World Marionette #42
Labels
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
World admins have unlimited authority in to modify the world, including setting arbitrary state, upgrading contracts, etc. This is a useful functionality in the early days of the worlds deployment but can be a liability in certain cases. Currently, it is only possible to have unlimited power or none at all. This issue is to create a proxy contract that would take ownership of a world, enabling progressive decentralization of world administration over time.
The basic idea is to wrap the permissioned endpoints in a proxy contract that will be the world admin. The Marionette contract should support the ability to gate calls to these endpoints based on an exception list.
For example, in the case of
set_entity
, the owner of the Marionette contract can setmodel
exceptions that will prevent the world admin from writing directly to those models. For example, if the world had a erc20 token deployed to it, it could add the erc20 balance model as an exemption which would prevent the admin from modifying that state. The same should be possible for preventing upgrades of particular contracts by the admin.This will enable world admins to progressively decentralize the operation of the world by selectively making different resources immutable.
An additional feature that could be useful, is to support timelocks for exceptions, so the admin could be able to upgrade and erc20 contract implementation but could be subject to a
t
day timelock.The permissioned endpoints to proxy:
Addition interfaces:
OwnableTwoStep
https://github.com/OpenZeppelin/cairo-contracts/blob/44b5259ca316c4a7931e8ca77699bb3c00c70a54/src/access/ownable/interface.cairo#L20
In the token example, if the model is
erc20_balance
and the contract iserc20
, to make the contract immutable, the admin would callfreeze
on the model and contract resources. Then any permissioned endpoints that interact with models / contracts will assert the exemption criteria before proxying the call to the underlying world.The text was updated successfully, but these errors were encountered: