feat: access control contract (#1758)

* feat: access control contract

* fix: deprecated fn

* refactor: embed access control into eigenDA Directory

* doc: constants

* feat: use multiple roles to simplify code

Author: pakim249CAL

contracts/script/EigenDADeployer.s.sol

@@ -33,6 +33,7 @@ import {IEigenDADisperserRegistry} from "src/core/interfaces/IEigenDADisperserRe
 import {EigenDARelayRegistry} from "src/core/EigenDARelayRegistry.sol";
 import {ISocketRegistry, SocketRegistry} from "../lib/eigenlayer-middleware/src/SocketRegistry.sol";
 import {IEigenDADirectory, EigenDADirectory} from "src/core/EigenDADirectory.sol";
+import {EigenDAAccessControl} from "src/core/EigenDAAccessControl.sol";
 import {
     DeployOpenEigenLayer,
     ProxyAdmin,
@@ -70,8 +71,10 @@ contract EigenDADeployer is DeployOpenEigenLayer {
     IPaymentVault public paymentVault;
     EigenDARelayRegistry public eigenDARelayRegistry;
     IEigenDADisperserRegistry public eigenDADisperserRegistry;
+    EigenDAAccessControl public eigenDAAccessControl;
 
     EigenDADirectory public eigenDADirectoryImplementation;
+
     BLSApkRegistry public apkRegistryImplementation;
     EigenDAServiceManager public eigenDAServiceManagerImplementation;
     EigenDACertVerifierRouter public eigenDACertVerifierRouterImplementation;
@@ -145,13 +148,15 @@ contract EigenDADeployer is DeployOpenEigenLayer {
 
         emptyContract = new EmptyContract();
 
+        eigenDAAccessControl = new EigenDAAccessControl(addressConfig.eigenLayerCommunityMultisig);
+
         eigenDADirectoryImplementation = new EigenDADirectory();
         eigenDADirectory = EigenDADirectory(
             address(
                 new TransparentUpgradeableProxy(
                     address(eigenDADirectoryImplementation),
                     address(eigenDAProxyAdmin),
-                    abi.encodeWithSelector(EigenDADirectory.initialize.selector, msg.sender)
+                    abi.encodeWithSelector(EigenDADirectory.initialize.selector, address(eigenDAAccessControl))
                 )
             )
         );
@@ -400,7 +405,5 @@ contract EigenDADeployer is DeployOpenEigenLayer {
             address(eigenDARelayRegistryImplementation),
             abi.encodeWithSelector(EigenDARelayRegistry.initialize.selector, addressConfig.eigenDACommunityMultisig)
         );
-
-        eigenDADirectory.transferOwnership(addressConfig.eigenLayerCommunityMultisig);
     }
 }

contracts/script/deploy/eigenda-directory/DeployEigenDADirectory.sol

@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.9;
+
+import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";
+import {AccessControlConstants} from "src/core/libraries/v3/access-control/AccessControlConstants.sol";
+
+/// @title EigenDAAccessControl
+/// @notice This contract is to serve as the centralized source of truth for access control in all EigenDA contracts.
+contract EigenDAAccessControl is AccessControl {
+    constructor(address owner) {
+        // The DEFAULT_ADMIN_ROLE can set the admin role for all other roles, and should be put behind a timelock.
+        _grantRole(DEFAULT_ADMIN_ROLE, owner);
+        // The OWNER_ROLE is the default ownership role for EigenDA contracts.
+        _grantRole(AccessControlConstants.OWNER_ROLE, owner);
+    }
+}

contracts/script/deploy/eigenda-directory/config/example.config.toml

@@ -4,13 +4,36 @@ pragma solidity ^0.8.9;
 import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
 import {AddressDirectoryLib} from "src/core/libraries/v3/address-directory/AddressDirectoryLib.sol";
 import {IEigenDADirectory} from "src/core/interfaces/IEigenDADirectory.sol";
+import {AccessControlConstants} from "src/core/libraries/v3/access-control/AccessControlConstants.sol";
+import {AddressDirectoryConstants} from "src/core/libraries/v3/address-directory/AddressDirectoryConstants.sol";
+import {IAccessControl} from "@openzeppelin/contracts/access/IAccessControl.sol";
+import {InitializableLib} from "src/core/libraries/v3/initializable/InitializableLib.sol";
 
-contract EigenDADirectory is OwnableUpgradeable, IEigenDADirectory {
+contract EigenDADirectory is IEigenDADirectory {
     using AddressDirectoryLib for string;
     using AddressDirectoryLib for bytes32;
 
-    function initialize(address _initialOwner) external initializer {
-        _transferOwnership(_initialOwner);
+    modifier initializer() {
+        InitializableLib.initialize();
+        _;
+    }
+
+    modifier onlyOwner() {
+        require(
+            IAccessControl(AddressDirectoryConstants.ACCESS_CONTROL_NAME.getKey().getAddress()).hasRole(
+                AccessControlConstants.OWNER_ROLE, msg.sender
+            ),
+            "Caller is not the owner"
+        );
+        _;
+    }
+
+    /// @dev If doing a fresh deployment, this contract should be deployed AFTER an access control contract has been deployed.
+    function initialize(address accessControl) external initializer {
+        require(accessControl != address(0), "Access control address cannot be zero");
+        bytes32 key = AddressDirectoryConstants.ACCESS_CONTROL_NAME.getKey();
+        AddressDirectoryConstants.ACCESS_CONTROL_NAME.getKey().setAddress(accessControl);
+        emit AddressAdded(AddressDirectoryConstants.ACCESS_CONTROL_NAME, key, accessControl);
     }
 
     /// @inheritdoc IEigenDADirectory