nucypher · cygnusv · Jul 3, 2024 · Jun 27, 2024 · Jun 28, 2024 · Jun 28, 2024
diff --git a/contracts/contracts/coordination/BetaProgramInitiator.sol b/contracts/contracts/coordination/BetaProgramInitiator.sol
diff --git a/contracts/contracts/coordination/Coordinator.sol b/contracts/contracts/coordination/Coordinator.sol
@@ -88,7 +88,6 @@ contract Coordinator is Initializable, AccessControlDefaultAdminRulesUpgradeable
         BLS12381.G2Point publicKey;
     }
 
-    bytes32 public constant INITIATOR_ROLE = keccak256("INITIATOR_ROLE");
     bytes32 public constant TREASURY_ROLE = keccak256("TREASURY_ROLE");
 
     ITACoChildApplication public immutable application;
@@ -97,11 +96,11 @@ contract Coordinator is Initializable, AccessControlDefaultAdminRulesUpgradeable
     Ritual[] public rituals;
     uint32 public timeout;
     uint16 public maxDkgSize;
-    bool public isInitiationPublic;
+    bool private stub1; // former isInitiationPublic
 
-    uint256 private stub1; // former totalPendingFees
-    mapping(uint256 => uint256) private stub2; // former pendingFees
-    address private stub3; // former feeModel
+    uint256 private stub2; // former totalPendingFees
+    mapping(uint256 => uint256) private stub3; // former pendingFees
+    address private stub4; // former feeModel
 
     IReimbursementPool internal reimbursementPool;
     mapping(address => ParticipantKey[]) internal participantKeysHistory;
@@ -144,6 +143,10 @@ contract Coordinator is Initializable, AccessControlDefaultAdminRulesUpgradeable
         return rituals[ritualId].accessController;
     }
 
+    function getFeeModel(uint32 ritualId) external view returns (IFeeModel) {
+        return rituals[ritualId].feeModel;
+    }
+
     function getRitualState(uint32 ritualId) external view returns (RitualState) {
         return getRitualState(rituals[ritualId]);
     }
@@ -190,11 +193,6 @@ contract Coordinator is Initializable, AccessControlDefaultAdminRulesUpgradeable
         }
     }
 
-    function makeInitiationPublic() external onlyRole(DEFAULT_ADMIN_ROLE) {
-        isInitiationPublic = true;
-        _setRoleAdmin(INITIATOR_ROLE, bytes32(0));
-    }
-
     function setProviderPublicKey(BLS12381.G2Point calldata publicKey) external {
         uint32 lastRitualId = uint32(rituals.length);
         address stakingProvider = application.operatorToStakingProvider(msg.sender);
@@ -280,10 +278,6 @@ contract Coordinator is Initializable, AccessControlDefaultAdminRulesUpgradeable
     ) external returns (uint32) {
         require(authority != address(0), "Invalid authority");
 
-        require(
-            isInitiationPublic || hasRole(INITIATOR_ROLE, msg.sender),
-            "Sender can't initiate ritual"
-        );
         require(feeModelsRegistry[feeModel], "Fee model must be approved");
         uint16 length = uint16(providers.length);
         require(2 <= length && length <= maxDkgSize, "Invalid number of nodes");
@@ -549,6 +543,17 @@ contract Coordinator is Initializable, AccessControlDefaultAdminRulesUpgradeable
         return found;
     }
 
+    /// @dev Deprecated, see issue #195
+    function isEncryptionAuthorized(
+        uint32 ritualId,
+        bytes memory evidence,
+        bytes memory ciphertextHeader
+    ) external view returns (bool) {
+        Ritual storage ritual = rituals[ritualId];
+        require(getRitualState(ritual) == RitualState.ACTIVE, "Ritual not active");
+        return ritual.accessController.isAuthorized(ritualId, evidence, ciphertextHeader);
+    }
+
     function processReimbursement(uint256 initialGasLeft) internal {
         if (address(reimbursementPool) != address(0)) {
             uint256 gasUsed = initialGasLeft - gasleft();

diff --git a/contracts/contracts/coordination/GlobalAllowList.sol b/contracts/contracts/coordination/GlobalAllowList.sol
@@ -17,7 +17,6 @@ contract GlobalAllowList is IEncryptionAuthorizer {
     using ECDSA for bytes32;
 
     Coordinator public immutable coordinator;
-    IFeeModel public immutable feeModel;
 
     mapping(bytes32 => bool) internal authorizations;
 
@@ -41,16 +40,11 @@ contract GlobalAllowList is IEncryptionAuthorizer {
      * @notice Sets the coordinator contract
      * @dev The coordinator contract cannot be a zero address and must have a valid number of rituals
      * @param _coordinator The address of the coordinator contract
-     * @param _feeModel The address of the fee model contract
      */
-    constructor(Coordinator _coordinator, IFeeModel _feeModel) {
-        require(
-            address(_coordinator) != address(0) && address(_feeModel) != address(0),
-            "Contracts cannot be zero addresses"
-        );
+    constructor(Coordinator _coordinator) {
+        require(address(_coordinator) != address(0), "Contracts cannot be zero addresses");
         require(_coordinator.numberOfRituals() >= 0, "Invalid coordinator");
         coordinator = _coordinator;
-        feeModel = _feeModel;
     }
 
     /**
@@ -88,6 +82,7 @@ contract GlobalAllowList is IEncryptionAuthorizer {
         // solhint-disable-next-line no-unused-vars
         bytes memory ciphertextHeader
     ) internal view virtual {
+        IFeeModel feeModel = coordinator.getFeeModel(ritualId);
         feeModel.beforeIsAuthorized(ritualId);
     }
 
@@ -120,6 +115,7 @@ contract GlobalAllowList is IEncryptionAuthorizer {
         address[] calldata addresses,
         bool value
     ) internal virtual {
+        IFeeModel feeModel = coordinator.getFeeModel(ritualId);
         feeModel.beforeSetAuthorization(ritualId, addresses, value);
     }
 

diff --git a/contracts/contracts/coordination/ManagedAllowList.sol b/contracts/contracts/coordination/ManagedAllowList.sol
@@ -39,9 +39,8 @@ contract ManagedAllowList is GlobalAllowList {
      */
     constructor(
         Coordinator _coordinator,
-        IFeeModel _feeModel,
-        UpfrontSubscriptionWithEncryptorsCap _subscription
-    ) GlobalAllowList(_coordinator, _feeModel) {
+        UpfrontSubscriptionWithEncryptorsCap _subscription // TODO replace with IFeeModel subscription
+    ) GlobalAllowList(_coordinator) {
         require(address(_subscription) != address(0), "Subscription cannot be the zero address");
         subscription = _subscription;
     }

diff --git a/contracts/contracts/coordination/subscription/BqETHSubscription.sol b/contracts/contracts/coordination/subscription/BqETHSubscription.sol
@@ -7,6 +7,7 @@ import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
 import "@openzeppelin-upgradeable/contracts/proxy/utils/Initializable.sol";
 import "@openzeppelin-upgradeable/contracts/access/OwnableUpgradeable.sol";
 import "./EncryptorSlotsSubscription.sol";
+import "../GlobalAllowList.sol";
 
 /**
  * @title BqETH Subscription
@@ -30,7 +31,7 @@ contract BqETHSubscription is EncryptorSlotsSubscription, Initializable, Ownable
     uint256 public immutable encryptorFeeRate;
     uint256 public immutable maxNodes;
 
-    IEncryptionAuthorizer public accessController;
+    GlobalAllowList public immutable accessController;
     uint32 public activeRitualId;
     mapping(uint256 periodNumber => Billing billing) public billingInfo;
 
@@ -75,6 +76,7 @@ contract BqETHSubscription is EncryptorSlotsSubscription, Initializable, Ownable
      * @notice Sets the coordinator and fee token contracts
      * @dev The coordinator and fee token contracts cannot be zero addresses
      * @param _coordinator The address of the coordinator contract
+     * @param _accessController The address of the global allow list
      * @param _feeToken The address of the fee token contract
      * @param _adopter The address of the adopter
      * @param _baseFeeRate Fee rate per node per second
@@ -86,6 +88,7 @@ contract BqETHSubscription is EncryptorSlotsSubscription, Initializable, Ownable
      */
     constructor(
         Coordinator _coordinator,
+        GlobalAllowList _accessController,
         IERC20 _feeToken,
         address _adopter,
         uint256 _baseFeeRate,
@@ -104,11 +107,16 @@ contract BqETHSubscription is EncryptorSlotsSubscription, Initializable, Ownable
     {
         require(address(_feeToken) != address(0), "Fee token cannot be the zero address");
         require(_adopter != address(0), "Adopter cannot be the zero address");
+        require(
+            address(_accessController) != address(0),
+            "Access controller cannot be the zero address"
+        );
         feeToken = _feeToken;
         adopter = _adopter;
         baseFeeRate = _baseFeeRate;
         encryptorFeeRate = _encryptorFeeRate;
         maxNodes = _maxNodes;
+        accessController = _accessController;
         _disableInitializers();
     }
 
@@ -131,15 +139,7 @@ contract BqETHSubscription is EncryptorSlotsSubscription, Initializable, Ownable
     /**
      * @notice Initialize function for using with OpenZeppelin proxy
      */
-    function initialize(
-        address _treasury,
-        IEncryptionAuthorizer _accessController
-    ) external initializer {
-        require(
-            address(accessController) == address(0) && address(_accessController) != address(0),
-            "Access controller not already set and parameter cannot be the zero address"
-        );
-        accessController = _accessController;
+    function initialize(address _treasury) external initializer {
         activeRitualId = INACTIVE_RITUAL_ID;
         __Ownable_init(_treasury);
     }