-
Notifications
You must be signed in to change notification settings - Fork 387
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Begin adding tracking for "real world" state of permissions granted onchain #2027
base: master
Are you sure you want to change the base?
Conversation
980cae1
to
27f66bd
Compare
Waiting for #2031 to be merged so we can use it here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fantastic initiative!
"0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f": "DAO_MULTISIG", | ||
"0x166f54f44f271407f24aa1be415a730035637325": "BALLER_OPS_MULTISIG", | ||
"0x75a52c0e32397a3fc0c052e2ceb3479802713cf4": "LINEAR_POOL_CONTROLLER_BALLER_MULTISIG", | ||
"0xf4a80929163c5179ca042e1b292f5efbbe3d89e6": "SWAP_FEE_CONTROLLER_BALLER_MULTISIG", | ||
"0xc38c5f97b34e175ffd35407fc91a937300e33860": "LM_MULTISIG", | ||
"0x7c68c42de679ffb0f16216154c996c354cf1161b": "TREASURY_MULTISIG", | ||
"0xa29f61256e948f3fb707b4b3b138c5ccb9ef9888": "EMERGENCY_SUBDAO_MULTISIG", | ||
"0x02f35dA6A02017154367Bc4d47bb6c7D06C7533B": "BLABS_OPS_MULTISIG", | ||
"0xd2eb7bd802a7ca68d9acd209bec4e664a9abdd7b": "BLABS_VEBAL_MULTISIG", | ||
"0xe4a8ed6c1d8d048bd29a00946bfcf2db10e7923b": "GAUNTLET_FEE_SETTER", | ||
"0xc92e8bdf79f0507f65a392b0ab4667716bfe0110": "GNOSIS_PROTOCOL_RELAYER" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It'd be good if we could also have a short description of what these are, their scope, and potentially even link to gov discussion. We could add a metadata field, or make this a ts file and just write comments
], | ||
}; | ||
|
||
const ignoredActionIds: string[] = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are network specific, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm making this package be mainnet only for the time being we're mostly interested in it for the authorizer migration.
|
||
body: JSON.stringify({ | ||
query: `{ | ||
accounts(first: 500) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if 500 is not enough?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We'd have to do pagination at some point as the graph limits how many responses is returns. We've got much fewer than 500 permissions atm (<50) so I'm not too concerned.
I'll add something to blow up this function if we actually receive 500 accounts.
As we're migrating the authorizer on mainnet but not on L2s we'll need to have support for both authorizers for the foreseeable future. Parking this PR until we update subgraph, etc. appropriately. |
Description
This PR starts the creation of the
v2-permissions
package which includes various scripts which aim to pull the current state of the Authorizer from onchain (through a subgraph) and reconstruct a human readable representation of the permissions which have been granted.Using the subgraph we can get a list of addresses and for each address a list of action ids which they have permissions over. We can then map from action ids to a list of contract-function pairs which it allows them to call, and from addresses to a human readable name, e.g.
The state of this package is very rough and will be refined but I want to share it early to help with verifying #1993
permissions/unrecognised.json
are unnecessary and then renounce/revoke them.permissions/functions.json
is a desirable end state for the system to be in post-migration.permissions/actionIds.json
matches the input to the authorizer migration deployment taskwhere
so we need to check that this is set properly for each action ID in the deployment task.permissions/functions.json
against the deployment task. This is likely good enough.Type of change
Checklist:
master
, or there's a description of how to mergeIssue Resolution