-
Notifications
You must be signed in to change notification settings - Fork 359
/
Accounts.sol
1124 lines (1016 loc) · 42.5 KB
/
Accounts.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
pragma solidity ^0.5.13;
import "openzeppelin-solidity/contracts/math/SafeMath.sol";
import "openzeppelin-solidity/contracts/ownership/Ownable.sol";
import "./interfaces/IAccounts.sol";
import "../common/FixidityLib.sol";
import "../common/Initializable.sol";
import "../common/interfaces/ICeloVersionedContract.sol";
import "../common/Signatures.sol";
import "../common/UsingRegistry.sol";
import "../common/libraries/ReentrancyGuard.sol";
contract Accounts is
IAccounts,
ICeloVersionedContract,
Ownable,
ReentrancyGuard,
Initializable,
UsingRegistry
{
using FixidityLib for FixidityLib.Fraction;
using SafeMath for uint256;
struct Signers {
// The address that is authorized to vote in governance and validator elections on behalf of the
// account. The account can vote as well, whether or not a vote signing key has been specified.
address vote;
// The address that is authorized to manage a validator or validator group and sign consensus
// messages on behalf of the account. The account can manage the validator, whether or not a
// validator signing key has been specified. However, if a validator signing key has been
// specified, only that key may actually participate in consensus.
address validator;
// The address of the key with which this account wants to sign attestations on the Attestations
// contract
address attestation;
}
struct SignerAuthorization {
bool started;
bool completed;
}
struct Account {
bool exists;
// [Deprecated] Each account may authorize signing keys to use for voting,
// validating or attestation. These keys may not be keys of other accounts,
// and may not be authorized by any other account for any purpose.
Signers signers;
// The address at which the account expects to receive transfers. If it's empty/0x0, the
// account indicates that an address exchange should be initiated with the dataEncryptionKey
address walletAddress;
// An optional human readable identifier for the account
string name;
// The ECDSA public key used to encrypt and decrypt data for this account
bytes dataEncryptionKey;
// The URL under which an account adds metadata and claims
string metadataURL;
}
struct PaymentDelegation {
// Address that should receive a fraction of validator payments.
address beneficiary;
// Fraction of payment to delegate to `beneficiary`.
FixidityLib.Fraction fraction;
}
mapping(address => Account) internal accounts;
// Maps authorized signers to the account that provided the authorization.
mapping(address => address) public authorizedBy;
// Default signers by account (replaces the legacy Signers struct on Account)
mapping(address => mapping(bytes32 => address)) defaultSigners;
// All signers and their roles for a given account
// solhint-disable-next-line max-line-length
mapping(address => mapping(bytes32 => mapping(address => SignerAuthorization))) signerAuthorizations;
bytes32 public constant EIP712_AUTHORIZE_SIGNER_TYPEHASH = keccak256(
"AuthorizeSigner(address account,address signer,bytes32 role)"
);
bytes32 public eip712DomainSeparator;
// A per-account list of CIP8 storage roots, bypassing CIP3.
mapping(address => bytes[]) public offchainStorageRoots;
// Optional per-account validator payment delegation information.
mapping(address => PaymentDelegation) internal paymentDelegations;
bytes32 constant ValidatorSigner = keccak256(abi.encodePacked("celo.org/core/validator"));
bytes32 constant AttestationSigner = keccak256(abi.encodePacked("celo.org/core/attestation"));
bytes32 constant VoteSigner = keccak256(abi.encodePacked("celo.org/core/vote"));
event AttestationSignerAuthorized(address indexed account, address signer);
event VoteSignerAuthorized(address indexed account, address signer);
event ValidatorSignerAuthorized(address indexed account, address signer);
event SignerAuthorized(address indexed account, address signer, bytes32 indexed role);
event SignerAuthorizationStarted(address indexed account, address signer, bytes32 indexed role);
event SignerAuthorizationCompleted(address indexed account, address signer, bytes32 indexed role);
event AttestationSignerRemoved(address indexed account, address oldSigner);
event VoteSignerRemoved(address indexed account, address oldSigner);
event ValidatorSignerRemoved(address indexed account, address oldSigner);
event IndexedSignerSet(address indexed account, address signer, bytes32 role);
event IndexedSignerRemoved(address indexed account, address oldSigner, bytes32 role);
event DefaultSignerSet(address indexed account, address signer, bytes32 role);
event DefaultSignerRemoved(address indexed account, address oldSigner, bytes32 role);
event LegacySignerSet(address indexed account, address signer, bytes32 role);
event LegacySignerRemoved(address indexed account, address oldSigner, bytes32 role);
event SignerRemoved(address indexed account, address oldSigner, bytes32 indexed role);
event AccountDataEncryptionKeySet(address indexed account, bytes dataEncryptionKey);
event AccountNameSet(address indexed account, string name);
event AccountMetadataURLSet(address indexed account, string metadataURL);
event AccountWalletAddressSet(address indexed account, address walletAddress);
event AccountCreated(address indexed account);
event OffchainStorageRootAdded(address indexed account, bytes url);
event OffchainStorageRootRemoved(address indexed account, bytes url, uint256 index);
event PaymentDelegationSet(address indexed beneficiary, uint256 fraction);
/**
* @notice Sets initialized == true on implementation contracts
* @param test Set to true to skip implementation initialization
*/
constructor(bool test) public Initializable(test) {}
/**
* @notice Returns the storage, major, minor, and patch version of the contract.
* @return Storage version of the contract.
* @return Major version of the contract.
* @return Minor version of the contract.
* @return Patch version of the contract.
*/
function getVersionNumber() external pure returns (uint256, uint256, uint256, uint256) {
return (1, 1, 4, 0);
}
/**
* @notice Used in place of the constructor to allow the contract to be upgradable via proxy.
* @param registryAddress The address of the registry core smart contract.
*/
function initialize(address registryAddress) external initializer {
_transferOwnership(msg.sender);
setRegistry(registryAddress);
setEip712DomainSeparator();
}
/**
* @notice Sets the EIP712 domain separator for the Celo Accounts abstraction.
*/
function setEip712DomainSeparator() public {
uint256 chainId;
assembly {
chainId := chainid
}
eip712DomainSeparator = keccak256(
abi.encode(
keccak256(
"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"
),
keccak256(bytes("Celo Core Contracts")),
keccak256("1.0"),
chainId,
address(this)
)
);
}
/**
* @notice Convenience Setter for the dataEncryptionKey and wallet address for an account
* @param name A string to set as the name of the account
* @param dataEncryptionKey secp256k1 public key for data encryption. Preferably compressed.
* @param walletAddress The wallet address to set for the account
* @param v The recovery id of the incoming ECDSA signature.
* @param r Output value r of the ECDSA signature.
* @param s Output value s of the ECDSA signature.
* @dev v, r, s constitute `signer`'s signature on `msg.sender` (unless the wallet address
* is 0x0 or msg.sender).
*/
function setAccount(
string calldata name,
bytes calldata dataEncryptionKey,
address walletAddress,
uint8 v,
bytes32 r,
bytes32 s
) external {
if (!isAccount(msg.sender)) {
createAccount();
}
setName(name);
setAccountDataEncryptionKey(dataEncryptionKey);
setWalletAddress(walletAddress, v, r, s);
}
/**
* @notice Creates an account.
* @return True if account creation succeeded.
*/
function createAccount() public returns (bool) {
require(isNotAccount(msg.sender) && isNotAuthorizedSigner(msg.sender), "Account exists");
Account storage account = accounts[msg.sender];
account.exists = true;
emit AccountCreated(msg.sender);
return true;
}
/**
* @notice Setter for the name of an account.
* @param name The name to set.
*/
function setName(string memory name) public {
require(isAccount(msg.sender), "Unknown account");
Account storage account = accounts[msg.sender];
account.name = name;
emit AccountNameSet(msg.sender, name);
}
/**
* @notice Setter for the wallet address for an account
* @param walletAddress The wallet address to set for the account
* @param v The recovery id of the incoming ECDSA signature.
* @param r Output value r of the ECDSA signature.
* @param s Output value s of the ECDSA signature.
* @dev Wallet address can be zero. This means that the owner of the wallet
* does not want to be paid directly without interaction, and instead wants users to
* contact them, using the data encryption key, and arrange a payment.
* @dev v, r, s constitute `signer`'s signature on `msg.sender` (unless the wallet address
* is 0x0 or msg.sender).
*/
function setWalletAddress(address walletAddress, uint8 v, bytes32 r, bytes32 s) public {
require(isAccount(msg.sender), "Unknown account");
if (!(walletAddress == msg.sender || walletAddress == address(0x0))) {
address signer = Signatures.getSignerOfAddress(msg.sender, v, r, s);
require(signer == walletAddress, "Invalid signature");
}
Account storage account = accounts[msg.sender];
account.walletAddress = walletAddress;
emit AccountWalletAddressSet(msg.sender, walletAddress);
}
/**
* @notice Setter for the data encryption key and version.
* @param dataEncryptionKey secp256k1 public key for data encryption. Preferably compressed.
*/
function setAccountDataEncryptionKey(bytes memory dataEncryptionKey) public {
require(dataEncryptionKey.length >= 33, "data encryption key length <= 32");
Account storage account = accounts[msg.sender];
account.dataEncryptionKey = dataEncryptionKey;
emit AccountDataEncryptionKeySet(msg.sender, dataEncryptionKey);
}
/**
* @notice Setter for the metadata of an account.
* @param metadataURL The URL to access the metadata.
*/
function setMetadataURL(string calldata metadataURL) external {
require(isAccount(msg.sender), "Unknown account");
Account storage account = accounts[msg.sender];
account.metadataURL = metadataURL;
emit AccountMetadataURLSet(msg.sender, metadataURL);
}
/**
* @notice Adds a new CIP8 storage root.
* @param url The URL pointing to the offchain storage root.
*/
function addStorageRoot(bytes calldata url) external {
require(isAccount(msg.sender), "Unknown account");
offchainStorageRoots[msg.sender].push(url);
emit OffchainStorageRootAdded(msg.sender, url);
}
/**
* @notice Removes a CIP8 storage root.
* @param index The index of the storage root to be removed in the account's
* list of storage roots.
* @dev The order of storage roots may change after this operation (the last
* storage root will be moved to `index`), be aware of this if removing
* multiple storage roots at a time.
*/
function removeStorageRoot(uint256 index) external {
require(isAccount(msg.sender), "Unknown account");
require(index < offchainStorageRoots[msg.sender].length, "Invalid storage root index");
uint256 lastIndex = offchainStorageRoots[msg.sender].length - 1;
bytes memory url = offchainStorageRoots[msg.sender][index];
offchainStorageRoots[msg.sender][index] = offchainStorageRoots[msg.sender][lastIndex];
offchainStorageRoots[msg.sender].length--;
emit OffchainStorageRootRemoved(msg.sender, url, index);
}
/**
* @notice Returns the full list of offchain storage roots for an account.
* @param account The account whose storage roots to return.
* @return Concatenated storage root URLs.
* @return Lengths of storage root URLs.
*/
function getOffchainStorageRoots(address account)
external
view
returns (bytes memory, uint256[] memory)
{
require(isAccount(account), "Unknown account");
uint256 numberRoots = offchainStorageRoots[account].length;
uint256 totalLength = 0;
for (uint256 i = 0; i < numberRoots; i++) {
totalLength = totalLength.add(offchainStorageRoots[account][i].length);
}
bytes memory concatenated = new bytes(totalLength);
uint256 lastIndex = 0;
uint256[] memory lengths = new uint256[](numberRoots);
for (uint256 i = 0; i < numberRoots; i++) {
bytes storage root = offchainStorageRoots[account][i];
lengths[i] = root.length;
for (uint256 j = 0; j < lengths[i]; j++) {
concatenated[lastIndex] = root[j];
lastIndex++;
}
}
return (concatenated, lengths);
}
/**
* @notice Sets validator payment delegation settings.
* @param beneficiary The address that should receive a portion of validator
* payments.
* @param fraction The fraction of the validator's payment that should be
* diverted to `beneficiary` every epoch, given as FixidityLib value. Must not
* be greater than 1.
* @dev Use `deletePaymentDelegation` to unset the payment delegation.
*/
function setPaymentDelegation(address beneficiary, uint256 fraction) public {
require(isAccount(msg.sender), "Not an account");
require(beneficiary != address(0), "Beneficiary cannot be address 0x0");
FixidityLib.Fraction memory f = FixidityLib.wrap(fraction);
require(f.lte(FixidityLib.fixed1()), "Fraction must not be greater than 1");
paymentDelegations[msg.sender] = PaymentDelegation(beneficiary, f);
emit PaymentDelegationSet(beneficiary, fraction);
}
/**
* @notice Removes a validator's payment delegation by setting benficiary and
* fraction to 0.
*/
function deletePaymentDelegation() public {
require(isAccount(msg.sender), "Not an account");
paymentDelegations[msg.sender] = PaymentDelegation(address(0x0), FixidityLib.wrap(0));
emit PaymentDelegationSet(address(0x0), 0);
}
/**
* @notice Gets validator payment delegation settings.
* @param account Account of the validator.
* @return Beneficiary address of payment delegated.
* @return Fraction of payment delegated.
*/
function getPaymentDelegation(address account) external view returns (address, uint256) {
PaymentDelegation storage delegation = paymentDelegations[account];
return (delegation.beneficiary, delegation.fraction.unwrap());
}
/**
* @notice Set the indexed signer for a specific role
* @param signer the address to set as default
* @param role the role to register a default signer for
*/
function setIndexedSigner(address signer, bytes32 role) public {
require(isAccount(msg.sender), "Not an account");
require(isNotAccount(signer), "Cannot authorize account as signer");
require(
isNotAuthorizedSignerForAnotherAccount(msg.sender, signer),
"Not a signer for this account"
);
require(isSigner(msg.sender, signer, role), "Must authorize signer before setting as default");
Account storage account = accounts[msg.sender];
if (isLegacyRole(role)) {
if (role == VoteSigner) {
account.signers.vote = signer;
} else if (role == AttestationSigner) {
account.signers.attestation = signer;
} else if (role == ValidatorSigner) {
account.signers.validator = signer;
}
emit LegacySignerSet(msg.sender, signer, role);
} else {
defaultSigners[msg.sender][role] = signer;
emit DefaultSignerSet(msg.sender, signer, role);
}
emit IndexedSignerSet(msg.sender, signer, role);
}
/**
* @notice Authorizes an address to act as a signer, for `role`, on behalf of the account.
* @param signer The address of the signing key to authorize.
* @param role The role to authorize signing for.
* @param v The recovery id of the incoming ECDSA signature.
* @param r Output value r of the ECDSA signature.
* @param s Output value s of the ECDSA signature.
* @dev v, r, s constitute `signer`'s EIP712 signature over `role`, `msg.sender`
* and `signer`.
*/
function authorizeSignerWithSignature(address signer, bytes32 role, uint8 v, bytes32 r, bytes32 s)
public
{
authorizeAddressWithRole(signer, role, v, r, s);
signerAuthorizations[msg.sender][role][signer] = SignerAuthorization({
started: true,
completed: true
});
emit SignerAuthorized(msg.sender, signer, role);
}
function legacyAuthorizeSignerWithSignature(
address signer,
bytes32 role,
uint8 v,
bytes32 r,
bytes32 s
) private {
authorizeAddress(signer, v, r, s);
signerAuthorizations[msg.sender][role][signer] = SignerAuthorization({
started: true,
completed: true
});
emit SignerAuthorized(msg.sender, signer, role);
}
/**
* @notice Authorizes an address to sign votes on behalf of the account.
* @param signer The address of the signing key to authorize.
* @param v The recovery id of the incoming ECDSA signature.
* @param r Output value r of the ECDSA signature.
* @param s Output value s of the ECDSA signature.
* @dev v, r, s constitute `signer`'s signature on `msg.sender`.
*/
function authorizeVoteSigner(address signer, uint8 v, bytes32 r, bytes32 s)
external
nonReentrant
{
legacyAuthorizeSignerWithSignature(signer, VoteSigner, v, r, s);
setIndexedSigner(signer, VoteSigner);
emit VoteSignerAuthorized(msg.sender, signer);
}
/**
* @notice Authorizes an address to sign consensus messages on behalf of the account.
* @param signer The address of the signing key to authorize.
* @param v The recovery id of the incoming ECDSA signature.
* @param r Output value r of the ECDSA signature.
* @param s Output value s of the ECDSA signature.
* @dev v, r, s constitute `signer`'s signature on `msg.sender`.
*/
function authorizeValidatorSigner(address signer, uint8 v, bytes32 r, bytes32 s)
external
nonReentrant
{
legacyAuthorizeSignerWithSignature(signer, ValidatorSigner, v, r, s);
setIndexedSigner(signer, ValidatorSigner);
require(!getValidators().isValidator(msg.sender), "Cannot authorize validator signer");
emit ValidatorSignerAuthorized(msg.sender, signer);
}
/**
* @notice Authorizes an address to sign consensus messages on behalf of the account.
* @param signer The address of the signing key to authorize.
* @param v The recovery id of the incoming ECDSA signature.
* @param r Output value r of the ECDSA signature.
* @param s Output value s of the ECDSA signature.
* @param ecdsaPublicKey The ECDSA public key corresponding to `signer`.
* @dev v, r, s constitute `signer`'s signature on `msg.sender`.
*/
function authorizeValidatorSignerWithPublicKey(
address signer,
uint8 v,
bytes32 r,
bytes32 s,
bytes calldata ecdsaPublicKey
) external nonReentrant {
legacyAuthorizeSignerWithSignature(signer, ValidatorSigner, v, r, s);
setIndexedSigner(signer, ValidatorSigner);
require(
getValidators().updateEcdsaPublicKey(msg.sender, signer, ecdsaPublicKey),
"Failed to update ECDSA public key"
);
emit ValidatorSignerAuthorized(msg.sender, signer);
}
/**
* @notice Authorizes an address to sign consensus messages on behalf of the account.
* @param signer The address of the signing key to authorize.
* @param ecdsaPublicKey The ECDSA public key corresponding to `signer`.
* @param blsPublicKey The BLS public key that the validator is using for consensus, should pass
* proof of possession. 96 bytes.
* @param blsPop The BLS public key proof-of-possession, which consists of a signature on the
* account address. 48 bytes.
* @param v The recovery id of the incoming ECDSA signature.
* @param r Output value r of the ECDSA signature.
* @param s Output value s of the ECDSA signature.
* @dev v, r, s constitute `signer`'s signature on `msg.sender`.
*/
function authorizeValidatorSignerWithKeys(
address signer,
uint8 v,
bytes32 r,
bytes32 s,
bytes calldata ecdsaPublicKey,
bytes calldata blsPublicKey,
bytes calldata blsPop
) external nonReentrant {
legacyAuthorizeSignerWithSignature(signer, ValidatorSigner, v, r, s);
setIndexedSigner(signer, ValidatorSigner);
require(
getValidators().updatePublicKeys(msg.sender, signer, ecdsaPublicKey, blsPublicKey, blsPop),
"Failed to update validator keys"
);
emit ValidatorSignerAuthorized(msg.sender, signer);
}
/**
* @notice Authorizes an address to sign attestations on behalf of the account.
* @param signer The address of the signing key to authorize.
* @param v The recovery id of the incoming ECDSA signature.
* @param r Output value r of the ECDSA signature.
* @param s Output value s of the ECDSA signature.
* @dev v, r, s constitute `signer`'s signature on `msg.sender`.
*/
function authorizeAttestationSigner(address signer, uint8 v, bytes32 r, bytes32 s) public {
legacyAuthorizeSignerWithSignature(signer, AttestationSigner, v, r, s);
setIndexedSigner(signer, AttestationSigner);
emit AttestationSignerAuthorized(msg.sender, signer);
}
/**
* @notice Begin the process of authorizing an address to sign on behalf of the account
* @param signer The address of the signing key to authorize.
* @param role The role to authorize signing for.
*/
function authorizeSigner(address signer, bytes32 role) public {
require(isAccount(msg.sender), "Unknown account");
require(
isNotAccount(signer) && isNotAuthorizedSignerForAnotherAccount(msg.sender, signer),
"Cannot re-authorize address signer"
);
signerAuthorizations[msg.sender][role][signer] = SignerAuthorization({
started: true,
completed: false
});
emit SignerAuthorizationStarted(msg.sender, signer, role);
}
/**
* @notice Finish the process of authorizing an address to sign on behalf of the account.
* @param account The address of account that authorized signing.
* @param role The role to finish authorizing for.
*/
function completeSignerAuthorization(address account, bytes32 role) public {
require(isAccount(account), "Unknown account");
require(
isNotAccount(msg.sender) && isNotAuthorizedSignerForAnotherAccount(account, msg.sender),
"Cannot re-authorize address signer"
);
require(
signerAuthorizations[account][role][msg.sender].started == true,
"Signer authorization not started"
);
authorizedBy[msg.sender] = account;
signerAuthorizations[account][role][msg.sender].completed = true;
emit SignerAuthorizationCompleted(account, msg.sender, role);
}
/**
* @notice Whether or not the signer has been registered as the legacy signer for role
* @param _account The address of account that authorized signing.
* @param signer The address of the signer.
* @param role The role that has been authorized.
*/
function isLegacySigner(address _account, address signer, bytes32 role)
public
view
returns (bool)
{
Account storage account = accounts[_account];
if (role == ValidatorSigner && account.signers.validator == signer) {
return true;
} else if (role == AttestationSigner && account.signers.attestation == signer) {
return true;
} else if (role == VoteSigner && account.signers.vote == signer) {
return true;
} else {
return false;
}
}
/**
* @notice Whether or not the signer has been registered as the default signer for role
* @param account The address of account that authorized signing.
* @param signer The address of the signer.
* @param role The role that has been authorized.
*/
function isDefaultSigner(address account, address signer, bytes32 role)
public
view
returns (bool)
{
return defaultSigners[account][role] == signer;
}
/**
* @notice Whether or not the signer has been registered as an indexed signer for role
* @param account The address of account that authorized signing.
* @param signer The address of the signer.
* @param role The role that has been authorized.
*/
function isIndexedSigner(address account, address signer, bytes32 role)
public
view
returns (bool)
{
return
isLegacyRole(role)
? isLegacySigner(account, signer, role)
: isDefaultSigner(account, signer, role);
}
/**
* @notice Whether or not the signer has been registered as a signer for role
* @param account The address of account that authorized signing.
* @param signer The address of the signer.
* @param role The role that has been authorized.
*/
function isSigner(address account, address signer, bytes32 role) public view returns (bool) {
return
isLegacySigner(account, signer, role) ||
(signerAuthorizations[account][role][signer].completed && authorizedBy[signer] == account);
}
/**
* @notice Removes the signer for a default role.
* @param role The role that has been authorized.
*/
function removeDefaultSigner(bytes32 role) public {
address signer = defaultSigners[msg.sender][role];
defaultSigners[msg.sender][role] = address(0);
emit DefaultSignerRemoved(msg.sender, signer, role);
}
/**
* @notice Remove one of the Validator, Attestation or
* Vote signers from an account. Should only be called from
* methods that check the role is a legacy signer.
* @param role The role that has been authorized.
*/
function removeLegacySigner(bytes32 role) private {
Account storage account = accounts[msg.sender];
address signer;
if (role == ValidatorSigner) {
signer = account.signers.validator;
account.signers.validator = address(0);
} else if (role == AttestationSigner) {
signer = account.signers.attestation;
account.signers.attestation = address(0);
} else if (role == VoteSigner) {
signer = account.signers.vote;
account.signers.vote = address(0);
}
emit LegacySignerRemoved(msg.sender, signer, role);
}
/**
* @notice Removes the currently authorized and indexed signer
* for a specific role
* @param role The role of the signer.
*/
function removeIndexedSigner(bytes32 role) public {
address oldSigner = getIndexedSigner(msg.sender, role);
isLegacyRole(role) ? removeLegacySigner(role) : removeDefaultSigner(role);
emit IndexedSignerRemoved(msg.sender, oldSigner, role);
}
/**
* @notice Removes the currently authorized signer for a specific role and
* if the signer is indexed, remove that as well.
* @param signer The address of the signer.
* @param role The role that has been authorized.
*/
function removeSigner(address signer, bytes32 role) public {
if (isIndexedSigner(msg.sender, signer, role)) {
removeIndexedSigner(role);
}
delete signerAuthorizations[msg.sender][role][signer];
emit SignerRemoved(msg.sender, signer, role);
}
/**
* @notice Removes the currently authorized vote signer for the account.
* Note that the signers cannot be reauthorized after they have been removed.
*/
function removeVoteSigner() public {
address signer = getLegacySigner(msg.sender, VoteSigner);
removeSigner(signer, VoteSigner);
emit VoteSignerRemoved(msg.sender, signer);
}
/**
* @notice Removes the currently authorized validator signer for the account
* Note that the signers cannot be reauthorized after they have been removed.
*/
function removeValidatorSigner() public {
address signer = getLegacySigner(msg.sender, ValidatorSigner);
removeSigner(signer, ValidatorSigner);
emit ValidatorSignerRemoved(msg.sender, signer);
}
/**
* @notice Removes the currently authorized attestation signer for the account
* Note that the signers cannot be reauthorized after they have been removed.
*/
function removeAttestationSigner() public {
address signer = getLegacySigner(msg.sender, AttestationSigner);
removeSigner(signer, AttestationSigner);
emit AttestationSignerRemoved(msg.sender, signer);
}
function signerToAccountWithRole(address signer, bytes32 role) internal view returns (address) {
address account = authorizedBy[signer];
if (account != address(0)) {
require(isSigner(account, signer, role), "not active authorized signer for role");
return account;
}
require(isAccount(signer), "not an account");
return signer;
}
/**
* @notice Returns the account associated with `signer`.
* @param signer The address of the account or currently authorized attestation signer.
* @dev Fails if the `signer` is not an account or currently authorized attestation signer.
* @return The associated account.
*/
function attestationSignerToAccount(address signer) external view returns (address) {
return signerToAccountWithRole(signer, AttestationSigner);
}
/**
* @notice Returns the account associated with `signer`.
* @param signer The address of an account or currently authorized validator signer.
* @dev Fails if the `signer` is not an account or currently authorized validator.
* @return The associated account.
*/
function validatorSignerToAccount(address signer) public view returns (address) {
return signerToAccountWithRole(signer, ValidatorSigner);
}
/**
* @notice Returns the account associated with `signer`.
* @param signer The address of the account or currently authorized vote signer.
* @dev Fails if the `signer` is not an account or currently authorized vote signer.
* @return The associated account.
*/
function voteSignerToAccount(address signer) external view returns (address) {
return signerToAccountWithRole(signer, VoteSigner);
}
/**
* @notice Returns the account associated with `signer`.
* @param signer The address of the account or previously authorized signer.
* @dev Fails if the `signer` is not an account or previously authorized signer.
* @return The associated account.
*/
function signerToAccount(address signer) external view returns (address) {
address authorizingAccount = authorizedBy[signer];
if (authorizingAccount != address(0)) {
return authorizingAccount;
} else {
require(isAccount(signer), "Not an account");
return signer;
}
}
/**
* @notice Checks whether the role is one of Vote, Validator or Attestation
* @param role The role to check
*/
function isLegacyRole(bytes32 role) public pure returns (bool) {
return role == VoteSigner || role == ValidatorSigner || role == AttestationSigner;
}
/**
* @notice Returns the legacy signer for the specified account and
* role. If no signer has been specified it will return the account itself.
* @param _account The address of the account.
* @param role The role of the signer.
*/
function getLegacySigner(address _account, bytes32 role) public view returns (address) {
require(isLegacyRole(role), "Role is not a legacy signer");
Account storage account = accounts[_account];
address signer;
if (role == ValidatorSigner) {
signer = account.signers.validator;
} else if (role == AttestationSigner) {
signer = account.signers.attestation;
} else if (role == VoteSigner) {
signer = account.signers.vote;
}
return signer == address(0) ? _account : signer;
}
/**
* @notice Returns the default signer for the specified account and
* role. If no signer has been specified it will return the account itself.
* @param account The address of the account.
* @param role The role of the signer.
*/
function getDefaultSigner(address account, bytes32 role) public view returns (address) {
address defaultSigner = defaultSigners[account][role];
return defaultSigner == address(0) ? account : defaultSigner;
}
/**
* @notice Returns the indexed signer for the specified account and role.
* If no signer has been specified it will return the account itself.
* @param account The address of the account.
* @param role The role of the signer.
*/
function getIndexedSigner(address account, bytes32 role) public view returns (address) {
return isLegacyRole(role) ? getLegacySigner(account, role) : getDefaultSigner(account, role);
}
/**
* @notice Returns the vote signer for the specified account.
* @param account The address of the account.
* @return The address with which the account can sign votes.
*/
function getVoteSigner(address account) public view returns (address) {
return getLegacySigner(account, VoteSigner);
}
/**
* @notice Returns the validator signer for the specified account.
* @param account The address of the account.
* @return The address with which the account can register a validator or group.
*/
function getValidatorSigner(address account) public view returns (address) {
return getLegacySigner(account, ValidatorSigner);
}
/**
* @notice Returns the attestation signer for the specified account.
* @param account The address of the account.
* @return The address with which the account can sign attestations.
*/
function getAttestationSigner(address account) public view returns (address) {
return getLegacySigner(account, AttestationSigner);
}
/**
* @notice Checks whether or not the account has an indexed signer
* registered for one of the legacy roles
*/
function hasLegacySigner(address account, bytes32 role) public view returns (bool) {
return getLegacySigner(account, role) != account;
}
/**
* @notice Checks whether or not the account has an indexed signer
* registered for a role
*/
function hasDefaultSigner(address account, bytes32 role) public view returns (bool) {
return getDefaultSigner(account, role) != account;
}
/**
* @notice Checks whether or not the account has an indexed signer
* registered for the role
*/
function hasIndexedSigner(address account, bytes32 role) public view returns (bool) {
return isLegacyRole(role) ? hasLegacySigner(account, role) : hasDefaultSigner(account, role);
}
/**
* @notice Checks whether or not the account has a signer
* registered for the plaintext role.
* @dev See `hasIndexedSigner` for more gas efficient call.
*/
function hasAuthorizedSigner(address account, string calldata role) external view returns (bool) {
return hasIndexedSigner(account, keccak256(abi.encodePacked(role)));
}
/**
* @notice Returns if account has specified a dedicated vote signer.
* @param account The address of the account.
* @return Whether the account has specified a dedicated vote signer.
*/
function hasAuthorizedVoteSigner(address account) external view returns (bool) {
return hasLegacySigner(account, VoteSigner);
}
/**
* @notice Returns if account has specified a dedicated validator signer.
* @param account The address of the account.
* @return Whether the account has specified a dedicated validator signer.
*/
function hasAuthorizedValidatorSigner(address account) external view returns (bool) {
return hasLegacySigner(account, ValidatorSigner);
}
/**
* @notice Returns if account has specified a dedicated attestation signer.
* @param account The address of the account.
* @return Whether the account has specified a dedicated attestation signer.
*/
function hasAuthorizedAttestationSigner(address account) external view returns (bool) {
return hasLegacySigner(account, AttestationSigner);
}
/**
* @notice Getter for the name of an account.
* @param account The address of the account to get the name for.
* @return name The name of the account.
*/
function getName(address account) external view returns (string memory) {
return accounts[account].name;
}
/**
* @notice Getter for the metadata of an account.
* @param account The address of the account to get the metadata for.
* @return metadataURL The URL to access the metadata.
*/
function getMetadataURL(address account) external view returns (string memory) {
return accounts[account].metadataURL;
}
/**
* @notice Getter for the metadata of multiple accounts.
* @param accountsToQuery The addresses of the accounts to get the metadata for.
* @return The length of each string in bytes.
* @return All strings concatenated.
*/
function batchGetMetadataURL(address[] calldata accountsToQuery)
external
view
returns (uint256[] memory, bytes memory)
{
uint256 totalSize = 0;
uint256[] memory sizes = new uint256[](accountsToQuery.length);
for (uint256 i = 0; i < accountsToQuery.length; i = i.add(1)) {
sizes[i] = bytes(accounts[accountsToQuery[i]].metadataURL).length;
totalSize = totalSize.add(sizes[i]);
}
bytes memory data = new bytes(totalSize);
uint256 pointer = 0;
for (uint256 i = 0; i < accountsToQuery.length; i = i.add(1)) {
for (uint256 j = 0; j < sizes[i]; j = j.add(1)) {
data[pointer] = bytes(accounts[accountsToQuery[i]].metadataURL)[j];
pointer = pointer.add(1);
}
}
return (sizes, data);
}
/**
* @notice Getter for the data encryption key and version.
* @param account The address of the account to get the key for
* @return dataEncryptionKey secp256k1 public key for data encryption. Preferably compressed.
*/
function getDataEncryptionKey(address account) external view returns (bytes memory) {
return accounts[account].dataEncryptionKey;
}
/**
* @notice Getter for the wallet address for an account
* @param account The address of the account to get the wallet address for
* @return Wallet address
*/
function getWalletAddress(address account) external view returns (address) {
return accounts[account].walletAddress;
}
/**
* @notice Check if an account already exists.
* @param account The address of the account