a valid selector. On the other, the manager so far was designed under the assumption that it just doesn't have a fallback or a receive function, which means that we should analyze their implications (e.g. receive would allow griefing the AccessManager through the execute function).
I'd leave it like this. It requires more analysis if we want to go that way.
|
We were loosing coverage for this section: // isTragetClosed apply to non-admin-restricted function
if (!adminRestricted && isTargetClosed(address(this))) {
return (false, 0);
}Turns out closing the manager is not allowed so it was unreachable. We decided to allow closing the manager so that the flag applies only to non-admin functions (i.e. functions added to the manager). This way the contract can close access to itself without getting it locked. Should be ready |
This PR adds the ability to extend the AccessManager and use the
onlyAuthorizedmodifer for those functions as well.PR Checklist
npx changeset add)