@bloxchain/contracts 1.0.0-alpha.2 → 1.0.0-alpha.20

package/core/research/BloxchainWallet.sol

@@ -1,306 +0,0 @@
-// SPDX-License-Identifier: AGPL-3.0-or-later
-// Copyright (c) 2025 Particle Crypto Security
-pragma solidity 0.8.33;
-
-// ============ IMPORTS ============
-
-// Import core components (relative paths within protocol repo)
-import "../execution/GuardController.sol";
-import "../access/RuntimeRBAC.sol";
-import "../security/SecureOwnable.sol";
-import "../base/BaseStateMachine.sol";
-import "../../utils/SharedValidation.sol";
-import "../../interfaces/IDefinition.sol";
-
-// ============ CONTRACT DOCUMENTATION ============
-
-/**
- * @title BloxchainWallet
- * @dev Official ParticleCS wallet controller built on Bloxchain Protocol
- *
- * This contract is based on the ControlBlox template and combines:
- * - GuardController: Execution workflows and time-locked transactions
- * - RuntimeRBAC: Runtime role creation and management
- * - SecureOwnable: Secure ownership transfer and management
- *
- * It serves as the core on-chain controller for the Bloxchain Wallet application.
- */
-contract BloxchainWallet is GuardController, RuntimeRBAC, SecureOwnable {
-    // ============ CONSTANTS ============
-
-    /// @notice Minimum time lock period: 1 day (86400 seconds)
-    uint256 public constant MIN_TIME_LOCK_PERIOD = 1 days;
-
-    /// @notice Maximum time lock period: 90 days (7776000 seconds)
-    uint256 public constant MAX_TIME_LOCK_PERIOD = 90 days;
-
-    /// @notice Maximum number of definition contracts allowed during initialization (prevents gas exhaustion and DoS)
-    /// @dev Limits external calls to untrusted contracts during initialization
-    uint256 public constant MAX_DEFINITION_CONTRACTS = 50;
-
-    /// @notice Maximum number of roles allowed during initialization (prevents gas exhaustion and DoS)
-    /// @dev Limits role creation during initialization to prevent excessive gas consumption
-    uint256 public constant MAX_INITIAL_ROLES = 50;
-
-    /// @notice Maximum schemas per definition contract (prevents gas griefing from unbounded getFunctionSchemas())
-    uint256 public constant MAX_SCHEMAS_PER_DEFINITION = 100;
-
-    /// @notice Maximum permissions per definition contract (prevents gas griefing from unbounded getRolePermissions())
-    uint256 public constant MAX_PERMISSIONS_PER_DEFINITION = 200;
-
-    // ============ CUSTOM ERRORS ============
-
-    /// @dev Thrown when the same definition contract address appears more than once in the initialization array
-    // error DuplicateDefinitionContract(address definition);
-
-    /// @dev Thrown when an address does not implement the IDefinition interface (ERC165)
-    error DefinitionNotIDefinition(address definition);
-
-    // ============ STRUCTS ============
-
-    /**
-     * @dev Struct to hold role configuration data for initialization
-     * @param roleName The name of the role (must be unique, non-empty)
-     * @param maxWallets Maximum number of wallets allowed for this role (must be > 0)
-     * @notice Function permissions are NOT included here - they must be added via definition contracts
-     * @notice This ensures function schemas exist before permissions are assigned to roles
-     * @notice Permissions should be added via definition contracts after roles are created
-     */
-    struct RoleConfig {
-        string roleName;
-        uint256 maxWallets;
-    }
-
-    // ============ EVENTS ============
-
-    /**
-     * @dev Emitted when ETH is deposited to the wallet
-     * @param from The address that deposited the ETH
-     * @param amount The amount of ETH deposited
-     */
-    event EthReceived(address indexed from, uint256 amount);
-
-    // ============ INITIALIZATION FUNCTIONS ============
-
-    /**
-     * @notice Initializer to configure the BloxchainWallet
-     * @param initialOwner The initial owner address
-     * @param broadcaster The broadcaster address
-     * @param recovery The recovery address
-     * @param timeLockPeriodSec The timelock period in seconds
-     * @param eventForwarder The event forwarder address (optional)
-     * @dev For proxy/clone deployments, the deployer should call in the same transaction as deployment.
-     */
-    function initialize(
-        address initialOwner,
-        address broadcaster,
-        address recovery,
-        uint256 timeLockPeriodSec,
-        address eventForwarder
-    )
-        public
-        virtual
-        override(GuardController, RuntimeRBAC, SecureOwnable)
-        initializer
-    {
-        _initializeBase(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
-    }
-
-    /**
-     * @notice Extended initializer with custom roles and definition contracts
-     * @param initialOwner The initial owner address
-     * @param broadcaster The broadcaster address
-     * @param recovery The recovery address
-     * @param timeLockPeriodSec The timelock period in seconds
-     * @param eventForwarder The event forwarder address (optional)
-     * @param roles Array of role configurations to create before loading definitions
-     * @param definitionContracts Array of definition contract addresses implementing IDefinition
-     * @dev Execution order:
-     *   1. Initialize base (loads RuntimeRBACDefinitions schemas and protected roles)
-     *   2. Create custom roles (roles are created with isProtected=false)
-     *   3. Load custom definitions (schemas first, then permissions added to existing roles)
-     * @dev All validation (protected schemas, duplicates, bounded sizes) is handled internally
-     * @custom:security-intentional No caller restriction: designed for clone-based factory initialization where the factory creates the clone and calls this initializer in the same transaction. The factory (or deployer) is the only caller; no window exists for front-running. Do not deploy instances without initializing atomically in the same transaction.
-     */
-    function initializeWithRolesAndDefinitions(
-        address initialOwner,
-        address broadcaster,
-        address recovery,
-        uint256 timeLockPeriodSec,
-        address eventForwarder,
-        RoleConfig[] memory roles,
-        IDefinition[] memory definitionContracts
-    ) public initializer {
-        // Initialize base (validates time lock period and initializes parent contracts)
-        // This also loads RuntimeRBACDefinitions schemas and creates protected roles (OWNER, BROADCASTER, RECOVERY)
-        _initializeBase(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
-
-        // Validate roles array length to prevent gas exhaustion and DoS attacks
-        if (roles.length > MAX_INITIAL_ROLES) {
-            revert SharedValidation.BatchSizeExceeded(roles.length, MAX_INITIAL_ROLES);
-        }
-
-        // Create custom roles before loading definitions
-        for (uint256 i = 0; i < roles.length; i++) {
-            _createRole(roles[i].roleName, roles[i].maxWallets, false);
-        }
-
-        // Validate definition contracts array length
-        if (definitionContracts.length > MAX_DEFINITION_CONTRACTS) {
-            revert SharedValidation.BatchSizeExceeded(definitionContracts.length, MAX_DEFINITION_CONTRACTS);
-        }
-
-        // Load custom definitions from each definition contract (no duplicates, bounded sizes, allowProtectedSchemas=false)
-        for (uint256 i = 0; i < definitionContracts.length; i++) {
-            address def = address(definitionContracts[i]);
-            // SharedValidation.validateNotZeroAddress(def);
-
-            // Reject duplicate definition contract addresses
-            // note: this check and error can be removed as the protocol will handle duplicates
-            // for (uint256 j = 0; j < i; j++) {
-            //     if (address(definitionContracts[j]) == def) revert DuplicateDefinitionContract(def);
-            // }
-
-            // This will be applicable in the next bloxchain update
-            // Require ERC165 IDefinition support for clearer errors and safety
-            if (!definitionContracts[i].supportsInterface(type(IDefinition).interfaceId)) {
-                revert DefinitionNotIDefinition(def);
-            }
-
-            EngineBlox.FunctionSchema[] memory schemas = definitionContracts[i].getFunctionSchemas();
-            IDefinition.RolePermission memory permissions = definitionContracts[i].getRolePermissions();
-
-            if (schemas.length > MAX_SCHEMAS_PER_DEFINITION) {
-                revert SharedValidation.BatchSizeExceeded(schemas.length, MAX_SCHEMAS_PER_DEFINITION);
-            }
-            if (permissions.roleHashes.length > MAX_PERMISSIONS_PER_DEFINITION) {
-                revert SharedValidation.BatchSizeExceeded(permissions.roleHashes.length, MAX_PERMISSIONS_PER_DEFINITION);
-            }
-
-            // When using protocol version with allowProtectedSchemas parameter, pass false for custom definitions
-            _loadDefinitions(
-                schemas,
-                permissions.roleHashes,
-                permissions.functionPermissions,
-                false // Custom definitions must not be protected
-            );
-              
-            // This will be applicable in the next bloxchain update   
-            // _loadDefinitions(
-            //     schemas,
-            //     permissions.roleHashes,
-            //     permissions.functionPermissions,
-            //     false // Custom definitions must not be protected
-            // );
-        }
-    }
-
-    // ============ DEPOSIT & INTERFACE FUNCTIONS ============
-
-    /**
-     * @dev Explicit deposit function for ETH deposits
-     * @notice Users must call this function to deposit ETH to the wallet controller
-     * @notice Direct ETH transfers to the contract will revert (receive/fallback revert)
-     * @notice ETH can still be forced in without calling deposit() (e.g. selfdestruct); such balance will not emit EthReceived
-     */
-    function deposit() external payable {
-        emit EthReceived(msg.sender, msg.value);
-        // ETH is automatically added to contract balance
-    }
-
-    /**
-     * @dev See {IERC165-supportsInterface}.
-     */
-    function supportsInterface(bytes4 interfaceId)
-        public
-        view
-        virtual
-        override(GuardController, RuntimeRBAC, SecureOwnable)
-        returns (bool)
-    {
-        return
-            GuardController.supportsInterface(interfaceId) ||
-            RuntimeRBAC.supportsInterface(interfaceId) ||
-            SecureOwnable.supportsInterface(interfaceId);
-    }
-
-    // ============ FALLBACK & RECEIVE FUNCTIONS ============
-
-    /**
-     * @dev Fallback function to reject accidental calls
-     * @notice Prevents accidental ETH transfers and unknown function calls
-     * @notice Users must use deposit() function to send ETH
-     */
-    fallback() external payable {
-        revert SharedValidation.NotSupported();
-    }
-
-    /**
-     * @dev Receive function to reject direct ETH transfers
-     * @notice Prevents accidental ETH transfers
-     * @notice Users must use deposit() function to send ETH
-     */
-    receive() external payable {
-        revert SharedValidation.NotSupported();
-    }
-
-    // ============ OVERRIDE FUNCTIONS ============
-
-    /**
-     * @dev Override to resolve ambiguity between BaseStateMachine and SecureOwnable
-     * @param newTimeLockPeriodSec The new time lock period in seconds
-     * @notice Validates that the new time lock period is between MIN_TIME_LOCK_PERIOD and MAX_TIME_LOCK_PERIOD
-     */
-    function _updateTimeLockPeriod(uint256 newTimeLockPeriodSec)
-        internal
-        virtual
-        override(BaseStateMachine, SecureOwnable)
-    {
-        _validateTimeLockPeriod(newTimeLockPeriodSec);
-        SecureOwnable._updateTimeLockPeriod(newTimeLockPeriodSec);
-    }
-
-    // ============ INTERNAL FUNCTIONS ============
-
-    /**
-     * @dev Internal function to initialize base state (common to all initialization paths)
-     * @param initialOwner The initial owner address
-     * @param broadcaster The broadcaster address
-     * @param recovery The recovery address
-     * @param timeLockPeriodSec The timelock period in seconds
-     * @param eventForwarder The event forwarder address (optional)
-     * @notice Validates time lock period and initializes all parent contracts
-     * @notice The guarded initialization ensures BaseStateMachine is only initialized once
-     */
-    function _initializeBase(
-        address initialOwner,
-        address broadcaster,
-        address recovery,
-        uint256 timeLockPeriodSec,
-        address eventForwarder
-    ) internal {
-        // Validate time lock period before initialization
-        _validateTimeLockPeriod(timeLockPeriodSec);
-        
-        // Initialize all parent contracts.
-        // The guarded initialization ensures BaseStateMachine is only initialized once.
-        GuardController.initialize(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
-        RuntimeRBAC.initialize(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
-        SecureOwnable.initialize(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
-    }
-
-    /**
-     * @dev Validates that a time lock period is within the allowed range
-     * @param timeLockPeriodSec The time lock period in seconds to validate
-     * @notice Reverts with InvalidTimeLockPeriod if the period is outside MIN_TIME_LOCK_PERIOD and MAX_TIME_LOCK_PERIOD
-     */
-    function _validateTimeLockPeriod(uint256 timeLockPeriodSec) internal pure {
-        if (
-            timeLockPeriodSec < MIN_TIME_LOCK_PERIOD ||
-            timeLockPeriodSec > MAX_TIME_LOCK_PERIOD
-        ) {
-            revert SharedValidation.InvalidTimeLockPeriod(timeLockPeriodSec);
-        }
-    }
-}
-

package/core/research/erc20-blox/ERC20Blox.sol

@@ -1,140 +0,0 @@
-// SPDX-License-Identifier: MPL-2.0
-pragma solidity 0.8.33;
-
-// OpenZeppelin
-import "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
-import "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC20BurnableUpgradeable.sol";
-import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
-
-// Core
-import "../../security/SecureOwnable.sol";
-import "../../access/RuntimeRBAC.sol";
-import "../../execution/GuardController.sol";
-import "../../base/BaseStateMachine.sol";
-import "../../../utils/SharedValidation.sol";
-import "../../../interfaces/IDefinition.sol";
-import "./lib/definitions/ERC20BloxDefinitions.sol";
-
-/**
- * @title ERC20Blox
- * @dev ERC20 token (IERC20) with SecureOwnable, RuntimeRBAC, and GuardController.
- * Exposes transfer (ERC20), mint (owner-only), and burn (ERC20Burnable).
- * @custom:security-contact security@particlecrypto.com
- */
-contract ERC20Blox is
-    IERC20,
-    ERC20Upgradeable,
-    ERC20BurnableUpgradeable,
-    SecureOwnable,
-    RuntimeRBAC,
-    GuardController
-{
-    using SharedValidation for *;
-
-    /// @custom:oz-upgrades-unsafe-allow constructor
-    constructor() {
-        _disableInitializers();
-    }
-
-    /**
-     * @dev Override to resolve diamond: SecureOwnable, RuntimeRBAC, GuardController all define initialize(5 params).
-     * Call this first, then initializeToken(name, symbol) to set ERC20 metadata.
-     */
-    function initialize(
-        address initialOwner,
-        address broadcaster,
-        address recovery,
-        uint256 timeLockPeriodSec,
-        address eventForwarder
-    ) public virtual override(GuardController, RuntimeRBAC, SecureOwnable) initializer {
-        GuardController.initialize(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
-        RuntimeRBAC.initialize(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
-        SecureOwnable.initialize(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
-
-        // Load ERC20Blox execution selectors (transfer, transferFrom, mint, burn, burnFrom) so controller can execute them
-        IDefinition.RolePermission memory erc20Permissions = ERC20BloxDefinitions.getRolePermissions();
-        _loadDefinitions(
-            ERC20BloxDefinitions.getFunctionSchemas(),
-            erc20Permissions.roleHashes,
-            erc20Permissions.functionPermissions,
-            true
-        );
-
-        // Register ERC20Blox system macro selectors (allowed to target address(this) for time-lock/meta-tx execution)
-        _addMacroSelector(ERC20BloxDefinitions.TRANSFER_SELECTOR);
-        _addMacroSelector(ERC20BloxDefinitions.TRANSFER_FROM_SELECTOR);
-        _addMacroSelector(ERC20BloxDefinitions.MINT_SELECTOR);
-        _addMacroSelector(ERC20BloxDefinitions.BURN_SELECTOR);
-        _addMacroSelector(ERC20BloxDefinitions.BURN_FROM_SELECTOR);
-    }
-
-    /**
-     * @notice Initialize the ERC20 token name and symbol. Call after initialize(5 params).
-     * @param name Token name
-     * @param symbol Token symbol
-     */
-    function initializeToken(string memory name, string memory symbol) public reinitializer(2) {
-        __ERC20_init(name, symbol);
-    }
-
-    /**
-     * @dev Override to resolve ambiguity between BaseStateMachine and SecureOwnable.
-     */
-    function _updateTimeLockPeriod(uint256 newTimeLockPeriodSec) internal virtual override(BaseStateMachine, SecureOwnable) {
-        SecureOwnable._updateTimeLockPeriod(newTimeLockPeriodSec);
-    }
-
-    /**
-     * @notice Transfer tokens to an account (callable only by this contract via GuardController)
-     * @param to Recipient address
-     * @param value Amount to transfer
-     */
-    function transfer(address to, uint256 value) public virtual override(ERC20Upgradeable, IERC20) returns (bool) {
-        SharedValidation.validateInternalCall(address(this));
-        return super.transfer(to, value);
-    }
-
-    /**
-     * @notice Transfer tokens from one account to another (with allowance); callable only by this contract via GuardController
-     * @param from Sender address
-     * @param to Recipient address
-     * @param value Amount to transfer
-     */
-    function transferFrom(address from, address to, uint256 value) public virtual override(ERC20Upgradeable, IERC20) returns (bool) {
-        SharedValidation.validateInternalCall(address(this));
-        return super.transferFrom(from, to, value);
-    }
-
-    /**
-     * @notice Mint tokens to an account (callable only by this contract via GuardController)
-     * @param to Recipient address
-     * @param amount Amount to mint
-     */
-    function mint(address to, uint256 amount) external virtual {
-        SharedValidation.validateInternalCall(address(this));
-        _mint(to, amount);
-    }
-
-    /**
-     * @notice Burn tokens from caller (callable only by this contract via GuardController)
-     * @param value Amount to burn
-     */
-    function burn(uint256 value) public virtual override(ERC20BurnableUpgradeable) {
-        SharedValidation.validateInternalCall(address(this));
-        super.burn(value);
-    }
-
-    /**
-     * @notice Burn tokens from an account (with allowance); callable only by this contract via GuardController
-     * @param account Account to burn from
-     * @param value Amount to burn
-     */
-    function burnFrom(address account, uint256 value) public virtual override(ERC20BurnableUpgradeable) {
-        SharedValidation.validateInternalCall(address(this));
-        super.burnFrom(account, value);
-    }
-
-    function supportsInterface(bytes4 interfaceId) public view virtual override(SecureOwnable, RuntimeRBAC, GuardController) returns (bool) {
-        return interfaceId == type(IERC20).interfaceId || GuardController.supportsInterface(interfaceId);
-    }
-}

package/core/research/erc20-blox/lib/definitions/ERC20BloxDefinitions.sol

@@ -1,185 +0,0 @@
-// SPDX-License-Identifier: MPL-2.0
-pragma solidity 0.8.33;
-
-import "../../../../lib/EngineBlox.sol";
-import "../../../../../interfaces/IDefinition.sol";
-
-/**
- * @title ERC20BloxDefinitions
- * @dev Definition library for ERC20Blox execution selectors (transfer, transferFrom, mint, burn, burnFrom).
- * Registers function schemas and role permissions so the GuardController can execute these functions
- * via time-lock and meta-transaction workflows. Handler permissions (executeWithTimeLock, etc.) are
- * defined in GuardControllerDefinitions.
- * @custom:security-contact security@particlecrypto.com
- */
-library ERC20BloxDefinitions {
-
-    // System macro selectors (allowed to target address(this) for GuardController execution)
-    bytes4 public constant TRANSFER_SELECTOR = bytes4(keccak256("transfer(address,uint256)"));
-    bytes4 public constant TRANSFER_FROM_SELECTOR = bytes4(keccak256("transferFrom(address,address,uint256)"));
-    bytes4 public constant MINT_SELECTOR = bytes4(keccak256("mint(address,uint256)"));
-    bytes4 public constant BURN_SELECTOR = bytes4(keccak256("burn(uint256)"));
-    bytes4 public constant BURN_FROM_SELECTOR = bytes4(keccak256("burnFrom(address,uint256)"));
-
-    bytes32 public constant ERC20_OPERATION = keccak256("ERC20_OPERATION");
-
-    /**
-     * @dev Returns function schemas for ERC20Blox execution selectors (used by controller).
-     */
-    function getFunctionSchemas() public pure returns (EngineBlox.FunctionSchema[] memory) {
-        EngineBlox.FunctionSchema[] memory schemas = new EngineBlox.FunctionSchema[](5);
-
-        EngineBlox.TxAction[] memory timeDelayRequestActions = new EngineBlox.TxAction[](1);
-        timeDelayRequestActions[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_REQUEST;
-        EngineBlox.TxAction[] memory timeDelayApproveActions = new EngineBlox.TxAction[](1);
-        timeDelayApproveActions[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_APPROVE;
-        EngineBlox.TxAction[] memory timeDelayCancelActions = new EngineBlox.TxAction[](1);
-        timeDelayCancelActions[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_CANCEL;
-        EngineBlox.TxAction[] memory metaTxRequestApproveActions = new EngineBlox.TxAction[](2);
-        metaTxRequestApproveActions[0] = EngineBlox.TxAction.SIGN_META_REQUEST_AND_APPROVE;
-        metaTxRequestApproveActions[1] = EngineBlox.TxAction.EXECUTE_META_REQUEST_AND_APPROVE;
-        EngineBlox.TxAction[] memory metaTxApproveActions = new EngineBlox.TxAction[](2);
-        metaTxApproveActions[0] = EngineBlox.TxAction.SIGN_META_APPROVE;
-        metaTxApproveActions[1] = EngineBlox.TxAction.EXECUTE_META_APPROVE;
-        EngineBlox.TxAction[] memory metaTxCancelActions = new EngineBlox.TxAction[](2);
-        metaTxCancelActions[0] = EngineBlox.TxAction.SIGN_META_CANCEL;
-        metaTxCancelActions[1] = EngineBlox.TxAction.EXECUTE_META_CANCEL;
-
-        uint16 actionsBitmap = EngineBlox.createBitmapFromActions(timeDelayRequestActions)
-            | EngineBlox.createBitmapFromActions(timeDelayApproveActions)
-            | EngineBlox.createBitmapFromActions(timeDelayCancelActions)
-            | EngineBlox.createBitmapFromActions(metaTxRequestApproveActions)
-            | EngineBlox.createBitmapFromActions(metaTxApproveActions)
-            | EngineBlox.createBitmapFromActions(metaTxCancelActions);
-
-        bytes4[] memory transferHandlers = new bytes4[](1);
-        transferHandlers[0] = TRANSFER_SELECTOR;
-        bytes4[] memory transferFromHandlers = new bytes4[](1);
-        transferFromHandlers[0] = TRANSFER_FROM_SELECTOR;
-        bytes4[] memory mintHandlers = new bytes4[](1);
-        mintHandlers[0] = MINT_SELECTOR;
-        bytes4[] memory burnHandlers = new bytes4[](1);
-        burnHandlers[0] = BURN_SELECTOR;
-        bytes4[] memory burnFromHandlers = new bytes4[](1);
-        burnFromHandlers[0] = BURN_FROM_SELECTOR;
-
-        schemas[0] = EngineBlox.FunctionSchema({
-            functionSignature: "transfer(address,uint256)",
-            functionSelector: TRANSFER_SELECTOR,
-            operationType: ERC20_OPERATION,
-            operationName: "ERC20_TRANSFER",
-            supportedActionsBitmap: actionsBitmap,
-            isProtected: true,
-            handlerForSelectors: transferHandlers
-        });
-        schemas[1] = EngineBlox.FunctionSchema({
-            functionSignature: "transferFrom(address,address,uint256)",
-            functionSelector: TRANSFER_FROM_SELECTOR,
-            operationType: ERC20_OPERATION,
-            operationName: "ERC20_TRANSFER_FROM",
-            supportedActionsBitmap: actionsBitmap,
-            isProtected: true,
-            handlerForSelectors: transferFromHandlers
-        });
-        schemas[2] = EngineBlox.FunctionSchema({
-            functionSignature: "mint(address,uint256)",
-            functionSelector: MINT_SELECTOR,
-            operationType: ERC20_OPERATION,
-            operationName: "ERC20_MINT",
-            supportedActionsBitmap: actionsBitmap,
-            isProtected: true,
-            handlerForSelectors: mintHandlers
-        });
-        schemas[3] = EngineBlox.FunctionSchema({
-            functionSignature: "burn(uint256)",
-            functionSelector: BURN_SELECTOR,
-            operationType: ERC20_OPERATION,
-            operationName: "ERC20_BURN",
-            supportedActionsBitmap: actionsBitmap,
-            isProtected: true,
-            handlerForSelectors: burnHandlers
-        });
-        schemas[4] = EngineBlox.FunctionSchema({
-            functionSignature: "burnFrom(address,uint256)",
-            functionSelector: BURN_FROM_SELECTOR,
-            operationType: ERC20_OPERATION,
-            operationName: "ERC20_BURN_FROM",
-            supportedActionsBitmap: actionsBitmap,
-            isProtected: true,
-            handlerForSelectors: burnFromHandlers
-        });
-
-        return schemas;
-    }
-
-    /**
-     * @dev Returns role permissions for ERC20Blox execution selectors (OWNER and BROADCASTER).
-     */
-    function getRolePermissions() public pure returns (IDefinition.RolePermission memory) {
-        bytes32[] memory roleHashes = new bytes32[](10);
-        EngineBlox.FunctionPermission[] memory functionPermissions = new EngineBlox.FunctionPermission[](10);
-
-        EngineBlox.TxAction[] memory ownerTimeLockRequest = new EngineBlox.TxAction[](1);
-        ownerTimeLockRequest[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_REQUEST;
-        EngineBlox.TxAction[] memory ownerTimeLockApprove = new EngineBlox.TxAction[](1);
-        ownerTimeLockApprove[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_APPROVE;
-        EngineBlox.TxAction[] memory ownerTimeLockCancel = new EngineBlox.TxAction[](1);
-        ownerTimeLockCancel[0] = EngineBlox.TxAction.EXECUTE_TIME_DELAY_CANCEL;
-        EngineBlox.TxAction[] memory ownerMetaSign = new EngineBlox.TxAction[](1);
-        ownerMetaSign[0] = EngineBlox.TxAction.SIGN_META_REQUEST_AND_APPROVE;
-        EngineBlox.TxAction[] memory ownerMetaApprove = new EngineBlox.TxAction[](1);
-        ownerMetaApprove[0] = EngineBlox.TxAction.SIGN_META_APPROVE;
-        EngineBlox.TxAction[] memory ownerMetaCancel = new EngineBlox.TxAction[](1);
-        ownerMetaCancel[0] = EngineBlox.TxAction.SIGN_META_CANCEL;
-        EngineBlox.TxAction[] memory broadcasterMetaExec = new EngineBlox.TxAction[](1);
-        broadcasterMetaExec[0] = EngineBlox.TxAction.EXECUTE_META_REQUEST_AND_APPROVE;
-        EngineBlox.TxAction[] memory broadcasterMetaApprove = new EngineBlox.TxAction[](1);
-        broadcasterMetaApprove[0] = EngineBlox.TxAction.EXECUTE_META_APPROVE;
-        EngineBlox.TxAction[] memory broadcasterMetaCancel = new EngineBlox.TxAction[](1);
-        broadcasterMetaCancel[0] = EngineBlox.TxAction.EXECUTE_META_CANCEL;
-
-        uint16 ownerBitmap = EngineBlox.createBitmapFromActions(ownerTimeLockRequest)
-            | EngineBlox.createBitmapFromActions(ownerTimeLockApprove)
-            | EngineBlox.createBitmapFromActions(ownerTimeLockCancel)
-            | EngineBlox.createBitmapFromActions(ownerMetaSign)
-            | EngineBlox.createBitmapFromActions(ownerMetaApprove)
-            | EngineBlox.createBitmapFromActions(ownerMetaCancel);
-        uint16 broadcasterBitmap = EngineBlox.createBitmapFromActions(broadcasterMetaExec)
-            | EngineBlox.createBitmapFromActions(broadcasterMetaApprove)
-            | EngineBlox.createBitmapFromActions(broadcasterMetaCancel);
-
-        bytes4[5] memory selectors = [TRANSFER_SELECTOR, TRANSFER_FROM_SELECTOR, MINT_SELECTOR, BURN_SELECTOR, BURN_FROM_SELECTOR];
-        for (uint256 i = 0; i < 5; i++) {
-            bytes4[] memory selfRef = new bytes4[](1);
-            selfRef[0] = selectors[i];
-            roleHashes[i] = EngineBlox.OWNER_ROLE;
-            functionPermissions[i] = EngineBlox.FunctionPermission({
-                functionSelector: selectors[i],
-                grantedActionsBitmap: ownerBitmap,
-                handlerForSelectors: selfRef
-            });
-        }
-        for (uint256 i = 0; i < 5; i++) {
-            bytes4[] memory selfRef = new bytes4[](1);
-            selfRef[0] = selectors[i];
-            roleHashes[5 + i] = EngineBlox.BROADCASTER_ROLE;
-            functionPermissions[5 + i] = EngineBlox.FunctionPermission({
-                functionSelector: selectors[i],
-                grantedActionsBitmap: broadcasterBitmap,
-                handlerForSelectors: selfRef
-            });
-        }
-
-        return IDefinition.RolePermission({
-            roleHashes: roleHashes,
-            functionPermissions: functionPermissions
-        });
-    }
-
-    /**
-     * @dev ERC165: report support for IDefinition when this library is used at an address
-     */
-    function supportsInterface(bytes4 interfaceId) external pure returns (bool) {
-        return interfaceId == type(IDefinition).interfaceId;
-    }
-}