Skip to content

Replaced whitelist with RBAC #241

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Replaced whitelist with RBAC #241

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ba0cf36
chore(`BTT tests`): added `BTT` tests for untested OFT methods
cryptotechmaker Aug 29, 2024
28953cf
feat: switched from whitelist to RBAC
cryptotechmaker Sep 11, 2024
2a11a8f
removed updateContract
cryptotechmaker Sep 12, 2024
3fbb4fa
chore: removed .updateContract calls
cryptotechmaker Sep 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion contracts/tOFT/mTOFT.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ contract mTOFT is BaseTOFT, ReentrancyGuard, ERC20Permit, IStargateReceiver {
constructor(TOFTInitStruct memory _tOFTData, TOFTModulesInitStruct memory _modulesData, address _stgRouter)
BaseTOFT(_tOFTData)
ERC20Permit(_tOFTData.name)
{
{
if (_getChainId() == hostEid) {
connectedChains[hostEid] = true;
}
Expand Down
4 changes: 2 additions & 2 deletions contracts/tOFT/modules/BaseTOFTReceiver.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,8 +120,8 @@ abstract contract BaseTOFTReceiver is BaseTOFT, TapiocaOmnichainReceiver, Reentr
// ********************* //
// ***** RECEIVERS ***** //
// ********************* //
function _sanitizeTarget(address target) internal view {
if (!getCluster().isWhitelisted(0, target)) {
function _sanitizeTarget(address target, bytes memory role) internal view {
if (!getCluster().hasRole(target, keccak256(role))) {
revert InvalidApprovalTarget(target);
}
}
Expand Down
20 changes: 10 additions & 10 deletions contracts/tOFT/modules/TOFTMarketReceiverModule.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,8 +155,8 @@ contract TOFTMarketReceiverModule is BaseTOFT {
}

function _validateLeverageUpReceiver(LeverageUpActionMsg memory msg_, address srcChainSender) private returns (LeverageUpActionMsg memory) {
_checkWhitelistStatus(msg_.market);
_checkWhitelistStatus(msg_.marketHelper);
_checkWhitelistStatus(msg_.market, "OFT_MARKET_CALLEE");
_checkWhitelistStatus(msg_.marketHelper, "OFT_HELPER_CALLEE");

msg_.borrowAmount = _toLD(msg_.borrowAmount.toUint64());
if (msg_.supplyAmount > 0) {
Expand All @@ -181,9 +181,9 @@ contract TOFTMarketReceiverModule is BaseTOFT {
}

function _validateMarketBorrowReceiver(MarketBorrowMsg memory msg_, address srcChainSender) private returns (MarketBorrowMsg memory) {
_checkWhitelistStatus(msg_.borrowParams.marketHelper);
_checkWhitelistStatus(msg_.borrowParams.magnetar);
_checkWhitelistStatus(msg_.borrowParams.market);
_checkWhitelistStatus(msg_.borrowParams.marketHelper, "OFT_HELPER_CALLEE");
_checkWhitelistStatus(msg_.borrowParams.magnetar, "OFT_MAGNETAR_CALLEE");
_checkWhitelistStatus(msg_.borrowParams.market, "OFT_MARKET_CALLEE");

msg_.borrowParams.amount = _toLD(msg_.borrowParams.amount.toUint64());
msg_.borrowParams.borrowAmount = _toLD(msg_.borrowParams.borrowAmount.toUint64());
Expand Down Expand Up @@ -219,9 +219,9 @@ contract TOFTMarketReceiverModule is BaseTOFT {
}

function _validateMarketRemoveCollateral(MarketRemoveCollateralMsg memory msg_, address srcChainSender) private returns (MarketRemoveCollateralMsg memory) {
_checkWhitelistStatus(msg_.removeParams.market);
_checkWhitelistStatus(msg_.removeParams.marketHelper);
_checkWhitelistStatus(msg_.removeParams.magnetar);
_checkWhitelistStatus(msg_.removeParams.market, "OFT_MARKET_CALLEE");
_checkWhitelistStatus(msg_.removeParams.marketHelper, "OFT_HELPER_CALLEE");
_checkWhitelistStatus(msg_.removeParams.magnetar, "OFT_MAGNETAR_CALLEE");

msg_.removeParams.amount = _toLD(msg_.removeParams.amount.toUint64());

Expand Down Expand Up @@ -254,9 +254,9 @@ contract TOFTMarketReceiverModule is BaseTOFT {
IMagnetar(payable(msg_.removeParams.magnetar)).burst{value: msg_.value}(magnetarCall);
}

function _checkWhitelistStatus(address _addr) private view {
function _checkWhitelistStatus(address _addr, bytes memory role) private view {
if (_addr != address(0)) {
if (!getCluster().isWhitelisted(0, _addr)) {
if (!getCluster().hasRole(_addr, keccak256(role))) {
revert TOFTMarketReceiverModule_NotAuthorized(_addr);
}
}
Expand Down
16 changes: 8 additions & 8 deletions contracts/tOFT/modules/TOFTOptionsReceiverModule.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,11 +167,11 @@ contract TOFTOptionsReceiverModule is BaseTOFT {
private
returns (LockAndParticipateData memory)
{
_checkWhitelistStatus(msg_.tSglToken);
_checkWhitelistStatus(msg_.yieldBox);
_checkWhitelistStatus(msg_.magnetar);
_checkWhitelistStatus(msg_.tSglToken, "OFT_MARKET_CALLEE");
_checkWhitelistStatus(msg_.yieldBox, "OFT_YIELDBOX_CALLEE");
_checkWhitelistStatus(msg_.magnetar, "OFT_MAGNETAR_CALLEE");
if (msg_.lockData.lock) {
_checkWhitelistStatus(msg_.lockData.target);
_checkWhitelistStatus(msg_.lockData.target, "OFT_TAP_CALLEE");
if (msg_.lockData.amount > 0) {
msg_.lockData.amount = _toLD(uint256(msg_.lockData.amount).toUint64()).toUint128();
}
Expand All @@ -182,7 +182,7 @@ contract TOFTOptionsReceiverModule is BaseTOFT {
}

if (msg_.participateData.participate) {
_checkWhitelistStatus(msg_.participateData.target);
_checkWhitelistStatus(msg_.participateData.target, "OFT_TAP_CALLEE");
}

return msg_;
Expand All @@ -201,7 +201,7 @@ contract TOFTOptionsReceiverModule is BaseTOFT {
view
returns (ExerciseOptionsMsg memory)
{
_checkWhitelistStatus(msg_.optionsData.target);
_checkWhitelistStatus(msg_.optionsData.target, "OFT_TAP_CALLEE");

if (msg_.optionsData.tapAmount > 0) {
msg_.optionsData.tapAmount = _toLD(msg_.optionsData.tapAmount.toUint64());
Expand Down Expand Up @@ -288,9 +288,9 @@ contract TOFTOptionsReceiverModule is BaseTOFT {
}
}

function _checkWhitelistStatus(address _addr) private view {
function _checkWhitelistStatus(address _addr, bytes memory role) private view {
if (_addr != address(0)) {
if (!getCluster().isWhitelisted(0, _addr)) {
if (!getCluster().hasRole(_addr, keccak256(role))) {
revert TOFTOptionsReceiverModule_NotAuthorized(_addr);
}
}
Expand Down
2 changes: 0 additions & 2 deletions test/Balancer.t.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,6 @@ import {mTOFT} from "contracts/tOFT/mTOFT.sol";
import {ERC20Mock} from "./ERC20Mock.sol";
import {TOFTMock} from "./TOFTMock.sol";

import "forge-std/console.sol";

contract TOFTTest is TOFTTestHelper {
Balancer balancer;
StargateRouterMock routerA;
Expand Down
13 changes: 7 additions & 6 deletions test/MagnetarMock.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,15 @@ import {IOftSender} from "tap-utils/interfaces/oft/IOftSender.sol";
import {ICluster} from "tap-utils/interfaces/periph/ICluster.sol";
import {IPermit} from "tap-utils/interfaces/common/IPermit.sol";

// TODO: refactor with roles
/*
* @dev need this because of via-ir: true error on original Magnetar
**/
contract MagnetarMock is PearlmitHandler {
using SafeCast for uint256;
using SafeERC20 for IERC20;

error MagnetarMock_NotAuthorized();
error MagnetarMock_NotAuthorized(bytes reason);
error MagnetarMock_Failed();
error MagnetarMock_TargetNotWhitelisted(address target);
error MagnetarMock_GasMismatch(uint256 expected, uint256 received);
Expand Down Expand Up @@ -153,7 +154,7 @@ contract MagnetarMock is PearlmitHandler {
external
payable
{
if (!cluster.isWhitelisted(cluster.lzChainId(), address(_data.market))) revert MagnetarMock_NotAuthorized();
if (!cluster.hasRole(address(_data.market), keccak256("MAGNETAR_MARKET_CALLEE"))) revert MagnetarMock_NotAuthorized("MAGNETAR_MARKET_CALLEE");

IYieldBox yieldBox = IYieldBox(IMarket(_data.market)._yieldBox());

Expand Down Expand Up @@ -222,13 +223,13 @@ contract MagnetarMock is PearlmitHandler {
}

function _checkSender(address _from) internal view {
if (_from != msg.sender && !cluster.isWhitelisted(0, msg.sender)) {
revert MagnetarMock_NotAuthorized();
if (_from != msg.sender && !cluster.hasRole(msg.sender, keccak256(abi.encodePacked("CALLER_ALLOWED_FOR_", _from)))) {
revert MagnetarMock_NotAuthorized(abi.encodePacked("CALLER_ALLOWED_FOR_", _from));
}
}

function _withdrawToChain(MagnetarWithdrawData memory data) private {
if (!cluster.isWhitelisted(0, address(data.yieldBox))) {
if (!cluster.hasRole(address(data.yieldBox), keccak256("YIELDBOX_WITHDRAW"))) {
revert MagnetarMock_TargetNotWhitelisted(address(data.yieldBox));
}
IYieldBox _yieldBox = IYieldBox(data.yieldBox);
Expand All @@ -240,7 +241,7 @@ contract MagnetarMock is PearlmitHandler {
uint256 balanceBefore = IERC20(_token).balanceOf(address(this));
// IERC20(_token).safeTransferFrom(_from, address(this), _amount);
bool isErr = pearlmit.transferFromERC20(_from, address(this), _token, _amount);
if (isErr) revert MagnetarMock_NotAuthorized();
if (isErr) revert MagnetarMock_NotAuthorized("");
uint256 balanceAfter = IERC20(_token).balanceOf(address(this));
if (balanceAfter <= balanceBefore) revert MagnetarMock_Failed();
return balanceAfter - balanceBefore;
Expand Down
55 changes: 38 additions & 17 deletions test/TOFT.t.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -320,21 +320,18 @@ contract TOFTTest is TOFTTestHelper {

marketHelper = new MarketHelperMock();

cluster.updateContract(aEid, address(yieldBox), true);
cluster.updateContract(aEid, address(singularity), true);
cluster.updateContract(aEid, address(magnetar), true);
cluster.updateContract(aEid, address(tOB), true);
cluster.updateContract(aEid, address(marketHelper), true);
cluster.updateContract(bEid, address(yieldBox), true);
cluster.updateContract(bEid, address(singularity), true);
cluster.updateContract(bEid, address(magnetar), true);
cluster.updateContract(bEid, address(tOB), true);
cluster.updateContract(bEid, address(marketHelper), true);
cluster.updateContract(0, address(yieldBox), true);
cluster.updateContract(0, address(singularity), true);
cluster.updateContract(0, address(magnetar), true);
cluster.updateContract(0, address(tOB), true);
cluster.updateContract(0, address(marketHelper), true);
cluster.setRoleForContract(address(marketHelper), keccak256("OFT_HELPER_CALLEE"), true);
cluster.setRoleForContract(address(magnetar), keccak256("OFT_MAGNETAR_CALLEE"), true);
cluster.setRoleForContract(address(singularity), keccak256("OFT_MARKET_CALLEE"), true);
cluster.setRoleForContract(address(yieldBox), keccak256("OFT_YIELDBOX_CALLEE"), true);

cluster.setRoleForContract(address(singularity), keccak256("MAGNETAR_MARKET_CALLEE"), true);
cluster.setRoleForContract(address(marketHelper), keccak256("MAGNETAR_HELPER_CALLEE"), true);
cluster.setRoleForContract(address(tOB), keccak256("MAGNETAR_TAP_CALLEE"), true);
cluster.setRoleForContract(address(magnetar), keccak256("MAGNETAR_CALLEE"), true);
cluster.setRoleForContract(address(yieldBox), keccak256("MAGNETAR_YIELDBOX_CALLEE"), true);

cluster.setRoleForContract(address(yieldBox), keccak256("YIELDBOX_WITHDRAW"), true);
}

/**
Expand Down Expand Up @@ -692,6 +689,10 @@ contract TOFTTest is TOFTTestHelper {
executorData: "0x"
});

cluster.setRoleForContract(address(singularity), keccak256("OFT_MARKET_CALLEE"), true);
cluster.setRoleForContract(address(marketHelper), keccak256("OFT_HELPER_CALLEE"), true);


bytes memory sendMsg_ = tOFTHelper.buildLeverageUpMsg(leverageMsg);

PrepareLzCallReturn memory prepareLzCallReturn2_ = tOFTHelper.prepareLzCall(
Expand Down Expand Up @@ -750,7 +751,7 @@ contract TOFTTest is TOFTTestHelper {
function test_tOFT_erc20_approvals() public {
address userC_ = vm.addr(0x3);

cluster.updateContract(0, address(bTOFT), true);
cluster.setRoleForContract(address(bTOFT), keccak256("PERMIT_ERC20_CALLEE"), true);

ERC20PermitApprovalMsg memory permitApprovalB_;
ERC20PermitApprovalMsg memory permitApprovalC_;
Expand Down Expand Up @@ -1016,6 +1017,7 @@ contract TOFTTest is TOFTTestHelper {
pearlmit.approve(20, address(bTOFT), 0, address(magnetar), type(uint200).max, uint48(block.timestamp)); // Atomic approval
bTOFT.approve(address(pearlmit), type(uint200).max);


MarketBorrowMsg memory marketBorrowMsg = MarketBorrowMsg({
user: address(this),
borrowParams: IBorrowParams({
Expand Down Expand Up @@ -1144,6 +1146,12 @@ contract TOFTTest is TOFTTestHelper {
*/
uint256 tokenAmountSD = tOFTHelper.toSD(tokenAmount_, aTOFT.decimalConversionRate());


cluster.setRoleForContract(address(marketHelper), keccak256("OFT_HELPER_CALLEE"), true);
cluster.setRoleForContract(address(magnetar), keccak256("OFT_MAGNETAR_CALLEE"), true);
cluster.setRoleForContract(address(singularity), keccak256("OFT_MARKET_CALLEE"), true);


//approve magnetar
bTOFT.approve(address(magnetar), type(uint256).max);
MarketRemoveCollateralMsg memory marketMsg = MarketRemoveCollateralMsg({
Expand Down Expand Up @@ -1455,6 +1463,8 @@ contract TOFTTest is TOFTTestHelper {
function test_exercise_option() public {
uint256 erc20Amount_ = 1 ether;

cluster.setRoleForContract(address(tOB), keccak256("OFT_TAP_CALLEE"), true);

//setup
{
deal(address(aTOFT), address(this), erc20Amount_);
Expand Down Expand Up @@ -1596,6 +1606,8 @@ contract TOFTTest is TOFTTestHelper {
}

function test_tOFT_yb_permit_all() public {
cluster.setRoleForContract(address(yieldBox), keccak256("PERMIT_YIELDBOX_CALLEE"), true);

bytes memory approvalMsg_;
{
ERC20PermitStruct memory approvalUserB_ =
Expand Down Expand Up @@ -1659,6 +1671,8 @@ contract TOFTTest is TOFTTestHelper {
}

function test_tOFT_yb_revoke_all() public {
cluster.setRoleForContract(address(yieldBox), keccak256("PERMIT_YIELDBOX_CALLEE"), true);

bytes memory approvalMsg_;
{
ERC20PermitStruct memory approvalUserB_ =
Expand Down Expand Up @@ -1723,6 +1737,8 @@ contract TOFTTest is TOFTTestHelper {
}

function test_tOFT_yb_permit_asset() public {
cluster.setRoleForContract(address(yieldBox), keccak256("PERMIT_YIELDBOX_CALLEE"), true);

YieldBoxApproveAssetMsg memory permitApprovalB_;
YieldBoxApproveAssetMsg memory permitApprovalC_;
bytes memory approvalsMsg_;
Expand Down Expand Up @@ -1813,6 +1829,8 @@ contract TOFTTest is TOFTTestHelper {
}

function test_tOFT_yb_revoke_asset() public {
cluster.setRoleForContract(address(yieldBox), keccak256("PERMIT_YIELDBOX_CALLEE"), true);

YieldBoxApproveAssetMsg memory permitApprovalB_;
YieldBoxApproveAssetMsg memory permitApprovalC_;
bytes memory approvalsMsg_;
Expand Down Expand Up @@ -1907,7 +1925,8 @@ contract TOFTTest is TOFTTestHelper {
}

function test_tOFT_market_permit_asset() public {
cluster.updateContract(0, address(singularity), true);
cluster.setRoleForContract(address(singularity), keccak256("PERMIT_MARKET_CALLEE"), true);

bytes memory approvalMsg_;
{
// @dev v,r,s will be completed on `__getMarketPermitData`
Expand Down Expand Up @@ -1980,6 +1999,8 @@ contract TOFTTest is TOFTTestHelper {
}

function test_tOFT_market_permit_collateral() public {
cluster.setRoleForContract(address(singularity), keccak256("PERMIT_MARKET_CALLEE"), true);

bytes memory approvalMsg_;
{
// @dev v,r,s will be completed on `__getMarketPermitData`
Expand Down
Loading