@etherisc/gif-next 0.0.2-fd4931b-974 → 0.0.2-fd4ee14-428

package/contracts/instance/Instance.sol

@@ -3,25 +3,30 @@ pragma solidity ^0.8.20;
 
 import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
 
+import {Amount} from "../type/Amount.sol";
 import {Key32} from "../type/Key32.sol";
 import {NftId} from "../type/NftId.sol";
 import {RiskId} from "../type/RiskId.sol";
 import {ObjectType, BUNDLE, DISTRIBUTION, INSTANCE, POLICY, POOL, ROLE, PRODUCT, TARGET, COMPONENT, DISTRIBUTOR, DISTRIBUTOR_TYPE} from "../type/ObjectType.sol";
 import {RoleId, RoleIdLib, eqRoleId, ADMIN_ROLE, INSTANCE_ROLE, INSTANCE_OWNER_ROLE} from "../type/RoleId.sol";
-import {VersionPart, VersionPartLib} from "../type/Version.sol";
 import {ClaimId} from "../type/ClaimId.sol";
 import {ReferralId} from "../type/Referral.sol";
 import {PayoutId} from "../type/PayoutId.sol";
 import {DistributorType} from "../type/DistributorType.sol";
+import {Seconds} from "../type/Seconds.sol";
+import {UFixed} from "../type/UFixed.sol";
+import {VersionPart, VersionPartLib} from "../type/Version.sol";
 
 import {Registerable} from "../shared/Registerable.sol";
 import {TokenHandler} from "../shared/TokenHandler.sol";
+import {AccessManagerExtendedInitializeable} from "../shared/AccessManagerExtendedInitializeable.sol";
 
 import {IRegistry} from "../registry/IRegistry.sol";
 
 import {IInstance} from "./IInstance.sol";
+import {IInstanceService} from "./IInstanceService.sol";
 import {InstanceReader} from "./InstanceReader.sol";
-import {InstanceAccessManager} from "./InstanceAccessManager.sol";
+import {InstanceAdmin} from "./InstanceAdmin.sol";
 import {BundleManager} from "./BundleManager.sol";
 import {InstanceStore} from "./InstanceStore.sol";
 
@@ -48,7 +53,8 @@ contract Instance is
 
     bool private _initialized;
 
-    InstanceAccessManager internal _accessManager;
+    IInstanceService internal _instanceService;
+    InstanceAdmin internal _instanceAdmin;
     InstanceReader internal _instanceReader;
     BundleManager internal _bundleManager;
     InstanceStore internal _instanceStore;
@@ -65,7 +71,7 @@ contract Instance is
         initializer()
     {
         if(authority == address(0)) {
-            revert ErrorInstanceInstanceAccessManagerZero();
+            revert ErrorInstanceInstanceAdminZero();
         }
 
         __AccessManaged_init(authority);
@@ -73,40 +79,82 @@ contract Instance is
         IRegistry registry = IRegistry(registryAddress);
         initializeRegisterable(registryAddress, registry.getNftId(), INSTANCE(), true, initialOwner, "");
 
+        _instanceService = IInstanceService(
+            getRegistry().getServiceAddress(
+                INSTANCE(), 
+                getMajorVersion()));
+
         registerInterface(type(IInstance).interfaceId);    
     }
 
+    //--- Staking ----------------------------------------------------------//
+
+    function setStakingLockingPeriod(Seconds stakeLockingPeriod)
+        external
+        // TODO decide if onlyOwner or restricted to instance owner role is better
+        onlyOwner()
+    {
+        _instanceService.setStakingLockingPeriod(stakeLockingPeriod);
+    }
+
+    function setStakingRewardRate(UFixed rewardRate)
+        external
+        onlyOwner()
+    {
+        _instanceService.setStakingRewardRate(rewardRate);
+    }
+
+    function refillStakingRewardReserves(Amount dipAmount)
+        external
+        onlyOwner()
+    {
+        address instanceOwner = msg.sender;
+        _instanceService.refillStakingRewardReserves(instanceOwner, dipAmount);
+    }
+
+    function withdrawStakingRewardReserves(Amount dipAmount)
+        external
+        onlyOwner()
+        returns (Amount newBalance)
+    {
+        return _instanceService.withdrawStakingRewardReserves(dipAmount);
+    }
+
     //--- Roles ------------------------------------------------------------//
 
     function createRole(string memory roleName, string memory adminName)
         external
+        // TODO decide if onlyOwner or restricted to instance owner role is better
         restricted // INSTANCE_OWNER_ROLE
         returns (RoleId roleId, RoleId admin)
     {
-        (roleId, admin) = _accessManager.createRole(roleName, adminName);
+        (roleId, admin) = _instanceAdmin.createRole(roleName, adminName);
     }
 
     function grantRole(RoleId roleId, address account) 
         external 
+        // TODO decide if onlyOwner or restricted to instance owner role is better
         restricted // INSTANCE_OWNER_ROLE
     {
-        _accessManager.grantRole(roleId, account);
+        AccessManagerExtendedInitializeable(authority()).grantRole(roleId.toInt(), account, 0);
     }
 
     function revokeRole(RoleId roleId, address account) 
         external 
+        // TODO decide if onlyOwner or restricted to instance owner role is better
         restricted // INSTANCE_OWNER_ROLE
     {
-        _accessManager.revokeRole(roleId, account);
+        AccessManagerExtendedInitializeable(authority()).revokeRole(roleId.toInt(), account);
     }
 
     //--- Targets ------------------------------------------------------------//
 
     function createTarget(address target, string memory name) 
         external 
+        // TODO decide if onlyOwner or restricted to instance owner role is better
         restricted // INSTANCE_OWNER_ROLE
     {
-        _accessManager.createTarget(target, name);
+        _instanceAdmin.createTarget(target, name);
     }
 
     function setTargetFunctionRole(
@@ -117,38 +165,41 @@ contract Instance is
         external 
         restricted // INSTANCE_OWNER_ROLE
     {
-        _accessManager.setTargetFunctionRole(targetName, selectors, roleId);
+        _instanceAdmin.setTargetFunctionRoleByInstance(targetName, selectors, roleId);
     }
 
     function setTargetLocked(address target, bool locked)
         external 
         restricted // INSTANCE_OWNER_ROLE
     {
-        _accessManager.setTargetLockedByInstance(target, locked);
+        _instanceAdmin.setTargetLockedByInstance(target, locked);
     }
 
-    //--- ITransferInterceptor ------------------------------------------------------------//
+    //--- ITransferInterceptor ----------------------------------------------//
 
+    // TODO interception of child components nfts
     function nftMint(address to, uint256 tokenId) external onlyChainNft {
-        assert(_accessManager.roleMembers(INSTANCE_OWNER_ROLE()) == 0);// temp
-        assert(_accessManager.grantRole(INSTANCE_OWNER_ROLE(), to) == true);
+        _instanceAdmin.transferInstanceOwnerRole(address(0), to);
     }
 
     function nftTransferFrom(address from, address to, uint256 tokenId) external onlyChainNft {
-        assert(_accessManager.revokeRole(INSTANCE_OWNER_ROLE(), from) == true);
-        assert(_accessManager.grantRole(INSTANCE_OWNER_ROLE(), to) == true);
+        _instanceAdmin.transferInstanceOwnerRole(from, to);
     }
 
+    //function nftBurn(address from, uint256 tokenId) external onlyChainNft {
+        //_instanceAdmin.transferInstanceOwnerRole(from, address(0));
+    //}
+
     //--- initial setup functions -------------------------------------------//
 
-    function setInstanceAccessManager(InstanceAccessManager accessManager) external restricted {
-        if(address(_accessManager) != address(0)) {
-            revert ErrorInstanceInstanceAccessManagerAlreadySet(address(_accessManager));
+    function setInstanceAdmin(InstanceAdmin accessManager) external restricted {
+        if(address(_instanceAdmin) != address(0)) {
+            revert ErrorInstanceInstanceAdminAlreadySet(address(_instanceAdmin));
         }
         if(accessManager.authority() != authority()) {
-            revert ErrorInstanceInstanceAccessManagerAuthorityMismatch(authority());
+            revert ErrorInstanceInstanceAdminAuthorityMismatch(authority());
         }
-        _accessManager = accessManager;      
+        _instanceAdmin = accessManager;      
     }
     
     function setBundleManager(BundleManager bundleManager) external restricted() {
@@ -172,20 +223,6 @@ contract Instance is
         _instanceReader = instanceReader;
     }
 
-    //--- external view functions -------------------------------------------//
-
-    function getInstanceReader() external view returns (InstanceReader) {
-        return _instanceReader;
-    }
-
-    function getBundleManager() external view returns (BundleManager) {
-        return _bundleManager;
-    }
-
-    function getInstanceAccessManager() external view returns (InstanceAccessManager) {
-        return _accessManager;
-    }
-
     function setInstanceStore(InstanceStore instanceStore) external restricted {
         if(address(_instanceStore) != address(0)) {
             revert ErrorInstanceInstanceStoreAlreadySet(address(_instanceStore));
@@ -196,32 +233,30 @@ contract Instance is
         _instanceStore = instanceStore;
     }
 
-    function getInstanceStore() external view returns (InstanceStore) {
-        return _instanceStore;
-    }
+    //--- external view functions -------------------------------------------//
 
-    function getMajorVersion() external pure returns (VersionPart majorVersion) {
-        return VersionPartLib.toVersionPart(GIF_MAJOR_VERSION);
+    function getInstanceReader() external view returns (InstanceReader) {
+        return _instanceReader;
     }
 
-    function getDistributionService() external view returns (IDistributionService) {
-        return IDistributionService(getRegistry().getServiceAddress(DISTRIBUTION(), VersionPart.wrap(3)));
+    function getBundleManager() external view returns (BundleManager) {
+        return _bundleManager;
     }
 
-    function getProductService() external view returns (IProductService) {
-        return IProductService(getRegistry().getServiceAddress(PRODUCT(), VersionPart.wrap(3)));
+    function getInstanceAdmin() external view returns (InstanceAdmin) {
+        return _instanceAdmin;
     }
 
-    function getPoolService() external view returns (IPoolService) {
-        return IPoolService(getRegistry().getServiceAddress(POOL(), VersionPart.wrap(3)));
+    function getInstanceAccessManager() external view returns (AccessManagerExtendedInitializeable) {
+        return AccessManagerExtendedInitializeable(authority());
     }
 
-    function getPolicyService() external view returns (IPolicyService) {
-        return IPolicyService(getRegistry().getServiceAddress(POLICY(), VersionPart.wrap(3)));
+    function getInstanceStore() external view returns (InstanceStore) {
+        return _instanceStore;
     }
 
-    function getBundleService() external view returns (IBundleService) {
-        return IBundleService(getRegistry().getServiceAddress(BUNDLE(), VersionPart.wrap(3)));
+    function getMajorVersion() public pure returns (VersionPart majorVersion) {
+        return VersionPartLib.toVersionPart(GIF_MAJOR_VERSION);
     }
 
     //--- internal view/pure functions --------------------------------------//

package/contracts/instance/InstanceAdmin.sol

@@ -0,0 +1,331 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.20;
+
+import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
+import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
+
+import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE, INSTANCE_SERVICE_ROLE, INSTANCE_OWNER_ROLE, INSTANCE_ROLE} from "../type/RoleId.sol";
+import {TimestampLib} from "../type/Timestamp.sol";
+import {NftId} from "../type/NftId.sol";
+
+import {AccessManagerExtendedInitializeable} from "../shared/AccessManagerExtendedInitializeable.sol";
+
+import {IRegistry} from "../registry/IRegistry.sol";
+
+import {IInstance} from "./IInstance.sol";
+import {IAccess} from "./module/IAccess.sol";
+
+contract InstanceAdmin is
+    AccessManagedUpgradeable
+{
+    using RoleIdLib for RoleId;
+
+    string public constant INSTANCE_ROLE_NAME = "InstanceRole";
+    string public constant INSTANCE_OWNER_ROLE_NAME = "InstanceOwnerRole";
+
+    string public constant INSTANCE_ADMIN_TARGET_NAME = "InstanceAdmin";
+
+    uint64 public constant CUSTOM_ROLE_ID_MIN = 10000; // MUST be even
+    uint32 public constant EXECUTION_DELAY = 0;
+
+    mapping(address target => IAccess.Type) _targetType;
+    mapping(RoleId roleId => IAccess.Type) _roleType;
+    uint64 _idNext;
+
+    AccessManagerExtendedInitializeable internal _accessManager;
+    address _instance;
+    IRegistry internal _registry;
+
+    // instance owner role is granted upon instance nft minting in callback function
+    // assume this contract is already a member of ADMIN_ROLE, the only member
+    function initialize(address instanceAddress) external initializer 
+    {
+        IInstance instance = IInstance(instanceAddress);
+        IRegistry registry = instance.getRegistry();
+        address authority = instance.authority();
+
+        __AccessManaged_init(authority);
+
+        _accessManager = AccessManagerExtendedInitializeable(authority);
+        _instance = instanceAddress;
+        _registry = registry;
+        _idNext = CUSTOM_ROLE_ID_MIN;
+
+        // minimum configuration required for nft interception
+        _createRole(INSTANCE_ROLE(), INSTANCE_ROLE_NAME, IAccess.Type.Core);
+        _createRole(INSTANCE_OWNER_ROLE(), INSTANCE_OWNER_ROLE_NAME, IAccess.Type.Core);
+        _grantRole(INSTANCE_ROLE(), address(instance));
+
+        _createTarget(address(this), INSTANCE_ADMIN_TARGET_NAME, IAccess.Type.Core);
+        bytes4[] memory instanceAdminInstanceSelectors = new bytes4[](1);
+        instanceAdminInstanceSelectors[0] = this.transferInstanceOwnerRole.selector;
+        _setTargetFunctionRole(address(this), instanceAdminInstanceSelectors, INSTANCE_ROLE());                
+    }
+
+    //--- Role ------------------------------------------------------//
+    // ADMIN_ROLE
+    // assume all core roles are known at deployment time
+    // assume core roles are set and granted only during instance cloning
+    // assume core roles are never revoked -> core roles admin is never active after intialization
+    function createCoreRole(RoleId roleId, string memory name) external restricted() {
+        _createRole(roleId, name, IAccess.Type.Core);
+    }
+
+    // ADMIN_ROLE
+    // assume gif roles can be revoked
+    // assume admin is INSTANCE_OWNER_ROLE or INSTANCE_ROLE
+    function createGifRole(RoleId roleId, string memory name, RoleId admin) external restricted() {
+        _createRole(roleId, name, IAccess.Type.Gif);
+        _setRoleAdmin(roleId, admin);
+    }
+
+    // INSTANCE_ROLE
+    // TODO specify how many owners role can have -> many roles MUST have exactly 1 member?
+    function createRole(string memory roleName, string memory adminName)
+        external
+        restricted()
+        returns(RoleId roleId, RoleId admin)
+    {
+        (roleId, admin) = _getNextCustomRoleId();
+
+        _createRole(roleId, roleName, IAccess.Type.Custom);
+        _createRole(admin, adminName, IAccess.Type.Custom);
+
+        _setRoleAdmin(roleId, admin);
+        _setRoleAdmin(admin, INSTANCE_OWNER_ROLE());
+    }
+
+    // ADMIN_ROLE
+    // assume used by instance service only during instance cloning
+    // assume used only by this.createRole(), this.createGifRole() afterwards
+    function setRoleAdmin(RoleId roleId, RoleId admin) public restricted() {
+        _setRoleAdmin(roleId, admin);
+    }
+
+    // INSTANCE_ROLE
+    function transferInstanceOwnerRole(address from, address to) external restricted() {
+        // temp pre transfer checks
+        assert(_getRoleMembers(INSTANCE_ROLE()) == 1);
+        assert(_hasRole(INSTANCE_ROLE(), _instance));
+        assert(_getRoleAdmin(INSTANCE_OWNER_ROLE()).toInt() == ADMIN_ROLE().toInt());
+        if(from != address(0)) { // nft transfer
+            assert(_getRoleMembers(INSTANCE_OWNER_ROLE()) == 1);
+        } else { // nft minting 
+            assert(_getRoleMembers(INSTANCE_OWNER_ROLE()) == 0);            
+        }
+
+        // transfer
+        assert(from != to);
+        _grantRole(INSTANCE_OWNER_ROLE(), to);
+        if(from != address(0)) { // nft transfer
+            _revokeRole(INSTANCE_OWNER_ROLE(), from);
+        }
+
+        // temp post transfer checks
+        assert(_getRoleMembers(INSTANCE_OWNER_ROLE()) == 1);// temp
+        assert(_hasRole(INSTANCE_OWNER_ROLE(), to));
+    }
+
+    //--- Target ------------------------------------------------------//
+    // ADMIN_ROLE
+    // assume some core targets are registred (instance) while others are not (instance accesss manager, instance reader, bundle manager)
+    function createCoreTarget(address target, string memory name) external restricted() {
+        _createTarget(target, name, IAccess.Type.Core);
+    }
+
+    // INSTANCE_SERVICE_ROLE
+    function createGifTarget(address target, string memory name) external restricted() 
+    {
+        if(!_registry.isRegistered(target)) {
+            revert IAccess.ErrorIAccessTargetNotRegistered(target);
+        }
+
+        NftId targetParentNftId = _registry.getObjectInfo(target).parentNftId;
+        NftId instanceNftId = _registry.getObjectInfo(_instance).nftId;
+        if(targetParentNftId != instanceNftId) {
+            revert IAccess.ErrorIAccessTargetInstanceMismatch(target, targetParentNftId, instanceNftId);
+        }
+
+        _createTarget(target, name, IAccess.Type.Gif);
+    }
+
+    // INSTANCE_ROLE
+    // assume custom target.authority() is constant -> target MUST not be used with different instance access manager
+    // assume custom target can not be registered as component -> each service which is doing component registration MUST register a gif target
+    // assume custom target can not be registered as instance or service -> why?
+    // TODO check target associated with instance owner or instance or instance components or components helpers
+    function createTarget(address target, string memory name) external restricted() {
+        _createTarget(target, name, IAccess.Type.Custom);
+    }
+
+    // TODO instance owner locks component instead of revoking it access to the instance...
+    // INSTANCE_SERVICE_ROLE
+    function setTargetLockedByService(address target, bool locked) external restricted {
+        _setTargetLocked(target, locked);
+    }
+
+    // INSTANCE_ROLE
+    function setTargetLockedByInstance(address target, bool locked) external restricted {
+        _setTargetLocked(target, locked);
+    }
+
+
+    // allowed combinations of roles and targets:
+    //1) set core role for core target 
+    //2) set gif role for gif target  
+    //3) set custom role for gif target
+    //4) set custom role for custom target
+
+    // ADMIN_ROLE if used only during initialization, works with:
+    //      any roles for any targets
+    // INSTANCE_SERVICE_ROLE if used not only during initilization, works with:
+    //      core roles for core targets
+    //      gif roles for gif targets
+    function setTargetFunctionRoleByService(
+        string memory targetName,
+        bytes4[] calldata selectors,
+        RoleId roleId
+    ) 
+        public 
+        virtual 
+        restricted
+    {
+        address target = _accessManager.getTargetAddress(targetName);
+        // not custom target
+        if(_targetType[target] == IAccess.Type.Custom) {
+            revert IAccess.ErrorIAccessTargetTypeInvalid(target, IAccess.Type.Custom);
+        }
+
+        // not custom role
+        if(_roleType[roleId] == IAccess.Type.Custom) {
+            revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Custom);
+        }
+
+        _setTargetFunctionRole(target, selectors, roleId);
+    }
+
+    // INSTANCE_ROLE
+    // gif role for gif target
+    // gif role for custom target
+    // custom role for gif target -> need to prohibit
+    // custom role for custom target
+    // TODO instance owner can mess with gif target (component) -> e.g. set custom role for function intendent to work with gif role
+    function setTargetFunctionRoleByInstance(
+        string memory targetName,
+        bytes4[] calldata selectors,
+        RoleId roleId// string memory roleName
+    ) 
+        public 
+        virtual 
+        restricted() 
+    {
+        address target = _accessManager.getTargetAddress(targetName);
+
+        // not core target
+        if(_targetType[target] == IAccess.Type.Core) {
+            revert IAccess.ErrorIAccessTargetTypeInvalid(target, IAccess.Type.Core);
+        }
+
+        // not core role
+        if(_roleType[roleId] == IAccess.Type.Core) {
+            revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
+        }
+
+        _setTargetFunctionRole(target, selectors, roleId);
+    }
+
+    //--- Role internal view/pure functions --------------------------------------//
+    function _createRole(RoleId roleId, string memory name, IAccess.Type rtype) internal {
+        _validateRole(roleId, rtype);
+
+        _roleType[roleId] = rtype;
+        _accessManager.createRole(roleId.toInt(), name);
+    }
+
+    function _validateRole(RoleId roleId, IAccess.Type rtype) internal pure
+    {
+        uint roleIdInt = roleId.toInt();
+        if(rtype == IAccess.Type.Custom && roleIdInt < CUSTOM_ROLE_ID_MIN) {
+            revert IAccess.ErrorIAccessRoleIdTooSmall(roleId);
+        }
+
+        if(
+            rtype != IAccess.Type.Custom && 
+            roleIdInt >= CUSTOM_ROLE_ID_MIN && 
+            roleIdInt != PUBLIC_ROLE().toInt()) 
+        {
+            revert IAccess.ErrorIAccessRoleIdTooBig(roleId);
+        }
+    }
+
+    function _grantRole(RoleId roleId, address account) internal {
+        _accessManager.grantRole(roleId.toInt(), account, EXECUTION_DELAY);
+    }
+
+    function _revokeRole(RoleId roleId, address member) internal {
+        _accessManager.revokeRole(roleId.toInt(), member);
+    }
+
+    function _setRoleAdmin(RoleId roleId, RoleId admin) internal {
+        if(_roleType[roleId] == IAccess.Type.Core) {
+            revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
+        }
+
+        _accessManager.setRoleAdmin(roleId.toInt(), admin.toInt());
+    }
+
+    function _getRoleAdmin(RoleId roleId) internal view returns (RoleId admin) {
+        return RoleIdLib.toRoleId(_accessManager.getRoleAdmin(roleId.toInt()));
+    }
+
+    function _hasRole(RoleId roleId, address account) internal view returns (bool accountHasRole) {
+        uint32 executionDelay;
+        (accountHasRole, executionDelay) = _accessManager.hasRole(roleId.toInt(), account);
+        assert(executionDelay == 0);
+    }
+
+    function _getRoleMembers(RoleId roleId) internal view returns (uint) {
+        return _accessManager.getRoleMembers(roleId.toInt());
+    }
+
+    function _getNextCustomRoleId() internal returns(RoleId roleId, RoleId admin) {
+        uint64 roleIdInt = _idNext;
+        uint64 adminInt = roleIdInt + 1;
+
+        _idNext = roleIdInt + 2;
+
+        roleId = RoleIdLib.toRoleId(roleIdInt);
+        admin = RoleIdLib.toRoleId(adminInt);
+    }
+
+    //--- Target internal view/pure functions --------------------------------------//
+    function _createTarget(address target, string memory name, IAccess.Type ttype) 
+        internal 
+    {
+        _validateTarget(target, ttype);
+        _targetType[target] = ttype;
+        _accessManager.createTarget(target, name);
+    }
+
+    function _validateTarget(address target, IAccess.Type ttype) 
+        internal 
+        view 
+    {}
+
+    // IMPORTANT: instance admin MUST be of Core type -> otherwise can be locked forever
+    // TODO: consider locking gif targets in a separate function?
+    function _setTargetLocked(address target, bool locked) internal
+    {
+        IAccess.Type targetType = _targetType[target];
+
+        if(targetType == IAccess.Type.Core) {
+            revert IAccess.ErrorIAccessTargetTypeInvalid(target, targetType);
+        }
+
+        _accessManager.setTargetClosed(target, locked);
+    }
+
+    function _setTargetFunctionRole(address target, bytes4[] memory selectors, RoleId roleId) internal {
+        _accessManager.setTargetFunctionRole(target, selectors, roleId.toInt());
+    }
+}