Skip to content

Commit

Permalink
Implements per-ritual customization of authorization contract, new ri…
Browse files Browse the repository at this point in the history 
…tuals use a default authorization contract deployemnt (AllowList).

Co-authored-by: James Campbell <james.campbell@tanti.org.uk>
Co-authored-by: Kieran Prasch <kieranprasch@gmail.com>
  • Loading branch information
@KPrasch @theref
KPrasch and theref committed Jun 21, 2023
1 parent 06e9014 commit 6fc40f9
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 14 deletions.
23 changes: 13 additions & 10 deletions contracts/contracts/coordination/AllowList.sol
View file
Original file line number Diff line number Diff line change
@@ -1,37 +1,40 @@
pragma solidity ^0.8.0;
import "@openzeppelin/contracts/access/AccessControl.sol";
import "@openzeppelin/contracts/access/AccessControlDefaultAdminRules.sol";
import "./IAccessController.sol";
import "./Coordinator.sol";

contract AllowList is AccessControl, IAccessController {

contract AllowList is AccessControlDefaultAdminRules, IAccessController {
Coordinator public coordinator;

// mapp
mapping(uint256 => mapping(address => bool)) public rituals;

constructor(Coordinator _coordinator) {
constructor(
Coordinator _coordinator,
address _admin
) AccessControlDefaultAdminRules(0, _admin) {
coordinator = _coordinator;
}

function bytesToAddress(bytes memory bys) private pure returns (address addr) {
assembly {
addr := mload(add(bys, 20))
}
function setCoordinator(Coordinator _coordinator) public {
require(hasRole(DEFAULT_ADMIN_ROLE, msg.sender), "Only admin can set coordinator");
coordinator = _coordinator;
}

function isEnricoAuthorized(
uint256 ritualID,
bytes memory evidence,
bytes memory ciphertextHash
) public view override returns(bool) {
enricoAddress = address(uint160(bytes20(evidence)));
address enricoAddress = address(uint160(bytes20(evidence)));
return rituals[ritualID][enricoAddress];
}

function authorize(uint256 ritualID, address[] calldata addresses) public {
require(coordinator.rituals(ritualId).authority == msg.sender,
"Only ritual authority is permitted");
require(coordinator.getRitualStatus(ritualId) == RitualStatus.ACTIVE,
require(coordinator.getRitualStatus(ritualId) == RitualStatus.FINALIZED,
"Only active rituals can add authorizations");
for (uint i=0; i<addresses.length; i++) {
rituals[ritualID][addresses[i]] = true;
Expand All @@ -41,7 +44,7 @@ contract AllowList is AccessControl, IAccessController {
function deauthorize(uint256 ritualID, address[] calldata addresses) public {
require(coordinator.rituals(ritualId).authority == msg.sender,
"Only ritual authority is permitted");
require(coordinator.getRitualStatus(ritualId) == RitualStatus.ACTIVE,
require(coordinator.getRitualStatus(ritualId) == RitualStatus.FINALIZED,
"Only active rituals can add authorizations");
for (uint i=0; i<addresses.length; i++) {
rituals[ritualID][addresses[i]] = false;
Expand Down
41 changes: 37 additions & 4 deletions contracts/contracts/coordination/Coordinator.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ contract Coordinator is AccessControlDefaultAdminRules {
address authority;
uint16 dkgSize;
bool aggregationMismatch;
address accessController;
BLS12381.G1Point publicKey;
bytes aggregatedTranscript;
Participant[] participant;
Expand All @@ -78,14 +79,17 @@ contract Coordinator is AccessControlDefaultAdminRules {
uint32 _timeout,
uint16 _maxDkgSize,
address _admin,
address _feeModel
address _feeModel,
address _defaultAccessController
) AccessControlDefaultAdminRules(0, _admin)
{
require(address(_feeModel.stakes()) == address(_stakes), "Invalid stakes for fee model");
application = _stakes;
timeout = _timeout;
maxDkgSize = _maxDkgSize;
feeModel = IFeeModel(_feeModel);

defaultAccessController = _defaultAccessController;
}

function getRitualState(uint256 ritualId) external view returns (RitualState){
Expand Down Expand Up @@ -141,6 +145,13 @@ contract Coordinator is AccessControlDefaultAdminRules {
}
}

function setRitualAuthority(uint32 ritualId, address authority) external {
Ritual storage ritual = rituals[ritualId];
require(getRitualState(ritualId) == RitualState.FINALIZED, "Ritual not finalized");
require(msg.sender == ritual.authority, "Sender not ritual authority");
ritual.authority = authority;
}

function numberOfRituals() external view returns(uint256) {
return rituals.length;
}
Expand All @@ -150,11 +161,15 @@ contract Coordinator is AccessControlDefaultAdminRules {
return ritual.participant;
}

function initiateRitual(
function _initiateRitual(
address[] calldata providers,
address authority,
uint32 duration
) external returns (uint32) {
uint32 duration,
address accessController
) internal returns (uint32) {

require(authority =! address(0), "Invalid authority");

require(
isInitiationPublic || hasRole(INITIATOR_ROLE, msg.sender),
"Sender can't initiate ritual"
Expand All @@ -174,6 +189,7 @@ contract Coordinator is AccessControlDefaultAdminRules {
ritual.dkgSize = uint16(length);
ritual.initTimestamp = uint32(block.timestamp);
ritual.endTimestamp = ritual.initTimestamp + duration;
ritual.accessController = accessController;

address previous = address(0);
for(uint256 i=0; i < length; i++){
Expand All @@ -195,6 +211,23 @@ contract Coordinator is AccessControlDefaultAdminRules {
return id;
}

function initiateRitual(
address[] calldata providers,
address authority,
uint32 duration,
address accessController
) external returns (uint32) {
return _initiateRitual(providers, authority, duration, accessController);
}

function initiateRitual(
address[] calldata providers,
address authority,
uint32 duration
) external returns (uint32) {
return _initiateRitual(providers, authority, duration, defaultAccessController);
}

function cohortFingerprint(address[] calldata nodes) public pure returns(bytes32) {
return keccak256(abi.encode(nodes));
}
Expand Down

0 comments on commit 6fc40f9

Please sign in to comment.