New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extend onlyAuthorized
to support extra functions in AccessManager
#5014
base: master
Are you sure you want to change the base?
Extend onlyAuthorized
to support extra functions in AccessManager
#5014
Conversation
🦋 Changeset detectedLatest commit: 5f81c0f The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
beforeEach('set required role', function () { | ||
this.method = this.target.fnRestricted.getFragment(); | ||
this.role = { id: 785913n }; | ||
this.manager.$_setTargetFunctionRole(this.target, this.method.selector, this.role.id); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we set the function role for this.manager, this.method.selector
? It feels like we are testing restricted operation on the target when we should test the restricted operation on the manager.
@@ -611,7 +613,7 @@ contract AccessManager is Context, Multicall, IAccessManager { | |||
*/ | |||
function _getAdminRestrictions( | |||
bytes calldata data | |||
) private view returns (bool restricted, uint64 roleAdminId, uint32 executionDelay) { | |||
) private view returns (bool adminRestricted, uint64 roleAdminId, uint32 executionDelay) { | |||
if (data.length < 4) { | |||
return (false, 0, 0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe we want to do
return (false, getTargetFunctionRole(address(this), bytes4(0)), 0);
so that selector 0 can be used to set restriction on the receive()
function
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return (false, 0, 0); | |
return (false, getTargetFunctionRole(address(this), bytes4(0)), 0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to decide on this, but otherwize the PR is good to me. @ernestognw
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure. On one side the audit recommendation for the AccessManaged
should apply here; the 0x000000
selector can also be a valid selector. On the other, the manager so far was designed under the assumption that it just doesn't have a fallback
or a receive
function, which means that we should analyze their implications (e.g. receive
would allow griefing the AccessManager through the execute
function).
I'd leave it like this. It requires more analysis if we want to go that way.
We were loosing coverage for this section: // isTragetClosed apply to non-admin-restricted function
if (!adminRestricted && isTargetClosed(address(this))) {
return (false, 0);
} Turns out closing the manager is not allowed so it was unreachable. We decided to allow closing the manager so that the flag applies only to non-admin functions (i.e. functions added to the manager). This way the contract can close access to itself without getting it locked. Should be ready |
This PR adds the ability to extend the AccessManager and use the
onlyAuthorized
modifer for those functions as well.PR Checklist
npx changeset add
)