@bananapus/permission-ids-v6 0.0.24 → 0.0.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -2
- package/RISKS.md +4 -3
- package/USER_JOURNEYS.md +1 -1
- package/package.json +1 -1
- package/src/JBPermissionIds.sol +14 -5
- package/test/formal/JBPermissionIdsHalmos.t.sol +68 -0
package/README.md
CHANGED
|
@@ -28,8 +28,9 @@ If the question is "who can do this action?" you still need `JBPermissions` in `
|
|
|
28
28
|
| `24-27` | 721 hook permissions |
|
|
29
29
|
| `28-30` | buyback hook and registry permissions |
|
|
30
30
|
| `31` | router terminal registry permission |
|
|
31
|
-
| `32-
|
|
32
|
-
| `
|
|
31
|
+
| `32-36` | sucker and omnichain deployment/lifecycle permissions |
|
|
32
|
+
| `37-39` | revnet-core loan permissions |
|
|
33
|
+
| `40` | currently unassigned; reserved for the next ecosystem permission |
|
|
33
34
|
|
|
34
35
|
The exact constants live in `src/JBPermissionIds.sol`.
|
|
35
36
|
|
package/RISKS.md
CHANGED
|
@@ -22,13 +22,14 @@ This file covers the coordination risks in `JBPermissionIds`. The contract surfa
|
|
|
22
22
|
- **`ROOT` is broad authority.** `ROOT` (ID `1`) grants all permissions, including permissions added in the future.
|
|
23
23
|
- **Wildcard grants increase blast radius.** Any permission granted with `projectId = 0` applies to all projects owned by that account.
|
|
24
24
|
- **Hook and router lock powers are bundled.** `SET_BUYBACK_HOOK` (`30`) and `SET_ROUTER_TERMINAL` (`31`) both cover setting and locking.
|
|
25
|
-
- **Third-party extensions do not have an on-chain namespace.** IDs `41-255` are only socially coordinated, so external packages can collide without coordination.
|
|
25
|
+
- **Third-party extensions do not have an on-chain namespace.** IDs `41-255` are only socially coordinated, so external packages can collide without coordination. ID `40` is not currently assigned in `JBPermissionIds.sol`.
|
|
26
26
|
|
|
27
27
|
## 2. High-Impact IDs
|
|
28
28
|
|
|
29
29
|
- **Fund-moving IDs.** `CASH_OUT_TOKENS` (`4`), `SEND_PAYOUTS` (`5`), `MIGRATE_TERMINAL` (`6`), `SET_TERMINALS` (`15`), `USE_ALLOWANCE` (`18`), and `SET_SPLIT_GROUPS` (`19`) can redirect or release value.
|
|
30
30
|
- **Hook-routing IDs.** `SET_BUYBACK_POOL` (`28`), `SET_BUYBACK_HOOK` (`30`), and `SET_ROUTER_TERMINAL` (`31`) materially control execution routes and can lock those routes permanently.
|
|
31
|
-
- **
|
|
31
|
+
- **Sucker lifecycle IDs.** `SUCKER_SAFETY` (`35`) and `SET_SUCKER_DEPRECATION` (`36`) control emergency recovery and bridge shutdown state.
|
|
32
|
+
- **Revnet loan IDs.** `OPEN_LOAN` (`37`), `REALLOCATE_LOAN` (`38`), and `REPAY_LOAN` (`39`) are operationally powerful because they move collateral and debt state.
|
|
32
33
|
|
|
33
34
|
## 3. Integration Risks
|
|
34
35
|
|
|
@@ -41,7 +42,7 @@ This file covers the coordination risks in `JBPermissionIds`. The contract surfa
|
|
|
41
42
|
- Assigned IDs are append-only and never repurposed.
|
|
42
43
|
- `0` stays unused as a permission ID.
|
|
43
44
|
- Every documented ID in this repo matches the numeric checks in downstream contracts.
|
|
44
|
-
-
|
|
45
|
+
- ID `40` remains unused until a named constant is appended, and all new IDs are added without colliding with existing ecosystem assignments.
|
|
45
46
|
|
|
46
47
|
## 5. Accepted Behaviors
|
|
47
48
|
|
package/USER_JOURNEYS.md
CHANGED
|
@@ -14,7 +14,7 @@ This repo is the shared permission vocabulary for the V6 ecosystem. It does not
|
|
|
14
14
|
|
|
15
15
|
- `JBPermissionIds`: library of canonical permission constants used across V6 repos
|
|
16
16
|
- grouped constants for core, 721, router, buyback, sucker, revnet, and related actions
|
|
17
|
-
- reserved ranges documented in `README.md`, including `ROOT = 1`, ecosystem
|
|
17
|
+
- reserved ranges documented in `README.md`, including `ROOT = 1`, currently assigned ecosystem IDs through `39`, unassigned ID `40`, and socially coordinated extension space above that
|
|
18
18
|
|
|
19
19
|
## Journey 1: Map A Product Action To The Right Permission
|
|
20
20
|
|
package/package.json
CHANGED
package/src/JBPermissionIds.sol
CHANGED
|
@@ -160,15 +160,24 @@ library JBPermissionIds {
|
|
|
160
160
|
|
|
161
161
|
/// @notice Deploy cross-chain sucker bridges for a project, enabling token bridging between chains
|
|
162
162
|
/// (`JBSuckerRegistry.deploySuckersFor`).
|
|
163
|
+
/// @dev When the configuration's `peer` is `address(0)` or `address(this)` (default symmetric-address peering),
|
|
164
|
+
/// `DEPLOY_SUCKERS` is sufficient. Registering a non-symmetric explicit peer also requires `SET_SUCKER_PEER`.
|
|
163
165
|
uint8 internal constant DEPLOY_SUCKERS = 33;
|
|
164
166
|
|
|
167
|
+
/// @notice Register a non-symmetric explicit peer address when deploying a cross-chain sucker
|
|
168
|
+
/// (`JBSuckerRegistry.deploySuckersFor` with `configuration.peer` != 0 and != `address(this)`).
|
|
169
|
+
/// @dev The explicit-peer field bypasses the same-address peering invariant, so any operator that can set it
|
|
170
|
+
/// can authorize mint-from-arbitrary-roots. This permission is intentionally narrower than `DEPLOY_SUCKERS` so
|
|
171
|
+
/// that ops automation with `DEPLOY_SUCKERS` cannot register attacker-controlled peers.
|
|
172
|
+
uint8 internal constant SET_SUCKER_PEER = 34;
|
|
173
|
+
|
|
165
174
|
/// @notice Enable the emergency hatch on a cross-chain sucker, allowing stuck tokens to be recovered
|
|
166
175
|
/// (`JBSucker.enableEmergencyHatchFor`).
|
|
167
|
-
uint8 internal constant SUCKER_SAFETY =
|
|
176
|
+
uint8 internal constant SUCKER_SAFETY = 35;
|
|
168
177
|
|
|
169
178
|
/// @notice Set the deprecation status of a cross-chain sucker, progressing it through its shutdown lifecycle
|
|
170
179
|
/// (`JBSucker.setDeprecation`).
|
|
171
|
-
uint8 internal constant SET_SUCKER_DEPRECATION =
|
|
180
|
+
uint8 internal constant SET_SUCKER_DEPRECATION = 36;
|
|
172
181
|
|
|
173
182
|
/* ── revnet-core-v6
|
|
174
183
|
─────────────────────────────────────────────────
|
|
@@ -176,13 +185,13 @@ library JBPermissionIds {
|
|
|
176
185
|
|
|
177
186
|
/// @notice Open a loan against project tokens as collateral on behalf of a token holder
|
|
178
187
|
/// (`REVLoans.borrowFrom`).
|
|
179
|
-
uint8 internal constant OPEN_LOAN =
|
|
188
|
+
uint8 internal constant OPEN_LOAN = 37;
|
|
180
189
|
|
|
181
190
|
/// @notice Move loan collateral between projects on behalf of a loan owner
|
|
182
191
|
/// (`REVLoans.reallocateCollateralFromLoan`).
|
|
183
|
-
uint8 internal constant REALLOCATE_LOAN =
|
|
192
|
+
uint8 internal constant REALLOCATE_LOAN = 38;
|
|
184
193
|
|
|
185
194
|
/// @notice Repay a loan on behalf of the loan owner, returning collateral tokens
|
|
186
195
|
/// (`REVLoans.repayLoan`).
|
|
187
|
-
uint8 internal constant REPAY_LOAN =
|
|
196
|
+
uint8 internal constant REPAY_LOAN = 39;
|
|
188
197
|
}
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
// SPDX-License-Identifier: MIT
|
|
2
|
+
pragma solidity 0.8.28;
|
|
3
|
+
|
|
4
|
+
import {JBPermissionIds} from "../../src/JBPermissionIds.sol";
|
|
5
|
+
|
|
6
|
+
/// @notice Small Halmos entrypoints for the ecosystem permission namespace.
|
|
7
|
+
/// @dev This package is constants-only, so the useful machine-check is exact namespace drift: values must remain
|
|
8
|
+
/// contiguous from ROOT through REPAY_LOAN unless a future migration intentionally updates this proof.
|
|
9
|
+
contract JBPermissionIdsHalmos {
|
|
10
|
+
/// @notice Proves the permission IDs are exactly the expected contiguous sequence.
|
|
11
|
+
function check_permissionIdsAreContiguousAndStable() public pure {
|
|
12
|
+
uint8[39] memory ids = [
|
|
13
|
+
JBPermissionIds.ROOT,
|
|
14
|
+
JBPermissionIds.QUEUE_RULESETS,
|
|
15
|
+
JBPermissionIds.LAUNCH_RULESETS,
|
|
16
|
+
JBPermissionIds.CASH_OUT_TOKENS,
|
|
17
|
+
JBPermissionIds.SEND_PAYOUTS,
|
|
18
|
+
JBPermissionIds.MIGRATE_TERMINAL,
|
|
19
|
+
JBPermissionIds.SET_PROJECT_URI,
|
|
20
|
+
JBPermissionIds.DEPLOY_ERC20,
|
|
21
|
+
JBPermissionIds.SET_TOKEN,
|
|
22
|
+
JBPermissionIds.MINT_TOKENS,
|
|
23
|
+
JBPermissionIds.BURN_TOKENS,
|
|
24
|
+
JBPermissionIds.CLAIM_TOKENS,
|
|
25
|
+
JBPermissionIds.TRANSFER_CREDITS,
|
|
26
|
+
JBPermissionIds.SET_CONTROLLER,
|
|
27
|
+
JBPermissionIds.SET_TERMINALS,
|
|
28
|
+
JBPermissionIds.ADD_TERMINALS,
|
|
29
|
+
JBPermissionIds.SET_PRIMARY_TERMINAL,
|
|
30
|
+
JBPermissionIds.USE_ALLOWANCE,
|
|
31
|
+
JBPermissionIds.SET_SPLIT_GROUPS,
|
|
32
|
+
JBPermissionIds.ADD_PRICE_FEED,
|
|
33
|
+
JBPermissionIds.ADD_ACCOUNTING_CONTEXTS,
|
|
34
|
+
JBPermissionIds.SET_TOKEN_METADATA,
|
|
35
|
+
JBPermissionIds.SIGN_FOR_ERC20,
|
|
36
|
+
JBPermissionIds.ADJUST_721_TIERS,
|
|
37
|
+
JBPermissionIds.SET_721_METADATA,
|
|
38
|
+
JBPermissionIds.MINT_721,
|
|
39
|
+
JBPermissionIds.SET_721_DISCOUNT_PERCENT,
|
|
40
|
+
JBPermissionIds.SET_BUYBACK_TWAP,
|
|
41
|
+
JBPermissionIds.SET_BUYBACK_POOL,
|
|
42
|
+
JBPermissionIds.SET_BUYBACK_HOOK,
|
|
43
|
+
JBPermissionIds.SET_ROUTER_TERMINAL,
|
|
44
|
+
JBPermissionIds.MAP_SUCKER_TOKEN,
|
|
45
|
+
JBPermissionIds.DEPLOY_SUCKERS,
|
|
46
|
+
JBPermissionIds.SET_SUCKER_PEER,
|
|
47
|
+
JBPermissionIds.SUCKER_SAFETY,
|
|
48
|
+
JBPermissionIds.SET_SUCKER_DEPRECATION,
|
|
49
|
+
JBPermissionIds.OPEN_LOAN,
|
|
50
|
+
JBPermissionIds.REALLOCATE_LOAN,
|
|
51
|
+
JBPermissionIds.REPAY_LOAN
|
|
52
|
+
];
|
|
53
|
+
|
|
54
|
+
for (uint256 i; i < ids.length;) {
|
|
55
|
+
assert(ids[i] == i + 1);
|
|
56
|
+
|
|
57
|
+
unchecked {
|
|
58
|
+
++i;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
/// @notice Proves the first and final IDs stay pinned to the documented namespace bounds.
|
|
64
|
+
function check_permissionNamespaceBounds() public pure {
|
|
65
|
+
assert(JBPermissionIds.ROOT == 1);
|
|
66
|
+
assert(JBPermissionIds.REPAY_LOAN == 39);
|
|
67
|
+
}
|
|
68
|
+
}
|