Skip to content

feat: access control contract #1758

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Jul 23, 2025
Merged

feat: access control contract #1758

merged 8 commits into from
Jul 23, 2025

Conversation

pakim249CAL
Copy link
Contributor

@pakim249CAL pakim249CAL commented Jul 11, 2025
edited
Loading

Why are these changes needed?

Adds a relatively vanilla access control contract to the eigenDA contracts, and integrates it into the Address Directory's access management.

Checks

  • I've made sure the tests are passing. Note that there might be a few flaky tests, in that case, please comment that they are not relevant.
  • I've checked the new test coverage and the coverage percentage didn't drop.
  • Testing Strategy
    • Unit tests
    • Integration tests
    • This PR is not tested :(

@pakim249CAL pakim249CAL marked this pull request as ready for review July 15, 2025 18:46
@pakim249CAL pakim249CAL requested review from samlaf and litt3 July 15, 2025 18:46
@anupsv anupsv self-requested a review July 18, 2025 04:19
samlaf
samlaf reviewed Jul 21, 2025
View reviewed changes
contracts/src/core/libraries/v3/access-control/AccessControlConstants.sol
bytes32 internal constant OWNER_ROLE = keccak256("OWNER");
bytes32 internal constant QUORUM_OWNER_SEED = keccak256("QUORUM_OWNER");

function QUORUM_OWNER_ROLE(uint64 quorumId) internal pure returns (bytes32) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how should this be used? Is the idea that the caller would call

EigenDAAccessControl.setupRole(AccessControlConstants.QUORUM_OWNER_ROLE(quorumId))

? Or how else is this supposed to be used? should we add a quorum_setter in EigenDAAccessControl already?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function defines a protocol in which the role identifier for a quorum owner for a particular quorum ID is generated. It can be used in contracts, tests, and production as a library function. Your example is one use case, but it would also be necessary to have this kind of function for contracts to efficiently query for quorum owners.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This intended use case should probably be documented in the contract then.

@pakim249CAL pakim249CAL requested a review from samlaf July 21, 2025 20:18
samlaf
samlaf previously approved these changes Jul 22, 2025
View reviewed changes
contracts/src/core/EigenDAAccessControl.sol Outdated
_grantRole(AccessControlConstants.OWNER_ROLE, owner);
}

function setupRole(bytes32 role, address account) external {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
function setupRole(bytes32 role, address account) external {
function grantRole(bytes32 role, address account) external {

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

think renaming to match the OZ function makes more sense?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this case, no because then we would be overloading the existing grantRole function inherited from AccessControl. This function is meant to use the DEFAULT_ADMIN_ROLE defined in the AccessControl contract which has ownership over all roles by default, but I leave this role unused.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm already confused. We can't overwrite that function because... its used? or because of some other reason AND we should make sure that nobody ever uses the grantRole function which is unfortunately exposed because of inheritance?
All this is the kind of stuff that should be documented...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a44a23b

I decided to simply just use the DEFAULT_ADMIN_ROLE to use the paradigm that openzeppelin intends, which is for their defined DEFAULT_ADMIN_ROLE to be able to grant roles. And so now the contract is basically just OZ's AccessControl with a constructor.

@pakim249CAL pakim249CAL requested a review from samlaf July 22, 2025 16:07
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 23, 2025
edited
Loading

The latest Buf updates on your PR. Results from workflow Buf Proto / buf (pull_request).

BuildFormatLintBreakingUpdated (UTC)
✅ passed✅ passed✅ passed✅ passedJul 23, 2025, 1:04 PM

@pakim249CAL pakim249CAL added this pull request to the merge queue Jul 23, 2025
Merged via the queue into master with commit 0b2ed9d Jul 23, 2025
27 checks passed
@pakim249CAL pakim249CAL deleted the feat/access-control branch July 23, 2025 13:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samlaf samlaf samlaf approved these changes

@litt3 litt3 Awaiting requested review from litt3

@anupsv anupsv Awaiting requested review from anupsv

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pakim249CAL @samlaf