npm - @ensuro/access-managed-proxy - Versions diffs - 0.1.0 → 0.2.0 - Mend

@ensuro/access-managed-proxy 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/contracts/amps/AccessManagedProxyS40.sol ADDED Viewed

@@ -0,0 +1,219 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+import {AccessManagedProxy} from "../AccessManagedProxy.sol";
+import {IAccessManager} from "@openzeppelin/contracts/access/manager/IAccessManager.sol";
+/**
+ * @title AccessManagedProxyS40
+ * @notice Specialization of AccessManagedProxy with pass thru (skips AM) for some messages for gas optimization
+ *
+ * @custom:security-contact security@ensuro.co
+ * @author Ensuro
+ */
+contract AccessManagedProxyS40 is AccessManagedProxy {
+  bytes4 internal immutable PASS_THRU_METHODS_0;
+  bytes4 internal immutable PASS_THRU_METHODS_1;
+  bytes4 internal immutable PASS_THRU_METHODS_2;
+  bytes4 internal immutable PASS_THRU_METHODS_3;
+  bytes4 internal immutable PASS_THRU_METHODS_4;
+  bytes4 internal immutable PASS_THRU_METHODS_5;
+  bytes4 internal immutable PASS_THRU_METHODS_6;
+  bytes4 internal immutable PASS_THRU_METHODS_7;
+  bytes4 internal immutable PASS_THRU_METHODS_8;
+  bytes4 internal immutable PASS_THRU_METHODS_9;
+  bytes4 internal immutable PASS_THRU_METHODS_10;
+  bytes4 internal immutable PASS_THRU_METHODS_11;
+  bytes4 internal immutable PASS_THRU_METHODS_12;
+  bytes4 internal immutable PASS_THRU_METHODS_13;
+  bytes4 internal immutable PASS_THRU_METHODS_14;
+  bytes4 internal immutable PASS_THRU_METHODS_15;
+  bytes4 internal immutable PASS_THRU_METHODS_16;
+  bytes4 internal immutable PASS_THRU_METHODS_17;
+  bytes4 internal immutable PASS_THRU_METHODS_18;
+  bytes4 internal immutable PASS_THRU_METHODS_19;
+  bytes4 internal immutable PASS_THRU_METHODS_20;
+  bytes4 internal immutable PASS_THRU_METHODS_21;
+  bytes4 internal immutable PASS_THRU_METHODS_22;
+  bytes4 internal immutable PASS_THRU_METHODS_23;
+  bytes4 internal immutable PASS_THRU_METHODS_24;
+  bytes4 internal immutable PASS_THRU_METHODS_25;
+  bytes4 internal immutable PASS_THRU_METHODS_26;
+  bytes4 internal immutable PASS_THRU_METHODS_27;
+  bytes4 internal immutable PASS_THRU_METHODS_28;
+  bytes4 internal immutable PASS_THRU_METHODS_29;
+  bytes4 internal immutable PASS_THRU_METHODS_30;
+  bytes4 internal immutable PASS_THRU_METHODS_31;
+  bytes4 internal immutable PASS_THRU_METHODS_32;
+  bytes4 internal immutable PASS_THRU_METHODS_33;
+  bytes4 internal immutable PASS_THRU_METHODS_34;
+  bytes4 internal immutable PASS_THRU_METHODS_35;
+  bytes4 internal immutable PASS_THRU_METHODS_36;
+  bytes4 internal immutable PASS_THRU_METHODS_37;
+  bytes4 internal immutable PASS_THRU_METHODS_38;
+  bytes4 internal immutable PASS_THRU_METHODS_39;
+  /**
+   * @notice Constructor of the proxy, defining the implementation and the access manager
+   * @dev Initializes the upgradeable proxy with an initial implementation specified by `implementation` and
+   *      with `manager` as the ACCESS_MANAGER that will handle access control.
+   *
+   * @param implementation The initial implementation contract.
+   * @param _data If nonempty, it's used as data in a delegate call to `implementation`. This will typically be an
+   *              encoded function call, and allows initializing the storage of the proxy like a Solidity constructor.
+   * @param manager The access manager that will handle access control
+   * @param passThruMethods The selector of methods that will skip the access control validation, typically used for
+   *                        views and other methods for gas optimization.
+   *
+   * Requirements:
+   *
+   * - If `data` is empty, `msg.value` must be zero.
+   */
+  constructor(
+    address implementation,
+    bytes memory _data,
+    IAccessManager manager,
+    bytes4[40] memory passThruMethods
+  ) payable AccessManagedProxy(implementation, _data, manager) {
+    PASS_THRU_METHODS_0 = passThruMethods[0];
+    PASS_THRU_METHODS_1 = passThruMethods[1];
+    PASS_THRU_METHODS_2 = passThruMethods[2];
+    PASS_THRU_METHODS_3 = passThruMethods[3];
+    PASS_THRU_METHODS_4 = passThruMethods[4];
+    PASS_THRU_METHODS_5 = passThruMethods[5];
+    PASS_THRU_METHODS_6 = passThruMethods[6];
+    PASS_THRU_METHODS_7 = passThruMethods[7];
+    PASS_THRU_METHODS_8 = passThruMethods[8];
+    PASS_THRU_METHODS_9 = passThruMethods[9];
+    PASS_THRU_METHODS_10 = passThruMethods[10];
+    PASS_THRU_METHODS_11 = passThruMethods[11];
+    PASS_THRU_METHODS_12 = passThruMethods[12];
+    PASS_THRU_METHODS_13 = passThruMethods[13];
+    PASS_THRU_METHODS_14 = passThruMethods[14];
+    PASS_THRU_METHODS_15 = passThruMethods[15];
+    PASS_THRU_METHODS_16 = passThruMethods[16];
+    PASS_THRU_METHODS_17 = passThruMethods[17];
+    PASS_THRU_METHODS_18 = passThruMethods[18];
+    PASS_THRU_METHODS_19 = passThruMethods[19];
+    PASS_THRU_METHODS_20 = passThruMethods[20];
+    PASS_THRU_METHODS_21 = passThruMethods[21];
+    PASS_THRU_METHODS_22 = passThruMethods[22];
+    PASS_THRU_METHODS_23 = passThruMethods[23];
+    PASS_THRU_METHODS_24 = passThruMethods[24];
+    PASS_THRU_METHODS_25 = passThruMethods[25];
+    PASS_THRU_METHODS_26 = passThruMethods[26];
+    PASS_THRU_METHODS_27 = passThruMethods[27];
+    PASS_THRU_METHODS_28 = passThruMethods[28];
+    PASS_THRU_METHODS_29 = passThruMethods[29];
+    PASS_THRU_METHODS_30 = passThruMethods[30];
+    PASS_THRU_METHODS_31 = passThruMethods[31];
+    PASS_THRU_METHODS_32 = passThruMethods[32];
+    PASS_THRU_METHODS_33 = passThruMethods[33];
+    PASS_THRU_METHODS_34 = passThruMethods[34];
+    PASS_THRU_METHODS_35 = passThruMethods[35];
+    PASS_THRU_METHODS_36 = passThruMethods[36];
+    PASS_THRU_METHODS_37 = passThruMethods[37];
+    PASS_THRU_METHODS_38 = passThruMethods[38];
+    PASS_THRU_METHODS_39 = passThruMethods[39];
+  }
+  /*
+   * @notice Skips the access control if the method called is one of the passThruMethods
+   * @dev See {PASS_THRU_METHODS()}
+   * @param selector The selector of the method called
+   * @return Whether the access control using ACCESS_MANAGER should be skipped or not
+   */
+  function _skipAC(bytes4 selector) internal view override returns (bool) {
+    return
+      selector == PASS_THRU_METHODS_0 ||
+      selector == PASS_THRU_METHODS_1 ||
+      selector == PASS_THRU_METHODS_2 ||
+      selector == PASS_THRU_METHODS_3 ||
+      selector == PASS_THRU_METHODS_4 ||
+      selector == PASS_THRU_METHODS_5 ||
+      selector == PASS_THRU_METHODS_6 ||
+      selector == PASS_THRU_METHODS_7 ||
+      selector == PASS_THRU_METHODS_8 ||
+      selector == PASS_THRU_METHODS_9 ||
+      selector == PASS_THRU_METHODS_10 ||
+      selector == PASS_THRU_METHODS_11 ||
+      selector == PASS_THRU_METHODS_12 ||
+      selector == PASS_THRU_METHODS_13 ||
+      selector == PASS_THRU_METHODS_14 ||
+      selector == PASS_THRU_METHODS_15 ||
+      selector == PASS_THRU_METHODS_16 ||
+      selector == PASS_THRU_METHODS_17 ||
+      selector == PASS_THRU_METHODS_18 ||
+      selector == PASS_THRU_METHODS_19 ||
+      selector == PASS_THRU_METHODS_20 ||
+      selector == PASS_THRU_METHODS_21 ||
+      selector == PASS_THRU_METHODS_22 ||
+      selector == PASS_THRU_METHODS_23 ||
+      selector == PASS_THRU_METHODS_24 ||
+      selector == PASS_THRU_METHODS_25 ||
+      selector == PASS_THRU_METHODS_26 ||
+      selector == PASS_THRU_METHODS_27 ||
+      selector == PASS_THRU_METHODS_28 ||
+      selector == PASS_THRU_METHODS_29 ||
+      selector == PASS_THRU_METHODS_30 ||
+      selector == PASS_THRU_METHODS_31 ||
+      selector == PASS_THRU_METHODS_32 ||
+      selector == PASS_THRU_METHODS_33 ||
+      selector == PASS_THRU_METHODS_34 ||
+      selector == PASS_THRU_METHODS_35 ||
+      selector == PASS_THRU_METHODS_36 ||
+      selector == PASS_THRU_METHODS_37 ||
+      selector == PASS_THRU_METHODS_38 ||
+      selector == PASS_THRU_METHODS_39;
+  }
+  /**
+   * @notice Gives observability to the methods that are skipped from access control
+   * @dev This list is fixed and defined on contract construction
+   * @return methods The list of method selectors that skip ACCESS_MANAGER access control
+   */
+  // solhint-disable-next-line func-name-mixedcase
+  function PASS_THRU_METHODS() external view returns (bytes4[] memory methods) {
+    methods = new bytes4[](40);
+    methods[0] = PASS_THRU_METHODS_0;
+    methods[1] = PASS_THRU_METHODS_1;
+    methods[2] = PASS_THRU_METHODS_2;
+    methods[3] = PASS_THRU_METHODS_3;
+    methods[4] = PASS_THRU_METHODS_4;
+    methods[5] = PASS_THRU_METHODS_5;
+    methods[6] = PASS_THRU_METHODS_6;
+    methods[7] = PASS_THRU_METHODS_7;
+    methods[8] = PASS_THRU_METHODS_8;
+    methods[9] = PASS_THRU_METHODS_9;
+    methods[10] = PASS_THRU_METHODS_10;
+    methods[11] = PASS_THRU_METHODS_11;
+    methods[12] = PASS_THRU_METHODS_12;
+    methods[13] = PASS_THRU_METHODS_13;
+    methods[14] = PASS_THRU_METHODS_14;
+    methods[15] = PASS_THRU_METHODS_15;
+    methods[16] = PASS_THRU_METHODS_16;
+    methods[17] = PASS_THRU_METHODS_17;
+    methods[18] = PASS_THRU_METHODS_18;
+    methods[19] = PASS_THRU_METHODS_19;
+    methods[20] = PASS_THRU_METHODS_20;
+    methods[21] = PASS_THRU_METHODS_21;
+    methods[22] = PASS_THRU_METHODS_22;
+    methods[23] = PASS_THRU_METHODS_23;
+    methods[24] = PASS_THRU_METHODS_24;
+    methods[25] = PASS_THRU_METHODS_25;
+    methods[26] = PASS_THRU_METHODS_26;
+    methods[27] = PASS_THRU_METHODS_27;
+    methods[28] = PASS_THRU_METHODS_28;
+    methods[29] = PASS_THRU_METHODS_29;
+    methods[30] = PASS_THRU_METHODS_30;
+    methods[31] = PASS_THRU_METHODS_31;
+    methods[32] = PASS_THRU_METHODS_32;
+    methods[33] = PASS_THRU_METHODS_33;
+    methods[34] = PASS_THRU_METHODS_34;
+    methods[35] = PASS_THRU_METHODS_35;
+    methods[36] = PASS_THRU_METHODS_36;
+    methods[37] = PASS_THRU_METHODS_37;
+    methods[38] = PASS_THRU_METHODS_38;
+    methods[39] = PASS_THRU_METHODS_39;
+  }
+}

package/js/deployProxy.js ADDED Viewed

@@ -0,0 +1,75 @@
+const hre = require("hardhat");
+const { ethers } = hre;
+const { deploy: ozUpgradesDeploy } = require("@openzeppelin/hardhat-upgrades/dist/utils");
+/**
+ * Deploys a contract using an AccessManagedProxy. Similar to hre.upgrades.deployProxy, but using AccessManagedProxy
+ *
+ * @param {contractFactory} The contract factory of the implementation contract
+ * @param {initializeArgs} Arguments for `initialize`
+ * @param {opts} Options for hre.upgrades.deployProxy with some AccessManagedProxy additions:
+ *               - skipViewsAndPure: if true, deploys a proxy that will skip the access control for all the view and
+ *                                   pure methods
+ *               - skipMethods: list of method names that will skip the access control. Added to views and pure, if
+ *                              skipViewsAndPure is true.
+ *               - acMgr: mandatory argument that will be used for the AMP
+ * @returns {contract} Promise<Contract>
+ */
+async function deployAMPProxy(contractFactory, initializeArgs = [], opts = {}) {
+  const { acMgr, skipViewsAndPure, skipMethods } = opts;
+  if (acMgr === undefined) throw new Error("Missing required `acMgr` in opts");
+  let skipSelectors = [];
+  if (skipViewsAndPure) {
+    skipSelectors = contractFactory.interface.fragments
+      .filter(
+        (fragment) =>
+          fragment.type === "function" && (fragment.stateMutability === "pure" || fragment.stateMutability === "view")
+      )
+      .map((fragment) => fragment.selector);
+  }
+  if (skipMethods !== undefined && skipMethods.length > 0) {
+    skipSelectors.push(
+      ...skipMethods.map((method) =>
+        method.startsWith("0x") ? method : contractFactory.interface.getFunction(method).selector
+      )
+    );
+  }
+  let proxyFactory, deployFunction;
+  if (skipSelectors.length > 0) {
+    proxyFactory = await ethers.getContractFactory(`AccessManagedProxyS${skipSelectors.length}`);
+    deployFunction = async (hre_, opts, factory, ...args) =>
+      ozUpgradesDeploy(hre_, opts, factory, ...args, acMgr, skipSelectors);
+  } else {
+    proxyFactory = await ethers.getContractFactory("AccessManagedProxy");
+    deployFunction = async (hre_, opts, factory, ...args) => ozUpgradesDeploy(hre_, opts, factory, ...args, acMgr);
+  }
+  return hre.upgrades.deployProxy(contractFactory, initializeArgs, {
+    ...opts,
+    kind: "uups",
+    proxyFactory,
+    deployFunction,
+  });
+}
+async function attachAsAMP(contract, ampContractFactory = undefined) {
+  ampContractFactory = ampContractFactory || (await ethers.getContractFactory("AccessManagedProxyS1"));
+  return ampContractFactory.attach(contract);
+}
+async function getAccessManager(contract, ampContractFactory = undefined, accessManagerFactory="AccessManager") {
+  const contractAsAMP = await attachAsAMP(contract, ampContractFactory);
+  return ethers.getContractAt(accessManagerFactory, await contractAsAMP.ACCESS_MANAGER());
+}
+function makeSelector(role) {
+  return ethers.keccak256(ethers.toUtf8Bytes(role)).slice(0, 10);
+}
+module.exports = {
+  deployAMPProxy,
+  attachAsAMP,
+  getAccessManager,
+  makeSelector,
+};

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@ensuro/access-managed-proxy",
   "description": "Variant of ERC-1967 proxy with built-in access control using OZ 5.x AccessManager",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "files": [
     "**/*.sol",
     "/build",