@bloxchain/contracts 1.0.0-alpha.2 → 1.0.0-alpha.20

package/core/execution/GuardController.sol

@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: MPL-2.0
-pragma solidity 0.8.33;
+pragma solidity 0.8.34;
 
 import "../base/BaseStateMachine.sol";
-import "../../utils/SharedValidation.sol";
+import "../lib/utils/SharedValidation.sol";
 import "./lib/definitions/GuardControllerDefinitions.sol";
-import "../../interfaces/IDefinition.sol";
+import "../lib/interfaces/IDefinition.sol";
 import "./interface/IGuardController.sol";
 
 /**
@@ -17,7 +17,6 @@ import "./interface/IGuardController.sol";
  * 
  * Key Features:
  * - Core state machine functionality from BaseStateMachine
- * - Function schema query support (functionSchemaExists)
  * - STANDARD execution type only (function selector + params)
  * - Meta-transaction support for delegated approvals and cancellations
  * - Payment management for native tokens and ERC20 tokens
@@ -33,7 +32,7 @@ import "./interface/IGuardController.sol";
  * 
  * Usage Flow:
  * 1. Deploy GuardController (or combine with RuntimeRBAC/SecureOwnable for role management)
- * 2. Function schemas should be registered via definitions or RuntimeRBAC if combined
+ * 2. Function schemas are registered via definitions at init or via GuardController guard config batch (REGISTER_FUNCTION)
  * 3. Create roles and assign function permissions with action bitmaps (via RuntimeRBAC if combined)
  * 4. Assign wallets to roles (via RuntimeRBAC if combined)
      * 5. Configure target whitelists per function selector (REQUIRED for execution)
@@ -51,7 +50,7 @@ import "./interface/IGuardController.sol";
  * - getAllowedTargets: Query whitelisted targets for a function selector
  * 
  * @notice This contract is modular and can be combined with RuntimeRBAC and SecureOwnable
- * @notice Target whitelist is a GuardController-specific security feature, not part of EngineBlox library
+ * @notice Target whitelist **state** is enforced by **EngineBlox** (`_validateTargetWhitelist`); GuardController configures it via guard batches. Public execute paths here also apply **`_validateNotInternalFunction`**: self-target is limited to **macro** selectors unless extended by inheritors.
  * @custom:security-contact security@particlecrypto.com
  */
 abstract contract GuardController is BaseStateMachine {
@@ -72,18 +71,15 @@ abstract contract GuardController is BaseStateMachine {
         uint256 timeLockPeriodSec,
         address eventForwarder
     ) public virtual onlyInitializing {
-        // Initialize base state machine (only if not already initialized)
-        if (!_secureState.initialized) {
-            _initializeBaseStateMachine(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
-        }
-        
+        _initializeBaseStateMachine(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
+
         // Load GuardController-specific definitions
         IDefinition.RolePermission memory guardControllerPermissions = GuardControllerDefinitions.getRolePermissions();
         _loadDefinitions(
             GuardControllerDefinitions.getFunctionSchemas(),
             guardControllerPermissions.roleHashes,
             guardControllerPermissions.functionPermissions,
-            true // Allow protected schemas for factory settings
+            true // Enforce all function schemas are protected
         );
     }
 
@@ -102,7 +98,7 @@ abstract contract GuardController is BaseStateMachine {
     /**
      * @dev Requests a time-locked execution via EngineBlox workflow
      * @param target The address of the target contract
-     * @param value The ETH value to send (0 for standard function calls)
+     * @param value The ETH value to send (typically 0 for standard function calls; non-zero is supported for payable edge-case workflows)
      * @param functionSelector The function selector to execute (NATIVE_TRANSFER_SELECTOR for simple native token transfers)
      * @param params The encoded parameters for the function (empty for simple native token transfers)
      * @param gasLimit The gas limit for execution
@@ -110,8 +106,9 @@ abstract contract GuardController is BaseStateMachine {
      * @return txId The transaction ID for the requested operation
      * @notice Creates a time-locked transaction that must be approved after the timelock period
      * @notice Requires EXECUTE_TIME_DELAY_REQUEST permission for the function selector
-     * @notice For standard function calls: value=0, functionSelector=non-zero, params=encoded data
-     * @notice For simple native token transfers: value>0, functionSelector=NATIVE_TRANSFER_SELECTOR, params=""
+     * @notice Recommended standard calls: value=0, functionSelector=non-zero, params=encoded data
+     * @notice Flexible edge case: non-native selectors may intentionally forward ETH to payable targets
+     * @notice Native-only convenience flow: value>0, functionSelector=NATIVE_TRANSFER_SELECTOR, params=""
      */
     function executeWithTimeLock(
         address target,
@@ -120,7 +117,7 @@ abstract contract GuardController is BaseStateMachine {
         bytes memory params,
         uint256 gasLimit,
         bytes32 operationType
-    ) public returns (EngineBlox.TxRecord memory) {
+    ) public returns (uint256 txId) {
         // SECURITY: Prevent access to internal execution functions
         _validateNotInternalFunction(target, functionSelector);
         
@@ -134,91 +131,133 @@ abstract contract GuardController is BaseStateMachine {
             functionSelector,
             params
         );
-        return txRecord;
+        return txRecord.txId;
+    }
+
+    /**
+     * @dev Requests a time-locked execution with payment details attached (same permissions as executeWithTimeLock)
+     * @param target The address of the target contract
+     * @param value The ETH value to send (typically 0 for standard function calls; non-zero is supported for payable edge-case workflows)
+     * @param functionSelector The function selector to execute (NATIVE_TRANSFER_SELECTOR for simple native token transfers)
+     * @param params The encoded parameters for the function (empty for simple native token transfers)
+     * @param gasLimit The gas limit for execution
+     * @param operationType The operation type hash
+     * @param paymentDetails The payment details to attach to the transaction
+     * @return txId The transaction ID for the requested operation (use getTransaction(txId) for full record)
+     * @notice Creates a time-locked transaction with payment that must be approved after the timelock period
+     * @notice Reuses EXECUTE_TIME_DELAY_REQUEST permission for the execution selector (no new definitions)
+     * @notice Approval/cancel use same flows as executeWithTimeLock (approveTimeLockExecution, cancelTimeLockExecution)
+     */
+    function executeWithPayment(
+        address target,
+        uint256 value,
+        bytes4 functionSelector,
+        bytes memory params,
+        uint256 gasLimit,
+        bytes32 operationType,
+        EngineBlox.PaymentDetails memory paymentDetails
+    ) public returns (uint256 txId) {
+        _validateNotInternalFunction(target, functionSelector);
+        EngineBlox.TxRecord memory txRecord = _requestTransactionWithPayment(
+            msg.sender,
+            target,
+            value,
+            gasLimit,
+            operationType,
+            functionSelector,
+            params,
+            paymentDetails
+        );
+        return txRecord.txId;
     }
     
     /**
      * @dev Approves and executes a time-locked transaction
      * @param txId The transaction ID
-     * @return result The execution result
+     * @return txId The transaction ID
      * @notice Requires STANDARD execution type and EXECUTE_TIME_DELAY_APPROVE permission for the execution function
      */
     function approveTimeLockExecution(
         uint256 txId
-    ) public returns (EngineBlox.TxRecord memory) {
+    ) public returns (uint256) {
         // SECURITY: Prevent access to internal execution functions
         EngineBlox.TxRecord memory txRecord = _getSecureState().txRecords[txId];
         _validateNotInternalFunction(txRecord.params.target, txRecord.params.executionSelector);
         
         // Approve via BaseStateMachine helper (validates permissions and whitelist in EngineBlox)
-        return _approveTransaction(txId);  
+        txRecord = _approveTransaction(txId);
+        return txRecord.txId;
     }
     
     /**
      * @dev Cancels a time-locked transaction
      * @param txId The transaction ID
-     * @return The updated transaction record
+     * @return The transaction ID
      * @notice Requires STANDARD execution type and EXECUTE_TIME_DELAY_CANCEL permission for the execution function
      */
     function cancelTimeLockExecution(
         uint256 txId
-    ) public returns (EngineBlox.TxRecord memory) {
+    ) public returns (uint256) {
         // SECURITY: Prevent access to internal execution functions
         EngineBlox.TxRecord memory txRecord = _getSecureState().txRecords[txId];
         _validateNotInternalFunction(txRecord.params.target, txRecord.params.executionSelector);
         
         // Cancel via BaseStateMachine helper (validates permissions in EngineBlox)
-        return _cancelTransaction(txId);
+        txRecord = _cancelTransaction(txId);
+        return txRecord.txId;
     }
     
     /**
      * @dev Approves a time-locked transaction using a meta-transaction
      * @param metaTx The meta-transaction containing the transaction record and signature
-     * @return The updated transaction record
+     * @return The transaction ID
      * @notice Requires STANDARD execution type and EXECUTE_META_APPROVE permission for the execution function
      */
     function approveTimeLockExecutionWithMetaTx(
         EngineBlox.MetaTransaction memory metaTx
-    ) public returns (EngineBlox.TxRecord memory) {
+    ) public returns (uint256) {
         // SECURITY: Prevent access to internal execution functions
         _validateNotInternalFunction(metaTx.txRecord.params.target, metaTx.txRecord.params.executionSelector);
         
         // Approve via BaseStateMachine helper (validates permissions and whitelist in EngineBlox)
-        return _approveTransactionWithMetaTx(metaTx);
+        EngineBlox.TxRecord memory txRecord = _approveTransactionWithMetaTx(metaTx);
+        return txRecord.txId;
     }
     
     /**
      * @dev Cancels a time-locked transaction using a meta-transaction
      * @param metaTx The meta-transaction containing the transaction record and signature
-     * @return The updated transaction record
+     * @return The transaction ID
      * @notice Requires STANDARD execution type and EXECUTE_META_CANCEL permission for the execution function
      */
     function cancelTimeLockExecutionWithMetaTx(
         EngineBlox.MetaTransaction memory metaTx
-    ) public returns (EngineBlox.TxRecord memory) {
+    ) public returns (uint256) {
         // SECURITY: Prevent access to internal execution functions
         _validateNotInternalFunction(metaTx.txRecord.params.target, metaTx.txRecord.params.executionSelector);
         
         // Cancel via BaseStateMachine helper (validates permissions and whitelist in EngineBlox)
-        return _cancelTransactionWithMetaTx(metaTx);
+        EngineBlox.TxRecord memory txRecord = _cancelTransactionWithMetaTx(metaTx);
+        return txRecord.txId;
     }
     
     /**
      * @dev Requests and approves a transaction in one step using a meta-transaction
      * @param metaTx The meta-transaction containing the transaction record and signature
-     * @return The transaction record after request and approval
+     * @return The transaction ID
      * @notice Requires STANDARD execution type
      * @notice Validates function schema and permissions for the execution function (same as executeWithTimeLock)
      * @notice Requires EXECUTE_META_REQUEST_AND_APPROVE permission for the execution function selector
      */
     function requestAndApproveExecution(
         EngineBlox.MetaTransaction memory metaTx
-    ) public returns (EngineBlox.TxRecord memory) {
+    ) public returns (uint256) {
         // SECURITY: Prevent access to internal execution functions
         _validateNotInternalFunction(metaTx.txRecord.params.target, metaTx.txRecord.params.executionSelector);
         
         // Request and approve via BaseStateMachine helper (validates permissions and whitelist in EngineBlox)
-        return _requestAndApproveTransaction(metaTx);
+        EngineBlox.TxRecord memory txRecord = _requestAndApproveTransaction(metaTx);
+        return txRecord.txId;
     }
     
     // Note: Meta-transaction utility functions (createMetaTxParams, 
@@ -236,9 +275,8 @@ abstract contract GuardController is BaseStateMachine {
      * @param functionSelector The function selector to validate
      * @notice Internal functions use validateInternalCallInternal and should only be called
      *         through the contract's own workflow, not via GuardController
-     * @notice Blocks all calls to address(this) to prevent bypassing internal-only protection
-     * @notice Exception: System macro selectors (e.g., NATIVE_TRANSFER_SELECTOR) are allowed
-     *         to target address(this) for system-level operations like native token deposits
+     * @notice Complements `EngineBlox._validateTargetWhitelist`, which **allows** `target == address(this)` for registered selectors so internal execution does not require listing `address(this)` on every whitelist. This helper **narrows GuardController’s surface**: self-target is rejected unless `functionSelector` is a **system macro** selector.
+     * @notice Exception path: macro selectors (e.g. `NATIVE_TRANSFER_SELECTOR`) may target `address(this)` for system-level operations such as native token flows.
      */
     function _validateNotInternalFunction(
         address target,
@@ -266,22 +304,28 @@ abstract contract GuardController is BaseStateMachine {
     /**
      * @dev Requests and approves a Guard configuration batch using a meta-transaction
      * @param metaTx The meta-transaction
-     * @return The transaction record
+     * @return The transaction ID
      * @notice OWNER signs, BROADCASTER executes according to GuardControllerDefinitions
      */
     function guardConfigBatchRequestAndApprove(
         EngineBlox.MetaTransaction memory metaTx
-    ) public returns (EngineBlox.TxRecord memory) {
+    ) public returns (uint256) {
         _validateBroadcaster(msg.sender);
-        
-        return _requestAndApproveTransaction(metaTx);
+        SharedValidation.validateEmptyPayment(
+            metaTx.txRecord.payment.recipient,
+            metaTx.txRecord.payment.nativeTokenAmount,
+            metaTx.txRecord.payment.erc20TokenAddress,
+            metaTx.txRecord.payment.erc20TokenAmount
+        );
+        EngineBlox.TxRecord memory txRecord = _requestAndApproveTransaction(metaTx);
+        return txRecord.txId;
     }
 
     /**
      * @dev External function that can only be called by the contract itself to execute a Guard configuration batch
      * @param actions Encoded guard configuration actions
      */
-    function executeGuardConfigBatch(GuardControllerDefinitions.GuardConfigAction[] calldata actions) external {
+    function executeGuardConfigBatch(IGuardController.GuardConfigAction[] calldata actions) external {
         _validateExecuteBySelf();
         _executeGuardConfigBatch(actions);
     }
@@ -292,48 +336,20 @@ abstract contract GuardController is BaseStateMachine {
      * @dev Internal helper to execute a Guard configuration batch
      * @param actions Encoded guard configuration actions
      */
-    function _executeGuardConfigBatch(GuardControllerDefinitions.GuardConfigAction[] calldata actions) internal {
+    function _executeGuardConfigBatch(IGuardController.GuardConfigAction[] calldata actions) internal {
         _validateBatchSize(actions.length);
 
         for (uint256 i = 0; i < actions.length; i++) {
-            GuardControllerDefinitions.GuardConfigAction calldata action = actions[i];
-
-            if (action.actionType == GuardControllerDefinitions.GuardConfigActionType.ADD_TARGET_TO_WHITELIST) {
-                // Decode ADD_TARGET_TO_WHITELIST action data
-                // Format: (bytes4 functionSelector, address target)
-                (bytes4 functionSelector, address target) = abi.decode(action.data, (bytes4, address));
-
-                _addTargetToFunctionWhitelist(functionSelector, target);
-
-                _logComponentEvent(_encodeGuardConfigEvent(GuardControllerDefinitions.GuardConfigActionType.ADD_TARGET_TO_WHITELIST, functionSelector, target));
-            } else if (action.actionType == GuardControllerDefinitions.GuardConfigActionType.REMOVE_TARGET_FROM_WHITELIST) {
-                // Decode REMOVE_TARGET_FROM_WHITELIST action data
-                // Format: (bytes4 functionSelector, address target)
-                (bytes4 functionSelector, address target) = abi.decode(action.data, (bytes4, address));
-
-                _removeTargetFromFunctionWhitelist(functionSelector, target);
-
-                _logComponentEvent(_encodeGuardConfigEvent(GuardControllerDefinitions.GuardConfigActionType.REMOVE_TARGET_FROM_WHITELIST, functionSelector, target));
-            } else if (action.actionType == GuardControllerDefinitions.GuardConfigActionType.REGISTER_FUNCTION) {
-                // Decode REGISTER_FUNCTION action data
-                // Format: (string functionSignature, string operationName, TxAction[] supportedActions)
-                (
-                    string memory functionSignature,
-                    string memory operationName,
-                    EngineBlox.TxAction[] memory supportedActions
-                ) = abi.decode(action.data, (string, string, EngineBlox.TxAction[]));
-
-                bytes4 functionSelector = _registerFunction(functionSignature, operationName, supportedActions);
-
-                _logComponentEvent(_encodeGuardConfigEvent(GuardControllerDefinitions.GuardConfigActionType.REGISTER_FUNCTION, functionSelector, address(0)));
-            } else if (action.actionType == GuardControllerDefinitions.GuardConfigActionType.UNREGISTER_FUNCTION) {
-                // Decode UNREGISTER_FUNCTION action data
-                // Format: (bytes4 functionSelector, bool safeRemoval)
-                (bytes4 functionSelector, bool safeRemoval) = abi.decode(action.data, (bytes4, bool));
-
-                _unregisterFunction(functionSelector, safeRemoval);
-
-                _logComponentEvent(_encodeGuardConfigEvent(GuardControllerDefinitions.GuardConfigActionType.UNREGISTER_FUNCTION, functionSelector, address(0)));
+            IGuardController.GuardConfigAction calldata action = actions[i];
+
+            if (action.actionType == IGuardController.GuardConfigActionType.ADD_TARGET_TO_WHITELIST) {
+                _executeAddTargetToWhitelist(action.data);
+            } else if (action.actionType == IGuardController.GuardConfigActionType.REMOVE_TARGET_FROM_WHITELIST) {
+                _executeRemoveTargetFromWhitelist(action.data);
+            } else if (action.actionType == IGuardController.GuardConfigActionType.REGISTER_FUNCTION) {
+                _executeRegisterFunction(action.data);
+            } else if (action.actionType == IGuardController.GuardConfigActionType.UNREGISTER_FUNCTION) {
+                _executeUnregisterFunction(action.data);
             } else {
                 revert SharedValidation.NotSupported();
             }
@@ -341,14 +357,62 @@ abstract contract GuardController is BaseStateMachine {
     }
 
     /**
-     * @dev Encodes guard config event payload for ComponentEvent. Decode as (GuardConfigActionType, bytes4 functionSelector, address target).
+     * @dev Executes ADD_TARGET_TO_WHITELIST: adds a target address to a function's call whitelist
+     * @param data ABI-encoded (bytes4 functionSelector, address target)
+     */
+    function _executeAddTargetToWhitelist(bytes calldata data) internal {
+        (bytes4 functionSelector, address target) = abi.decode(data, (bytes4, address));
+        _addTargetToWhitelist(functionSelector, target);
+        _logGuardConfigEvent(IGuardController.GuardConfigActionType.ADD_TARGET_TO_WHITELIST, functionSelector, target);
+    }
+
+    /**
+     * @dev Executes REMOVE_TARGET_FROM_WHITELIST: removes a target address from a function's call whitelist
+     * @param data ABI-encoded (bytes4 functionSelector, address target)
+     */
+    function _executeRemoveTargetFromWhitelist(bytes calldata data) internal {
+        (bytes4 functionSelector, address target) = abi.decode(data, (bytes4, address));
+        _removeTargetFromWhitelist(functionSelector, target);
+        _logGuardConfigEvent(IGuardController.GuardConfigActionType.REMOVE_TARGET_FROM_WHITELIST, functionSelector, target);
+    }
+
+    /**
+     * @dev Executes REGISTER_FUNCTION: registers a new function schema with signature, operation name, and supported actions
+     * @param data ABI-encoded (string functionSignature, string operationName, TxAction[] supportedActions)
+     */
+    function _executeRegisterFunction(bytes calldata data) internal {
+        (
+            string memory functionSignature,
+            string memory operationName,
+            EngineBlox.TxAction[] memory supportedActions
+        ) = abi.decode(data, (string, string, EngineBlox.TxAction[]));
+
+        bytes4 functionSelector = _registerGuardedFunction(functionSignature, operationName, supportedActions);
+        _logGuardConfigEvent(IGuardController.GuardConfigActionType.REGISTER_FUNCTION, functionSelector, address(0));
+    }
+
+    /**
+     * @dev Executes UNREGISTER_FUNCTION: unregisters a function schema by selector
+     * @param data ABI-encoded (bytes4 functionSelector, bool safeRemoval)
+     */
+    function _executeUnregisterFunction(bytes calldata data) internal {
+        (bytes4 functionSelector, bool safeRemoval) = abi.decode(data, (bytes4, bool));
+        _unregisterFunction(functionSelector, safeRemoval);
+        _logGuardConfigEvent(IGuardController.GuardConfigActionType.UNREGISTER_FUNCTION, functionSelector, address(0));
+    }
+
+    /**
+     * @dev Encodes and logs a guard config event via ComponentEvent. Payload decodes as (GuardConfigActionType, bytes4 functionSelector, address target).
+     * @param actionType The guard config action type
+     * @param functionSelector The function selector (or zero for N/A)
+     * @param target The target address (or zero for N/A)
      */
-    function _encodeGuardConfigEvent(
-        GuardControllerDefinitions.GuardConfigActionType actionType,
+    function _logGuardConfigEvent(
+        IGuardController.GuardConfigActionType actionType,
         bytes4 functionSelector,
         address target
-    ) internal pure returns (bytes memory) {
-        return abi.encode(actionType, functionSelector, target);
+    ) internal {
+        _logComponentEvent(abi.encode(actionType, functionSelector, target));
     }
 
     // ============ INTERNAL FUNCTION SCHEMA HELPERS ============
@@ -360,7 +424,7 @@ abstract contract GuardController is BaseStateMachine {
      * @param supportedActions Array of supported actions
      * @return functionSelector The derived function selector
      */
-    function _registerFunction(
+    function _registerGuardedFunction(
         string memory functionSignature,
         string memory operationName,
         EngineBlox.TxAction[] memory supportedActions
@@ -368,63 +432,23 @@ abstract contract GuardController is BaseStateMachine {
         // Derive function selector from signature
         functionSelector = bytes4(keccak256(bytes(functionSignature)));
 
-        // Validate that function schema doesn't already exist
-        if (functionSchemaExists(functionSelector)) {
-            revert SharedValidation.ResourceAlreadyExists(bytes32(functionSelector));
-        }
-
         // Convert actions array to bitmap
         uint16 supportedActionsBitmap = _createBitmapFromActions(supportedActions);
 
         // Create function schema directly (always non-protected)
         // Dynamically registered functions are execution selectors (handlerForSelectors must contain self-reference)
-        bytes4[] memory executionHandlerForSelectors = new bytes4[](1);
-        executionHandlerForSelectors[0] = functionSelector; // Self-reference for execution selector
-        _createFunctionSchema(
+        // EngineBlox.registerFunction validates schema doesn't already exist (ResourceAlreadyExists)
+        bytes4[] memory executionHandlers = new bytes4[](1);
+        executionHandlers[0] = functionSelector; // Self-reference for execution selector
+        _registerFunction(
             functionSignature,
             functionSelector,
             operationName,
             supportedActionsBitmap,
+            true, // enforceHandlerRelations for dynamically registered execution selectors
             false, // isProtected = false for dynamically registered functions
-            executionHandlerForSelectors // handlerForSelectors with self-reference for execution selectors
+            executionHandlers // handlerForSelectors with self-reference for execution selectors
         );
     }
 
-    /**
-     * @dev Internal helper to unregister a function schema
-     * @param functionSelector The function selector to unregister
-     * @param safeRemoval If true, checks for role references before removal
-     */
-    function _unregisterFunction(bytes4 functionSelector, bool safeRemoval) internal {
-        // Load schema and validate it exists
-        EngineBlox.FunctionSchema storage schema = _getSecureState().functions[functionSelector];
-        if (schema.functionSelector != functionSelector) {
-            revert SharedValidation.ResourceNotFound(bytes32(functionSelector));
-        }
-
-        // Ensure not protected
-        if (schema.isProtected) {
-            revert SharedValidation.CannotModifyProtected(bytes32(functionSelector));
-        }
-
-        // The safeRemoval check is now handled within EngineBlox.removeFunctionSchema
-        // (avoids getSupportedRolesList/getRoleFunctionPermissions which call _validateAnyRole;
-        // during meta-tx execution msg.sender is the contract, causing NoPermission)
-        _removeFunctionSchema(functionSelector, safeRemoval);
-    }
-
-    /**
-     * @dev Gets all whitelisted targets for a function selector
-     * @param functionSelector The function selector
-     * @return Array of whitelisted target addresses
-     * @notice Requires caller to have any role (via _validateAnyRole) to limit information visibility
-     */
-    function getAllowedTargets(
-        bytes4 functionSelector
-    ) external view returns (address[] memory) {
-        _validateAnyRole();
-        return _getFunctionWhitelistTargets(functionSelector);
-    }
 }
-
-