@venusprotocol/governance-contracts 0.0.1

package/contracts/Governance/AccessControlManager.sol

@@ -0,0 +1,97 @@
+// SPDX-License-Identifier: BSD-3-Clause
+pragma solidity 0.8.13;
+import "@openzeppelin/contracts/access/AccessControl.sol";
+import "./IAccessControlManagerV8.sol";
+
+/**
+ * @title Venus Access Control Contract
+ * @author venus
+ * @dev This contract is a wrapper of OpenZeppelin AccessControl
+ *		extending it in a way to standartize access control
+ *		within Venus Smart Contract Ecosystem
+ */
+contract AccessControlManager is AccessControl, IAccessControlManagerV8 {
+    /// @notice Emitted when an account is given a permission to a certain contract function
+    /// @dev If contract address is 0x000..0 this means that the account is a default admin of this function and
+    /// can call any contract function with this signature
+    event PermissionGranted(address account, address contractAddress, string functionSig);
+
+    /// @notice Emitted when an account is revoked a permission to a certain contract function
+    event PermissionRevoked(address account, address contractAddress, string functionSig);
+
+    constructor() {
+        // Grant the contract deployer the default admin role: it will be able
+        // to grant and revoke any roles
+        _setupRole(DEFAULT_ADMIN_ROLE, msg.sender);
+    }
+
+    /**
+     * @notice Gives a function call permission to one single account
+     * @dev this function can be called only from Role Admin or DEFAULT_ADMIN_ROLE
+     * @param contractAddress address of contract for which call permissions will be granted
+     * @dev if contractAddress is zero address, the account can access the specified function
+     *      on **any** contract managed by this ACL
+     * @param functionSig signature e.g. "functionName(uint256,bool)"
+     * @param accountToPermit account that will be given access to the contract function
+     * @custom:event Emits a {RoleGranted} and {PermissionGranted} events.
+     */
+    function giveCallPermission(address contractAddress, string calldata functionSig, address accountToPermit) public {
+        bytes32 role = keccak256(abi.encodePacked(contractAddress, functionSig));
+        grantRole(role, accountToPermit);
+        emit PermissionGranted(accountToPermit, contractAddress, functionSig);
+    }
+
+    /**
+     * @notice Revokes an account's permission to a particular function call
+     * @dev this function can be called only from Role Admin or DEFAULT_ADMIN_ROLE
+     * 		May emit a {RoleRevoked} event.
+     * @param contractAddress address of contract for which call permissions will be revoked
+     * @param functionSig signature e.g. "functionName(uint256,bool)"
+     * @custom:event Emits {RoleRevoked} and {PermissionRevoked} events.
+     */
+    function revokeCallPermission(
+        address contractAddress,
+        string calldata functionSig,
+        address accountToRevoke
+    ) public {
+        bytes32 role = keccak256(abi.encodePacked(contractAddress, functionSig));
+        revokeRole(role, accountToRevoke);
+        emit PermissionRevoked(accountToRevoke, contractAddress, functionSig);
+    }
+
+    /**
+     * @notice Verifies if the given account can call a contract's guarded function
+     * @dev Since restricted contracts using this function as a permission hook, we can get contracts address with msg.sender
+     * @param account for which call permissions will be checked
+     * @param functionSig restricted function signature e.g. "functionName(uint256,bool)"
+     * @return false if the user account cannot call the particular contract function
+     *
+     */
+    function isAllowedToCall(address account, string calldata functionSig) public view returns (bool) {
+        bytes32 role = keccak256(abi.encodePacked(msg.sender, functionSig));
+
+        if (hasRole(role, account)) {
+            return true;
+        } else {
+            role = keccak256(abi.encodePacked(address(0), functionSig));
+            return hasRole(role, account);
+        }
+    }
+
+    /**
+     * @notice Verifies if the given account can call a contract's guarded function
+     * @dev This function is used as a view function to check permissions rather than contract hook for access restriction check.
+     * @param account for which call permissions will be checked against
+     * @param contractAddress address of the restricted contract
+     * @param functionSig signature of the restricted function e.g. "functionName(uint256,bool)"
+     * @return false if the user account cannot call the particular contract function
+     */
+    function hasPermission(
+        address account,
+        address contractAddress,
+        string calldata functionSig
+    ) public view returns (bool) {
+        bytes32 role = keccak256(abi.encodePacked(contractAddress, functionSig));
+        return hasRole(role, account);
+    }
+}

package/contracts/Governance/AccessControlledV5.sol

@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: BSD-3-Clause
+pragma solidity 0.5.16;
+
+import "./IAccessControlManagerV5.sol";
+
+/**
+ * @title Venus Access Control Contract.
+ * @dev This contract is helper between access control manager and actual contract
+ * This contract further inherited by other contract to integrate access controlled mechanism
+ * It provides initialise methods and verifying access methods
+ */
+
+contract AccessControlledV5 {
+    /// @notice Access control manager contract
+    IAccessControlManagerV5 private _accessControlManager;
+
+    /**
+     * @dev This empty reserved space is put in place to allow future versions to add new
+     * variables without shifting down storage in the inheritance chain.
+     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
+     */
+    uint256[49] private __gap;
+
+    /// @notice Emitted when access control manager contract address is changed
+    event NewAccessControlManager(address oldAccessControlManager, address newAccessControlManager);
+
+    /**
+     * @notice Returns the address of the access control manager contract
+     */
+    function accessControlManager() external view returns (IAccessControlManagerV5) {
+        return _accessControlManager;
+    }
+
+    /**
+     * @dev Internal function to set address of AccessControlManager
+     * @param accessControlManager_ The new address of the AccessControlManager
+     */
+    function _setAccessControlManager(address accessControlManager_) internal {
+        require(address(accessControlManager_) != address(0), "invalid acess control manager address");
+        address oldAccessControlManager = address(_accessControlManager);
+        _accessControlManager = IAccessControlManagerV5(accessControlManager_);
+        emit NewAccessControlManager(oldAccessControlManager, accessControlManager_);
+    }
+
+    /**
+     * @notice Reverts if the call is not allowed by AccessControlManager
+     * @param signature Method signature
+     */
+    function _checkAccessAllowed(string memory signature) internal view {
+        bool isAllowedToCall = _accessControlManager.isAllowedToCall(msg.sender, signature);
+
+        if (!isAllowedToCall) {
+            revert("Unauthorized");
+        }
+    }
+}

package/contracts/Governance/AccessControlledV8.sol

@@ -0,0 +1,83 @@
+// SPDX-License-Identifier: BSD-3-Clause
+pragma solidity 0.8.13;
+
+import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
+import "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
+
+import "./IAccessControlManagerV8.sol";
+
+/**
+ * @title Venus Access Control Contract.
+ * @dev The AccessControlledV8 contract is a wrapper around the OpenZeppelin AccessControl contract
+ *      It provides a standardized way to control access to methods within the Venus Smart Contract Ecosystem.
+ *      The contract allows the owner to set an AccessControlManager contract address.
+ *      It can restrict method calls based on the sender's role and the method's signature.
+ */
+
+abstract contract AccessControlledV8 is Initializable, Ownable2StepUpgradeable {
+    /// @notice Access control manager contract
+    IAccessControlManagerV8 private _accessControlManager;
+
+    /**
+     * @dev This empty reserved space is put in place to allow future versions to add new
+     * variables without shifting down storage in the inheritance chain.
+     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
+     */
+    uint256[49] private __gap;
+
+    /// @notice Emitted when access control manager contract address is changed
+    event NewAccessControlManager(address oldAccessControlManager, address newAccessControlManager);
+
+    /// @notice Thrown when the action is prohibited by AccessControlManager
+    error Unauthorized(address sender, address calledContract, string methodSignature);
+
+    function __AccessControlled_init(address accessControlManager_) internal onlyInitializing {
+        __Ownable2Step_init();
+        __AccessControlled_init_unchained(accessControlManager_);
+    }
+
+    function __AccessControlled_init_unchained(address accessControlManager_) internal onlyInitializing {
+        _setAccessControlManager(accessControlManager_);
+    }
+
+    /**
+     * @notice Sets the address of AccessControlManager
+     * @dev Admin function to set address of AccessControlManager
+     * @param accessControlManager_ The new address of the AccessControlManager
+     * @custom:event Emits NewAccessControlManager event
+     * @custom:access Only Governance
+     */
+    function setAccessControlManager(address accessControlManager_) external onlyOwner {
+        _setAccessControlManager(accessControlManager_);
+    }
+
+    /**
+     * @notice Returns the address of the access control manager contract
+     */
+    function accessControlManager() external view returns (IAccessControlManagerV8) {
+        return _accessControlManager;
+    }
+
+    /**
+     * @dev Internal function to set address of AccessControlManager
+     * @param accessControlManager_ The new address of the AccessControlManager
+     */
+    function _setAccessControlManager(address accessControlManager_) internal {
+        require(address(accessControlManager_) != address(0), "invalid acess control manager address");
+        address oldAccessControlManager = address(_accessControlManager);
+        _accessControlManager = IAccessControlManagerV8(accessControlManager_);
+        emit NewAccessControlManager(oldAccessControlManager, accessControlManager_);
+    }
+
+    /**
+     * @notice Reverts if the call is not allowed by AccessControlManager
+     * @param signature Method signature
+     */
+    function _checkAccessAllowed(string memory signature) internal view {
+        bool isAllowedToCall = _accessControlManager.isAllowedToCall(msg.sender, signature);
+
+        if (!isAllowedToCall) {
+            revert Unauthorized(msg.sender, address(this), signature);
+        }
+    }
+}