@etherisc/gif-next 0.0.2-91b514c-961 → 0.0.2-9272c43-568

package/contracts/registry/RegistryAuthorization.sol

@@ -14,6 +14,7 @@ import {RoleIdLib, ADMIN_ROLE, GIF_ADMIN_ROLE, GIF_MANAGER_ROLE} from "../type/R
 import {StakingStore} from "../staking/StakingStore.sol";
 import {TokenHandler} from "../shared/TokenHandler.sol";
 import {TokenRegistry} from "../registry/TokenRegistry.sol";
+import {VersionPartLib} from "../type/Version.sol";
 
 
 contract RegistryAuthorization
@@ -39,39 +40,48 @@ contract RegistryAuthorization
      string public constant TOKEN_REGISTRY_TARGET_NAME = "TokenRegistry";
 
      string public constant STAKING_TARGET_NAME = "Staking";
-     string public constant STAKING_TH_TARGET_NAME = "StakingTH";
+     string public constant STAKING_TH_TARGET_NAME = "StakingTh";
      string public constant STAKING_STORE_TARGET_NAME = "StakingStore";
 
-     constructor()
-          Authorization(REGISTRY_TARGET_NAME, REGISTRY(), false, false)
+     constructor(string memory commitHash)
+          Authorization(
+               REGISTRY_TARGET_NAME, 
+               REGISTRY(), 
+               3, 
+               commitHash, 
+               false, // isComponent
+               false) // includeTokenHandler
      { }
 
      /// @dev Sets up the GIF admin and manager roles.
      function _setupRoles() internal override {
 
-          // service roles (for all versions)
+          // max number of versioned contracts per generic service
+          uint32 maxReleases = uint32(VersionPartLib.releaseMax().toInt());
+
+          // service roles (for all releases)
           _addRole(
-               RoleIdLib.roleForTypeAndAllVersions(REGISTRY()), 
+               RoleIdLib.toGenericServiceRoleId(REGISTRY()), 
                _toRoleInfo({
                     adminRoleId: ADMIN_ROLE(),
-                    roleType: RoleType.Gif,
-                    maxMemberCount: 999, // max member count = max 
+                    roleType: RoleType.Core,
+                    maxMemberCount: maxReleases, 
                     name: REGISTRY_SERVICE_ROLE_NAME}));
 
           _addRole(
-               RoleIdLib.roleForTypeAndAllVersions(STAKING()), 
+               RoleIdLib.toGenericServiceRoleId(STAKING()), 
                _toRoleInfo({
                     adminRoleId: ADMIN_ROLE(),
-                    roleType: RoleType.Gif,
-                    maxMemberCount: 999, // max member count = max 
+                    roleType: RoleType.Core,
+                    maxMemberCount: maxReleases, 
                     name: STAKING_SERVICE_ROLE_NAME}));
 
           _addRole(
-               RoleIdLib.roleForTypeAndAllVersions(POOL()), 
+               RoleIdLib.toGenericServiceRoleId(POOL()), 
                _toRoleInfo({
                     adminRoleId: ADMIN_ROLE(),
-                    roleType: RoleType.Gif,
-                    maxMemberCount: 999, // max member count = max 
+                    roleType: RoleType.Core,
+                    maxMemberCount: maxReleases, 
                     name: POOL_SERVICE_ROLE_NAME}));
 
           // gif admin role
@@ -79,7 +89,7 @@ contract RegistryAuthorization
                GIF_ADMIN_ROLE(),
                _toRoleInfo({
                     adminRoleId: ADMIN_ROLE(),
-                    roleType: RoleType.Gif,
+                    roleType: RoleType.Core,
                     maxMemberCount: 2, // TODO decide on max member count
                     name: GIF_ADMIN_ROLE_NAME}));
 
@@ -88,7 +98,7 @@ contract RegistryAuthorization
                GIF_MANAGER_ROLE(), 
                _toRoleInfo({
                     adminRoleId: ADMIN_ROLE(),
-                    roleType: RoleType.Gif,
+                    roleType: RoleType.Core,
                     maxMemberCount: 1, // TODO decide on max member count
                     name: GIF_MANAGER_ROLE_NAME}));
 
@@ -96,13 +106,13 @@ contract RegistryAuthorization
 
      /// @dev Sets up the relevant (non-service) targets for the registry.
      function _setupTargets() internal override {
-          _addGifContractTarget(REGISTRY_ADMIN_TARGET_NAME);
-          _addGifContractTarget(RELEASE_REGISTRY_TARGET_NAME);
-          _addGifContractTarget(TOKEN_REGISTRY_TARGET_NAME);
+          _addGifTarget(REGISTRY_ADMIN_TARGET_NAME);
+          _addGifTarget(RELEASE_REGISTRY_TARGET_NAME);
+          _addGifTarget(TOKEN_REGISTRY_TARGET_NAME);
 
-          _addGifContractTarget(STAKING_TARGET_NAME);
-          _addGifContractTarget(STAKING_TH_TARGET_NAME);
-          _addTarget(STAKING_STORE_TARGET_NAME);
+          _addGifTarget(STAKING_TARGET_NAME);
+          _addGifTarget(STAKING_TH_TARGET_NAME);
+          _addGifTarget(STAKING_STORE_TARGET_NAME);
      }
 
 
@@ -134,7 +144,7 @@ contract RegistryAuthorization
           // registry service role
           functions = _authorizeForTarget(
                REGISTRY_TARGET_NAME, 
-               RoleIdLib.roleForTypeAndAllVersions(REGISTRY()));
+               RoleIdLib.toGenericServiceRoleId(REGISTRY()));
 
           _authorize(functions, IRegistry.register.selector, "register");
           _authorize(functions, IRegistry.registerWithCustomType.selector, "registerWithCustomType");
@@ -201,7 +211,7 @@ contract RegistryAuthorization
           // staking service role
           functions = _authorizeForTarget(
                STAKING_TARGET_NAME, 
-               RoleIdLib.roleForTypeAndAllVersions(STAKING()));
+               RoleIdLib.toGenericServiceRoleId(STAKING()));
 
           _authorize(functions, IStaking.registerTarget.selector, "registerTarget");
           _authorize(functions, IStaking.setLockingPeriod.selector, "setLockingPeriod");
@@ -219,7 +229,7 @@ contract RegistryAuthorization
           // pool service role
           functions = _authorizeForTarget(
                STAKING_TARGET_NAME, 
-               RoleIdLib.roleForTypeAndAllVersions(POOL()));
+               RoleIdLib.toGenericServiceRoleId(POOL()));
 
           _authorize(functions, IStaking.increaseTotalValueLocked.selector, "increaseTotalValueLocked");
           _authorize(functions, IStaking.decreaseTotalValueLocked.selector, "decreaseTotalValueLocked");
@@ -232,7 +242,7 @@ contract RegistryAuthorization
           // staking service role
           functions = _authorizeForTarget(
                STAKING_TH_TARGET_NAME,
-               RoleIdLib.roleForTypeAndAllVersions(STAKING()));
+               RoleIdLib.toGenericServiceRoleId(STAKING()));
 
           _authorize(functions, TokenHandler.approve.selector, "approve");
           _authorize(functions, TokenHandler.pullToken.selector, "pullToken");

package/contracts/registry/ReleaseAdmin.sol

@@ -1,16 +1,20 @@
 // SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.20;
 
-import {AccessAdmin} from "../authorization/AccessAdmin.sol";
-import {AccessAdminLib} from "../authorization/AccessAdminLib.sol";
-import {AccessManagerCloneable} from "../authorization/AccessManagerCloneable.sol";
 import {IAccess} from "../authorization/IAccess.sol";
+import {IAuthorization} from "../authorization/IAuthorization.sol";
 import {IService} from "../shared/IService.sol";
 import {IServiceAuthorization} from "../authorization/IServiceAuthorization.sol";
-import {ObjectType, ObjectTypeLib, ALL} from "../type/ObjectType.sol";
-import {RoleId, RoleIdLib, ADMIN_ROLE, RELEASE_REGISTRY_ROLE, PUBLIC_ROLE} from "../type/RoleId.sol";
+
+import {AccessAdmin} from "../authorization/AccessAdmin.sol";
+import {AccessAdminLib} from "../authorization/AccessAdminLib.sol";
+import {AccessManagerCloneable} from "../authorization/AccessManagerCloneable.sol";
+import {ObjectType, ObjectTypeLib, RELEASE} from "../type/ObjectType.sol";
+import {RoleId, ADMIN_ROLE, RELEASE_REGISTRY_ROLE} from "../type/RoleId.sol";
+import {Str} from "../type/String.sol";
 import {VersionPart} from "../type/Version.sol";
 
+
 /// @dev The ReleaseAdmin contract implements the central authorization for the services of a specific release.
 /// There is one ReleaseAdmin contract per major GIF release.
 /// Locking/unlocking of all services of a release is implemented in function setReleaseLocked.
@@ -25,11 +29,13 @@ contract ReleaseAdmin is
     error ErrorReleaseAdminReleaseLockAlreadySetTo(bool locked);
 
     /// @dev release core roles
-    string public constant RELEASE_REGISTRY_ROLE_NAME = "ReleaseRegistryRole";
+    string public constant RELEASE_REGISTRY_ROLE_NAME = "ReleaseRegistry_Role";
 
     /// @dev release core targets
     string public constant RELEASE_ADMIN_TARGET_NAME = "ReleaseAdmin";
 
+    IServiceAuthorization internal _serviceAuthorization;
+
 
     modifier onlyReleaseRegistry() {
         (bool isMember, ) = _authority.hasRole(RELEASE_REGISTRY_ROLE().toInt(), msg.sender);
@@ -39,6 +45,7 @@ contract ReleaseAdmin is
         _;
     }
 
+
     // @dev Only used for master release admin
     constructor(address accessManager) {
         initialize(
@@ -49,32 +56,40 @@ contract ReleaseAdmin is
 
     function completeSetup(
         address registry,
-        address releaseRegistry,
-        VersionPart release
+        address authorization,
+        VersionPart release,
+        address releaseRegistry
     )
         external
         reinitializer(uint64(release.toInt()))
     {
 
         // checks
-        _checkRegistry(registry);
+        AccessAdminLib.checkRegistry(registry);
 
         AccessManagerCloneable(
             authority()).completeSetup(
                 registry, 
-                release); 
+                release);
+
+        IServiceAuthorization serviceAuthorization = IServiceAuthorization(authorization);
+        _checkAuthorization(address(serviceAuthorization), RELEASE(), release, true, true);
+        _serviceAuthorization = serviceAuthorization;
 
         // link nft ownability to registry
         _linkToNftOwnable(registry);
 
+        // setup release contract
         _setupReleaseRegistry(releaseRegistry);
+
+        // relase services will be authorized one by one via authorizeService()
     }
 
+
     /// @dev Sets up authorizaion for specified service.
     /// For all authorized services its authorized functions are enabled.
     /// Permissioned function: Access is restricted to release registry.
     function authorizeService(
-        IServiceAuthorization serviceAuthorization,
         IService service,
         ObjectType serviceDomain,
         VersionPart release
@@ -83,9 +98,20 @@ contract ReleaseAdmin is
         restricted()
     {
         _createServiceTargetAndRole(service, serviceDomain, release);
-        _authorizeServiceFunctions(serviceAuthorization, service, serviceDomain, release);
+
+        // authorize functions of service
+        Str serviceTarget = _serviceAuthorization.getServiceTarget(serviceDomain);
+        RoleId[] memory authorizedRoles = _serviceAuthorization.getAuthorizedRoles(serviceTarget);
+
+        for (uint256 i = 0; i < authorizedRoles.length; i++) {
+            _authorizeFunctions(
+                IAuthorization(address(_serviceAuthorization)), 
+                serviceTarget, 
+                authorizedRoles[i]);
+        }
     }
 
+
     /// @dev Locks/unlocks all release targets.
     /// For all authorized services of release its authorized functions are disabled/enabled.
     /// Permissioned function: Access is restricted to release registry.
@@ -106,6 +132,7 @@ contract ReleaseAdmin is
         emit LogReleaseAdminReleaseLockChanged(getRelease(), locked);
     }
 
+
     /// @dev Lock/unlock specific service of release.
     /// Permissioned function: Access is restricted to release registry.
     function setServiceLocked(IService service, bool locked)
@@ -123,13 +150,6 @@ contract ReleaseAdmin is
         emit LogReleaseAdminServiceLockChanged(service.getRelease(), address(service), locked);
     }
 
-    //--- view functions ----------------------------------------------------//
-
-/*
-    function getReleaseAdminRole() external view returns (RoleId) {
-        return GIF_ADMIN_ROLE();
-    }
-*/
     //--- private functions -------------------------------------------------//
 
     function _createServiceTargetAndRole(
@@ -145,85 +165,7 @@ contract ReleaseAdmin is
         string memory serviceTargetName = ObjectTypeLib.toVersionedName(
             baseName, "Service", release);
 
-        _createTarget(
-            address(service), 
-            serviceTargetName,
-            true,
-            false);
-
-        // create service role
-        RoleId serviceRoleId = RoleIdLib.roleForTypeAndVersion(
-            serviceDomain, 
-            release);
-
-        if(!roleExists(serviceRoleId)) {
-            _createRole(
-                serviceRoleId, 
-                AccessAdminLib.toRole({
-                    adminRoleId: ADMIN_ROLE(),
-                    roleType: RoleType.Contract,
-                    maxMemberCount: 1,
-                    name: ObjectTypeLib.toVersionedName(
-                        baseName, 
-                        "ServiceRole", 
-                        release)}));
-        }
-
-        _grantRoleToAccount( 
-            serviceRoleId,
-            address(service)); 
-    }
-
-
-    function _authorizeServiceFunctions(
-        IServiceAuthorization serviceAuthorization,
-        IService service,
-        ObjectType serviceDomain, 
-        VersionPart release
-    )
-        private
-    {
-        ObjectType authorizedDomain;
-        RoleId authorizedRoleId;
-
-        ObjectType[] memory authorizedDomains = serviceAuthorization.getAuthorizedDomains(serviceDomain);
-
-        for (uint256 i = 0; i < authorizedDomains.length; i++) {
-            authorizedDomain = authorizedDomains[i];
-
-            // derive authorized role from authorized domain
-            if (authorizedDomain == ALL()) {
-                authorizedRoleId = PUBLIC_ROLE();
-            } else {
-                authorizedRoleId = RoleIdLib.roleForTypeAndVersion(
-                authorizedDomain, 
-                release);
-            }
-
-            if(!roleExists(authorizedRoleId)) {
-                // create role for authorized domain
-                _createRole(
-                    authorizedRoleId, 
-                    AccessAdminLib.toRole({
-                        adminRoleId: ADMIN_ROLE(),
-                        roleType: RoleType.Contract,
-                        maxMemberCount: 1,
-                        name: ObjectTypeLib.toVersionedName(
-                            ObjectTypeLib.toName(authorizedDomain), 
-                            "Role", 
-                            release)}));
-            }
-
-            // get authorized functions for authorized domain
-            IAccess.FunctionInfo[] memory authorizatedFunctions = serviceAuthorization.getAuthorizedFunctions(
-                serviceDomain, 
-                authorizedDomain);
-
-            _authorizeTargetFunctions(
-                    address(service), 
-                    authorizedRoleId, 
-                    authorizatedFunctions);
-        }
+        _createUncheckedTarget(address(service), serviceTargetName, TargetType.Service);
     }
 
     //--- private initialization functions -------------------------------------------//
@@ -232,7 +174,7 @@ contract ReleaseAdmin is
         private 
         onlyInitializing()
     {
-        _createTarget(address(this), RELEASE_ADMIN_TARGET_NAME, false, false);
+        _createManagedTarget(address(this), RELEASE_ADMIN_TARGET_NAME, IAccess.TargetType.Core);
 
         _createRole(
             RELEASE_REGISTRY_ROLE(), 
@@ -246,7 +188,7 @@ contract ReleaseAdmin is
         functions = new FunctionInfo[](2);
         functions[0] = AccessAdminLib.toFunction(ReleaseAdmin.authorizeService.selector, "authorizeService");
         functions[1] = AccessAdminLib.toFunction(ReleaseAdmin.setServiceLocked.selector, "setServiceLocked");
-        _authorizeTargetFunctions(address(this), RELEASE_REGISTRY_ROLE(), functions);
+        _authorizeTargetFunctions(address(this), RELEASE_REGISTRY_ROLE(), functions, true);
 
         _grantRoleToAccount(RELEASE_REGISTRY_ROLE(), releaseRegistry);
     }

package/contracts/registry/ReleaseRegistry.sol

@@ -150,7 +150,7 @@ contract ReleaseRegistry is
         uint256 serviceDomainsCount = _verifyServiceAuthorization(serviceAuthorization, releaseVersion, salt);
 
         // create and initialize release admin
-        releaseAdmin = _cloneNewReleaseAdmin(releaseVersion);
+        releaseAdmin = _cloneNewReleaseAdmin(serviceAuthorization, releaseVersion);
         releaseSalt = salt;
 
         // ensures unique salt
@@ -182,8 +182,8 @@ contract ReleaseRegistry is
         checkTransition(_releaseInfo[releaseVersion].state, RELEASE(), DEPLOYING(), DEPLOYED());
 
         address releaseAuthority = ReleaseAdmin(_releaseInfo[releaseVersion].releaseAdmin).authority();
-        IServiceAuthorization releaseAuth = _releaseInfo[releaseVersion].auth;
-        ObjectType expectedDomain = releaseAuth.getServiceDomain(_registeredServices);
+        IServiceAuthorization releaseAuthz = _releaseInfo[releaseVersion].auth;
+        ObjectType expectedDomain = releaseAuthz.getServiceDomain(_registeredServices);
 
         // service can work with release registry and release version
         (
@@ -216,7 +216,6 @@ contract ReleaseRegistry is
         ReleaseAdmin releaseAdmin = ReleaseAdmin(_releaseInfo[releaseVersion].releaseAdmin);
         releaseAdmin.setReleaseLocked(false);
         releaseAdmin.authorizeService(
-            releaseAuth, 
             service,
             serviceDomain,
             releaseVersion);
@@ -367,7 +366,10 @@ contract ReleaseRegistry is
             _releaseInfo[release].releaseAdmin).setReleaseLocked(locked);
     }
 
-    function _cloneNewReleaseAdmin(VersionPart release)
+    function _cloneNewReleaseAdmin(
+        IServiceAuthorization serviceAuthorization,
+        VersionPart release
+    )
         private
         returns (ReleaseAdmin clonedAdmin)
     {
@@ -377,7 +379,7 @@ contract ReleaseRegistry is
 
         string memory releaseAdminName = string(
             abi.encodePacked(
-                "ReleaseAdmin_v", 
+                "ReleaseAdminV", 
                 release.toString()));
 
         clonedAdmin.initialize(
@@ -386,8 +388,9 @@ contract ReleaseRegistry is
 
         clonedAdmin.completeSetup(
             address(_registry), 
-            address(this), // release registry (this contract)
-            release);
+            address(serviceAuthorization),
+            release,
+            address(this)); // release registry (this contract)
 
         // lock release (remains locked until activation)
         clonedAdmin.setReleaseLocked(true);
@@ -412,7 +415,7 @@ contract ReleaseRegistry is
         returns (uint256 serviceDomainsCount)
     {
         // authorization contract supports IServiceAuthorization interface
-        if(!serviceAuthorization.supportsInterface(type(IServiceAuthorization).interfaceId)) {
+        if(!ContractLib.supportsInterface(address(serviceAuthorization), type(IServiceAuthorization).interfaceId)) {
             revert ErrorReleaseRegistryNotServiceAuth(address(serviceAuthorization));
         }
 

package/contracts/registry/ServiceAuthorizationV3.sol

@@ -2,7 +2,7 @@
 pragma solidity ^0.8.20;
 
 import {
-     ALL, ACCOUNTING, REGISTRY, RISK, ORACLE, POOL, INSTANCE, COMPONENT, DISTRIBUTION, APPLICATION, POLICY, CLAIM, BUNDLE, STAKING, PRICE
+     ALL, RELEASE, ACCOUNTING, REGISTRY, RISK, ORACLE, POOL, INSTANCE, COMPONENT, DISTRIBUTION, APPLICATION, POLICY, CLAIM, BUNDLE, STAKING, PRICE
 } from "../../contracts/type/ObjectType.sol";
 
 import {IAccess} from "../authorization/IAccess.sol";
@@ -19,6 +19,7 @@ import {IPoolService} from "../pool/IPoolService.sol";
 import {IStakingService} from "../staking/IStakingService.sol";
 import {IRegistryService} from "./IRegistryService.sol";
 import {IRiskService} from "../product/IRiskService.sol";
+
 import {ServiceAuthorization} from "../authorization/ServiceAuthorization.sol";
 
 
@@ -27,27 +28,31 @@ contract ServiceAuthorizationV3
 {
 
      constructor(string memory commitHash)
-          ServiceAuthorization(commitHash, 3)
+          ServiceAuthorization(
+               "ReleaseAdmin",
+               RELEASE(),
+               3,
+               commitHash)
      {}
 
      function _setupDomains()
           internal
           override
      {
-          _authorizeDomain(REGISTRY(), address(1));
-          _authorizeDomain(STAKING(), address(2));
-          _authorizeDomain(INSTANCE(), address(3));
-          _authorizeDomain(ACCOUNTING(), address(4));
-          _authorizeDomain(COMPONENT(), address(5));
-          _authorizeDomain(DISTRIBUTION(), address(6));
-          _authorizeDomain(PRICE(), address(7));
-          _authorizeDomain(BUNDLE(), address(8));
-          _authorizeDomain(POOL(), address(9));
-          _authorizeDomain(ORACLE(), address(10));
-          _authorizeDomain(RISK(), address(11));
-          _authorizeDomain(POLICY(), address(12));
-          _authorizeDomain(CLAIM(), address(13));
-          _authorizeDomain(APPLICATION(), address(14));
+          _authorizeServiceDomain(REGISTRY(), address(1));
+          _authorizeServiceDomain(STAKING(), address(2));
+          _authorizeServiceDomain(INSTANCE(), address(3));
+          _authorizeServiceDomain(ACCOUNTING(), address(4));
+          _authorizeServiceDomain(COMPONENT(), address(5));
+          _authorizeServiceDomain(DISTRIBUTION(), address(6));
+          _authorizeServiceDomain(PRICE(), address(7));
+          _authorizeServiceDomain(BUNDLE(), address(8));
+          _authorizeServiceDomain(POOL(), address(9));
+          _authorizeServiceDomain(ORACLE(), address(10));
+          _authorizeServiceDomain(RISK(), address(11));
+          _authorizeServiceDomain(POLICY(), address(12));
+          _authorizeServiceDomain(CLAIM(), address(13));
+          _authorizeServiceDomain(APPLICATION(), address(14));
      }
 
 
@@ -55,10 +60,9 @@ contract ServiceAuthorizationV3
           internal
           override
      {
-          _setupIRegistryServiceAuthorization();
+          _setupRegistryServiceAuthorization();
           _setupStakingServiceAuthorization();
           _setupInstanceServiceAuthorization();
-          _setupInstanceServiceAuthorization();
           _setupAccountingServiceAuthorization();
           _setupComponentServiceAuthorization();
           _setupClaimServiceAuthorization();
@@ -74,7 +78,7 @@ contract ServiceAuthorizationV3
 
      /// @dev registry service authorization.
      /// authorized functions MUST be implemented with a restricted modifier
-     function _setupIRegistryServiceAuthorization()
+     function _setupRegistryServiceAuthorization()
           internal
      {
           IAccess.FunctionInfo[] storage functions;
@@ -131,8 +135,16 @@ contract ServiceAuthorizationV3
      {
           IAccess.FunctionInfo[] storage functions;
           functions = _authorizeForService(INSTANCE(), ALL());
-          _authorize(functions, IInstanceService.setInstanceLocked.selector, "setInstanceLocked");
+          _authorize(functions, IInstanceService.createRole.selector, "createRole");
+          _authorize(functions, IInstanceService.setRoleActive.selector, "setRoleActive");
+          _authorize(functions, IInstanceService.grantRole.selector, "grantRole");
+          _authorize(functions, IInstanceService.revokeRole.selector, "revokeRole");
+
+          _authorize(functions, IInstanceService.createTarget.selector, "createTarget");
+          _authorize(functions, IInstanceService.authorizeFunctions.selector, "authorizeFunctions");
+          _authorize(functions, IInstanceService.unauthorizeFunctions.selector, "unauthorizeFunctions");
           _authorize(functions, IInstanceService.setTargetLocked.selector, "setTargetLocked");
+          _authorize(functions, IInstanceService.setInstanceLocked.selector, "setInstanceLocked");
 
           _authorize(functions, IInstanceService.createInstance.selector, "createInstance");
           _authorize(functions, IInstanceService.upgradeInstanceReader.selector, "upgradeInstanceReader");
@@ -322,6 +334,7 @@ contract ServiceAuthorizationV3
           _authorize(functions, IPolicyService.createPolicy.selector, "createPolicy");
           _authorize(functions, IPolicyService.collectPremium.selector, "collectPremium");
           _authorize(functions, IPolicyService.activate.selector, "activate");
+          _authorize(functions, IPolicyService.adjustActivation.selector, "adjustActivation");
           _authorize(functions, IPolicyService.expire.selector, "expire");
           _authorize(functions, IPolicyService.expirePolicy.selector, "expirePolicy");
           _authorize(functions, IPolicyService.close.selector, "close");

package/contracts/registry/TokenRegistry.sol

@@ -3,15 +3,13 @@ pragma solidity ^0.8.20;
 
 import {AccessManaged} from "@openzeppelin/contracts/access/manager/AccessManaged.sol";
 import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
-import {ERC165Checker} from "@openzeppelin/contracts/utils/introspection/ERC165Checker.sol";
-
-import {REGISTRY} from "../type/ObjectType.sol";
-import {VersionPart} from "../type/Version.sol";
 
 import {IRegistry} from "./IRegistry.sol";
 import {IRegistryLinked} from "../shared/IRegistryLinked.sol";
+
 import {ReleaseRegistry} from "./ReleaseRegistry.sol";
 import {RegistryAdmin} from "./RegistryAdmin.sol";
+import {VersionPart} from "../type/Version.sol";
 
 /// @dev The TokenRegistry contract is used to whitelist/manage ERC-20 of tokens per major release.
 /// Only whitelisted tokens can be used as default tokens for products, distribution and pools components.