Merge pull request #13 from Ion-Protocol/jun/teller-upgrade-checker

Teller Upgrade Checker
Ion-Protocol · Aug 15, 2024 · 7bf0e41 · 7bf0e41
2 parents 9b79f22 + 9a44fe8
commit 7bf0e41
Show file tree

Hide file tree

Showing 3 changed files with 120 additions and 8 deletions.
diff --git a/script/Base.s.sol b/script/Base.s.sol
@@ -6,10 +6,8 @@ import { ICreateX } from "lib/createx/src/ICreateX.sol";
 import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";
 
 import { Script, stdJson } from "@forge-std/Script.sol";
-import { console2 } from "@forge-std/console2.sol";
 
 import { ConfigReader, IAuthority } from "./ConfigReader.s.sol";
-import { console } from "forge-std/Test.sol";
 
 abstract contract BaseScript is Script {
     using stdJson for string;
@@ -72,7 +70,9 @@ abstract contract BaseScript is Script {
         vm.stopBroadcast();
     }
 
-    function deploy(ConfigReader.Config memory config) public virtual returns (address);
+    function deploy(ConfigReader.Config memory config) public virtual returns (address) {
+        revert("deploy() Not Implemented");
+    }
 
     function getConfig() public returns (ConfigReader.Config memory) {
         return ConfigReader.toConfig(requestConfigFileFromUser(), getChainConfigFile());

diff --git a/script/deploy/single/06_DeployRolesAuthority.s.sol b/script/deploy/single/06_DeployRolesAuthority.s.sol
@@ -11,17 +11,18 @@ import { ConfigReader } from "../../ConfigReader.s.sol";
 import { CrossChainTellerBase } from "../../../src/base/Roles/CrossChain/CrossChainTellerBase.sol";
 import { stdJson as StdJson } from "@forge-std/StdJson.sol";
 
+uint8 constant STRATEGIST_ROLE = 1;
+uint8 constant MANAGER_ROLE = 2;
+uint8 constant TELLER_ROLE = 3;
+uint8 constant UPDATE_EXCHANGE_RATE_ROLE = 4;
+uint8 constant SOLVER_ROLE = 5;
+
 /**
  * NOTE Deploys with `Authority` set to zero bytes.
  */
 contract DeployRolesAuthority is BaseScript {
     using StdJson for string;
 
-    uint8 public constant STRATEGIST_ROLE = 1;
-    uint8 public constant MANAGER_ROLE = 2;
-    uint8 public constant TELLER_ROLE = 3;
-    uint8 public constant UPDATE_EXCHANGE_RATE_ROLE = 4;
-
     function run() public virtual returns (address rolesAuthority) {
         return deploy(getConfig());
     }

diff --git a/script/deploy/upgrade/CheckTellerUpgrade.s.sol b/script/deploy/upgrade/CheckTellerUpgrade.s.sol
@@ -0,0 +1,111 @@
+import { BaseScript } from "../../Base.s.sol";
+import { TELLER_ROLE, SOLVER_ROLE } from "../single/06_DeployRolesAuthority.s.sol";
+
+import { TellerWithMultiAssetSupport } from "../../../src/base/Roles/TellerWithMultiAssetSupport.sol";
+import { CrossChainTellerBase } from "../../../src/base/Roles/CrossChain/CrossChainTellerBase.sol";
+
+import { RolesAuthority } from "@solmate/auth/authorities/RolesAuthority.sol";
+
+// forge script script/deploy/ --sig run(address, address) <oldTellerAddress> <newTellerAddress> --rpc-url <RPC_URL>
+contract CheckTellerUpgrade is BaseScript {
+    function run(address oldTeller, address newTeller) public {
+        require(oldTeller != address(0));
+        require(newTeller != address(0));
+
+        TellerWithMultiAssetSupport typedOldTeller = TellerWithMultiAssetSupport(oldTeller);
+        TellerWithMultiAssetSupport typedNewTeller = TellerWithMultiAssetSupport(newTeller);
+
+        RolesAuthority authority = RolesAuthority(address(typedOldTeller.authority()));
+
+        require(authority == typedNewTeller.authority());
+        require(typedOldTeller.vault() == typedNewTeller.vault());
+        require(typedOldTeller.accountant() == typedNewTeller.accountant());
+
+        // --- Old Teller Must Be Disabled ---
+
+        // Public capabilities.
+
+        // functions that were previously public
+        require(
+            !authority.isCapabilityPublic(oldTeller, TellerWithMultiAssetSupport.deposit.selector),
+            "oldTeller deposit must not be public"
+        );
+        require(
+            !authority.isCapabilityPublic(oldTeller, CrossChainTellerBase.bridge.selector),
+            "oldTeller bridge must not be public"
+        );
+        require(
+            !authority.isCapabilityPublic(oldTeller, CrossChainTellerBase.depositAndBridge.selector),
+            "oldTeller depositAndBridge must not be public"
+        );
+
+        // functions that should never be public
+        require(
+            !authority.isCapabilityPublic(oldTeller, TellerWithMultiAssetSupport.refundDeposit.selector),
+            "oldTeller refundDeposit must not be public"
+        );
+        require(
+            !authority.isCapabilityPublic(oldTeller, TellerWithMultiAssetSupport.depositWithPermit.selector),
+            "oldTeller depositWithPermit must not be public"
+        );
+        require(
+            !authority.isCapabilityPublic(oldTeller, TellerWithMultiAssetSupport.bulkDeposit.selector),
+            "oldTeller bulkDeposit must not be public"
+        );
+        require(
+            !authority.isCapabilityPublic(oldTeller, TellerWithMultiAssetSupport.bulkWithdraw.selector),
+            "oldTeller bulkWithdraw must not be public"
+        );
+
+        require(typedOldTeller.isPaused(), "oldTeller must be paused");
+
+        // roles
+        require(!authority.doesUserHaveRole(oldTeller, TELLER_ROLE), "oldTeller must not have the TELLER_ROLE");
+        require(
+            !authority.doesRoleHaveCapability(SOLVER_ROLE, oldTeller, TellerWithMultiAssetSupport.bulkWithdraw.selector),
+            "SOLVER_ROLE must not be able to call oldTeller's bulkWithdraw"
+        );
+
+        // --- New Teller Must Be Enabled---
+        // Public capabilities.
+        require(
+            authority.isCapabilityPublic(newTeller, TellerWithMultiAssetSupport.deposit.selector),
+            "newTeller deposit must be public"
+        );
+        require(
+            authority.isCapabilityPublic(newTeller, CrossChainTellerBase.bridge.selector),
+            "newTeller bridge must be public"
+        );
+        require(
+            authority.isCapabilityPublic(newTeller, CrossChainTellerBase.depositAndBridge.selector),
+            "newTeller depositAndBridge must be public"
+        );
+
+        // functions that should never be public
+        require(
+            !authority.isCapabilityPublic(newTeller, TellerWithMultiAssetSupport.refundDeposit.selector),
+            "newTeller refundDeposit must not be public"
+        );
+        require(
+            !authority.isCapabilityPublic(newTeller, TellerWithMultiAssetSupport.depositWithPermit.selector),
+            "newTeller depositWithPermit must not be public"
+        );
+        require(
+            !authority.isCapabilityPublic(newTeller, TellerWithMultiAssetSupport.bulkDeposit.selector),
+            "newTeller bulkDeposit must not be public"
+        );
+        require(
+            !authority.isCapabilityPublic(newTeller, TellerWithMultiAssetSupport.bulkWithdraw.selector),
+            "newTeller bulkWithdraw must not be public"
+        );
+
+        require(!typedNewTeller.isPaused(), "newTeller must not be paused");
+
+        // roles
+        require(authority.doesUserHaveRole(newTeller, TELLER_ROLE), "newTeller must have the TELLER_ROLE");
+        require(
+            authority.doesRoleHaveCapability(SOLVER_ROLE, newTeller, TellerWithMultiAssetSupport.bulkWithdraw.selector),
+            "SOLVER_ROLE must be able to call newTeller's bulkWithdraw"
+        );
+    }
+}