-
Notifications
You must be signed in to change notification settings - Fork 369
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CIP10 contracts changes #5913
CIP10 contracts changes #5913
Conversation
51aa6c8
to
53b8cac
Compare
53b8cac
to
fdb3ea3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
haven't been able to look at the tests yet but in the spirit of throughput initiatives, lets try and make some gas optimizations first
* @param _account The address of account that authorized signing. | ||
* @param role The role to finish authorizing for. | ||
*/ | ||
function completeSignerAuthorization(address _account, string memory role) public { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe I'm not familiar enough with CIP10 but why separate authorize
and complete
, and why limit this to only signer == msg.sender
?
what is the downside to someone authorizing and completing you as a signer on your behalf?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a double opt-in. Like we have for our existing roles. You don't really want to allow the "burning" of an address in this scheme without their consent
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree that it's a little confusing. I guess there's two things at play here
- the act of proving you own an address
- setting that address as an authorised signer for an account.
Our system treats those two as one step currently. One question to ask is why have authorizeSignerWithSignature
at all? The answer being we want to prove proof of possession before saying XXX was authorised by YYY.
Having completeSignerAuthorization
is just the proof of possession for SC addresses.
Account storage account = accounts[_account]; | ||
|
||
address signer; | ||
if (keccak256(abi.encodePacked(role)) == keccak256(abi.encodePacked(ValidatorSigner))) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there is a lot of redundancy in these if/elses (switch)
can we abstract?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TBH I don't see how. We have this switch block in four places but I'm not sure what an extracted function would look like as we're doing different things each time.
} | ||
|
||
function hasDefaultSigner(address account, string memory role) public view returns (bool) { | ||
require(isAccount(account)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
eth_call
reverting isn't super useful imo
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if the view is used on a non-view function tho?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🙏
* @param _account The address of the account. | ||
* @param role The role of the signer. | ||
*/ | ||
function getDefaultSigner(address _account, string memory role) public view returns (address) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
diito on separating for gas efficiency
} | ||
|
||
function hasDefaultSigner(address account, string memory role) public view returns (bool) { | ||
require(isAccount(account)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if the view is used on a non-view function tho?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Stopping in on my way to understand CIP-10 for account recovery purposes 👋 I have some comments as a bit of an outsider to this work and hopefully its helpful.
I see that the |
9deb46a
to
b7742f1
Compare
This reverts commit e087d13.
…e walletAddress) without being messy
e031172
to
6bec2ff
Compare
Description
For more context take a look at CIP10. There's so many commits as there was a lot of back and forth on implementation details.
Other changes
N/A.
Tested
Added an extensive matrix of tests to test this for backwards compatibility.
Related issues
Other changes
Accounts.sol
is nowInitializableV2
.Backwards compatibility
These changes are backwards compatible.