[SC-472] Move everything to AccessControl roles #20
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lucas-manuel
approved these changes
Jun 13, 2024
lucas-manuel
requested changes
Jun 13, 2024
|
Coverage after merging SC-472-guardian-merge-into-access-control into SC-463-merge-auth-bridge will be
Coverage Report
|
|||||||||||||||||||
lucas-manuel
approved these changes
Jun 13, 2024
barrutko
approved these changes
Jun 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR removes the
onlyThisandonlyGuardianmodifiers and merges them into the more general access control contract. You may be wondering why the bridge receiver was moved back to a non-default-admin roleSUBMISSION_ROLE. This is because all that actions that are admin such as set the guardian, update delay, etc should only be accessible behind the delay. IE the receiver (eg.OptimismReceiver) should not be overall admin able to execute changes without the delay.Instead
queueshould be specific to bridge receiver to put a message in a delay, and the default admin is the contract itself. See:_grantRole(DEFAULT_ADMIN_ROLE, address(this));in theExecutorconstructor.So in summary:
Submission role: can submit messages under a delay
Guardian role: can cancel queued messages
Default admin role: can do anything without delay including change delay, guardian role, submission role, etc.