feat(evm): Add PermissionsPolicy for permissioned EVM #2538
Conversation
|
Reimplemented with a new approach based on @0xstepit suggestions! Please take a look and give me feedback. Will implement tests afterwards. Tested locally and works as expected. I will add a brief description tomorrow to explain it better. cc. @fedekunze Pay special attention to:
|
facs95
changed the title
| res, err := s.factory.ExecuteEthTx(signer.Priv, txArgs) | ||
| Expect(err).To(BeNil()) | ||
| Expect(res.IsOK()).To(Equal(true), "transaction should have succeeded", res.GetLog()) | ||
| }) |
There was a problem hiding this comment.
Nit: check that the balance was updated accordingly
| } | ||
| res, err := s.factory.ExecuteContractCall(signerPriv, txArgs, callArgs) | ||
| Expect(err).To(BeNil()) | ||
| Expect(res.IsOK()).To(Equal(true), "transaction should have succeeded", res.GetLog()) |
There was a problem hiding this comment.
Nit: validate that the state was updated accordingly
|
|
||
| res, err := s.factory.ExecuteEthTx(signer.Priv, txArgs) | ||
| Expect(err).To(BeNil()) | ||
| Expect(res.IsOK()).To(Equal(true), "transaction should have succeeded", res.GetLog()) |
|
|
||
| res, err := s.factory.ExecuteEthTx(signer.Priv, txArgs) | ||
| Expect(err).To(BeNil()) | ||
| Expect(res.IsOK()).To(Equal(true), "transaction should have succeeded", res.GetLog()) |
There was a problem hiding this comment.
ditto: validate that the balances are updated
x/evm/keeper/permissions.go
Outdated
| case types.AccessTypeEverybody: | ||
| return func(_ string) bool { return true } | ||
| case types.AccessTypeNobody: | ||
| return func(_ string) bool { return false } | ||
| case types.AccessTypeWhitelistAddress: | ||
| addresses := permissions.Create.WhitelistAddresses | ||
| isSignerAllowed := slices.Contains(addresses, signer) | ||
| return func(caller string) bool { | ||
| return isSignerAllowed || slices.Contains(addresses, caller) | ||
| } | ||
| } |
There was a problem hiding this comment.
Nit: encapsulate this logic into a func that takes the accessType & whitelistAddresses as input to avoid repeating the code in getCreateCallerFn and generateCallerFn
x/evm/keeper/permissions.go
Outdated
| return p.canCall(caller) | ||
| } | ||
|
|
||
| func generateCallerFn(permissions *types.Permissions, signer string) callerFn { |
There was a problem hiding this comment.
this function name is not very clear, can you please refactor it or add some comments about it. Maybe something like getCanCallFn is clearer
| // whitelist_addresses defines which addresses have permissions in case of permissioned access_type | ||
| repeated string whitelist_addresses = 2 |
There was a problem hiding this comment.
let's rename this to allowlist please
| option (gogoproto.goproto_enum_prefix) = false; | ||
|
|
||
| // ACCESS_TYPE_PERMISSIONLESS does not restrict the operation to anyone | ||
| ACCESS_TYPE_PERMISSIONLESS = 0 |
Description
Closes: #XXXX
With this we take a similar approach to CosmosWasm to make it possible to make the EVM permissioned. This proposes to have now within the EVM params a permissions field with the following types.
This allows for a granular control over permissions for create and call opcodes while also making it customizable for other customers of the evmosOS (this will improve in future versions).
In our version of the implementation we are passing this into the opcodeHooks for it to be called within the CREATE and CALL opcodes. If
AccessTypeWhitelistAddressis chosen, then we will check first that if the signer of the tx is a whitelisted address, if not then we check if the caller (contracts performing internal calls) has permissions.NOTE: This is blocked by evmos/go-ethereum#28
Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
Reviewers Checklist
All items are required.
Please add a note if the item is not applicable
and please add your handle next to the items reviewed
if you only reviewed selected items.
I have...
Unreleasedsection inCHANGELOG.md