@ensuro/access-managed-proxy 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/README.md +38 -2
  2. package/build/build-info.json +1 -1
  3. package/build/contracts/AMPUtils.sol/AMPUtils.json +22 -0
  4. package/build/contracts/amps/AccessManagedProxyS25.sol/AccessManagedProxyS25.json +123 -0
  5. package/build/contracts/amps/AccessManagedProxyS26.sol/AccessManagedProxyS26.json +123 -0
  6. package/build/contracts/amps/AccessManagedProxyS27.sol/AccessManagedProxyS27.json +123 -0
  7. package/build/contracts/amps/AccessManagedProxyS28.sol/AccessManagedProxyS28.json +123 -0
  8. package/build/contracts/amps/AccessManagedProxyS29.sol/AccessManagedProxyS29.json +123 -0
  9. package/build/contracts/amps/AccessManagedProxyS30.sol/AccessManagedProxyS30.json +123 -0
  10. package/build/contracts/amps/AccessManagedProxyS31.sol/AccessManagedProxyS31.json +123 -0
  11. package/build/contracts/amps/AccessManagedProxyS32.sol/AccessManagedProxyS32.json +123 -0
  12. package/build/contracts/amps/AccessManagedProxyS33.sol/AccessManagedProxyS33.json +123 -0
  13. package/build/contracts/amps/AccessManagedProxyS34.sol/AccessManagedProxyS34.json +123 -0
  14. package/build/contracts/amps/AccessManagedProxyS35.sol/AccessManagedProxyS35.json +123 -0
  15. package/build/contracts/amps/AccessManagedProxyS36.sol/AccessManagedProxyS36.json +123 -0
  16. package/build/contracts/amps/AccessManagedProxyS37.sol/AccessManagedProxyS37.json +123 -0
  17. package/build/contracts/amps/AccessManagedProxyS38.sol/AccessManagedProxyS38.json +123 -0
  18. package/build/contracts/amps/AccessManagedProxyS39.sol/AccessManagedProxyS39.json +123 -0
  19. package/build/contracts/amps/AccessManagedProxyS40.sol/AccessManagedProxyS40.json +123 -0
  20. package/contracts/AMPUtils.sol +37 -0
  21. package/contracts/amps/AccessManagedProxyS25.sol +159 -0
  22. package/contracts/amps/AccessManagedProxyS26.sol +163 -0
  23. package/contracts/amps/AccessManagedProxyS27.sol +167 -0
  24. package/contracts/amps/AccessManagedProxyS28.sol +171 -0
  25. package/contracts/amps/AccessManagedProxyS29.sol +175 -0
  26. package/contracts/amps/AccessManagedProxyS30.sol +179 -0
  27. package/contracts/amps/AccessManagedProxyS31.sol +183 -0
  28. package/contracts/amps/AccessManagedProxyS32.sol +187 -0
  29. package/contracts/amps/AccessManagedProxyS33.sol +191 -0
  30. package/contracts/amps/AccessManagedProxyS34.sol +195 -0
  31. package/contracts/amps/AccessManagedProxyS35.sol +199 -0
  32. package/contracts/amps/AccessManagedProxyS36.sol +203 -0
  33. package/contracts/amps/AccessManagedProxyS37.sol +207 -0
  34. package/contracts/amps/AccessManagedProxyS38.sol +211 -0
  35. package/contracts/amps/AccessManagedProxyS39.sol +215 -0
  36. package/contracts/amps/AccessManagedProxyS40.sol +219 -0
  37. package/js/deployProxy.js +75 -0
  38. package/package.json +1 -1
package/README.md CHANGED
@@ -3,8 +3,44 @@
3
3
  This repository contains the smart contract AccessManagedProxy, a proxy with built-in access control, delegating the
4
4
  permissions to an OpenZeppelin's 5.x AccessManager.
5
5
 
6
- See https://forum.openzeppelin.com/t/accessmanagedproxy-is-a-good-idea/41917/3 for a discussion on the advantages of
7
- using it.
6
+ ## 🧐 Motivation
7
+
8
+ OZ 5.x introduces the AccessManager contract and AccessManaged base contract to move the access control decisions
9
+ from code to configuration. This is a step forward compared to the 4.x AccessControl authorization framework, where
10
+ you had to make decisions in the contract mapping methods to role names.
11
+
12
+ But the AccessManaged approach falls short, because you still have to make the decision (at coding time) of which
13
+ methods to decorate with the restricted modifier.
14
+
15
+ Implementing the access control with a modifier in the methods affects the observability of the access control
16
+ configuration and its formal verification.
17
+
18
+ It also increases the test effort and makes it harder to achieve 100% branch coverage in the contracts. Finally,
19
+ this has an effect on the contract size of the implementation contracts.
20
+
21
+ The widespread use of proxy contracts (mainly for upgradeable contracts) gives us the opportunity to move the
22
+ implementation of the access control delegation logic to the AccessManager contract (that is, in the end, what the
23
+ restricted modifier does) to the proxy contract.
24
+
25
+ In this way, BEFORE doing the delegatecall to the implementation contract, we will check if the call is enabled by
26
+ calling ACCESS_MANAGER.canCall(msg.sender, address(this), selector).
27
+
28
+ For gas-optimization or other reasons, we can define a list of methods (probably the views) that will be excluded
29
+ from calling the AccessManager, reducing the overhead for non-restricted method calls to the minimum.
30
+
31
+ Another advantage of this approach is the run-time observability of the access control configuration, by checking if
32
+ a given method is included in those that skip the access control, or otherwise, we will check the access manager
33
+ configuration for that method.
34
+
35
+ More details on the motivation of this idea here: https://forum.openzeppelin.com/t/accessmanagedproxy-is-a-good-idea/41917
36
+
37
+ ## 📝 Details
38
+
39
+ The package includes the AccessManagedProxy contract, and AccessManagedProxyS1 to AccessManagedProxyS24 that are
40
+ versions that accept from 1 to 24 methods (selectors) that will be skipped of the access manager check, to reduce gas
41
+ usage or to access immutability on some methods.
42
+
43
+ ## Development
8
44
 
9
45
  Try running some of the following tasks:
10
46