balancer-v2-monorepo icon indicating copy to clipboard operation
balancer-v2-monorepo copied to clipboard

Published 20 hours ago verified publisher icon balancer

Begin adding tracking for "real world" state of permissions granted onchain

Open TomAFrench opened this issue 3 years ago • 2 comments
trafficstars

Description

This PR starts the creation of the v2-permissions package which includes various scripts which aim to pull the current state of the Authorizer from onchain (through a subgraph) and reconstruct a human readable representation of the permissions which have been granted.

Using the subgraph we can get a list of addresses and for each address a list of action ids which they have permissions over. We can then map from action ids to a list of contract-function pairs which it allows them to call, and from addresses to a human readable name, e.g.

{
  "GNOSIS_PROTOCOL_RELAYER": [
    {
      "taskId": "20210418-vault",
      "contractName": "Vault",
      "signature": "manageUserBalance((uint8,address,uint256,address,address)[])",
      "useAdaptor": false
    },
    {
      "taskId": "20210418-vault",
      "contractName": "Vault",
      "signature": "batchSwap(uint8,(bytes32,uint256,uint256,uint256,bytes)[],address[],(address,bool,address,bool),int256[],uint256)",
      "useAdaptor": false
    }
  ],
  "BLABS_VEBAL_MULTISIG": [
    {
      "taskId": "20220325-bal-token-holder-factory",
      "contractName": "BALTokenHolder",
      "signature": "function withdrawFunds(address,uint256)",
      "useAdaptor": false
    }
  ],
}

The state of this package is very rough and will be refined but I want to share it early to help with verifying #1993

  1. Verify that all action ids in permissions/unrecognised.json are unnecessary and then renounce/revoke them.
  2. Sanity check that permissions/functions.json is a desirable end state for the system to be in post-migration.
  3. Ensure that the permissions/actionIds.json matches the input to the authorizer migration deployment task
    • This isn't 1:1 as the authorizer doesn't currently have a concept of where so we need to check that this is set properly for each action ID in the deployment task.
    • This can also be done less rigorously by just checking permissions/functions.json against the deployment task. This is likely good enough.

Type of change

  • [ ] Bug fix
  • [x] New feature
  • [ ] Breaking change
  • [ ] Dependency changes
  • [ ] Code refactor / cleanup
  • [ ] Documentation or wording changes
  • [ ] Other

Checklist:

  • [x] The diff is legible and has no extraneous changes
  • [x] Complex code has been commented, including external interfaces
  • [x] Tests are included for all code paths
  • [x] The base branch is either master, or there's a description of how to merge

Issue Resolution

TomAFrench avatar Nov 18 '22 18:11 TomAFrench

Waiting for #2031 to be merged so we can use it here.

TomAFrench avatar Nov 22 '22 12:11 TomAFrench

As we're migrating the authorizer on mainnet but not on L2s we'll need to have support for both authorizers for the foreseeable future. Parking this PR until we update subgraph, etc. appropriately.

TomAFrench avatar Nov 30 '22 12:11 TomAFrench