World Marionette

[tarrencev]

World admins have unlimited authority in to modify the world, including setting arbitrary state, upgrading contracts, etc. This is a useful functionality in the early days of the worlds deployment but can be a liability in certain cases. Currently, it is only possible to have unlimited power or none at all. This issue is to create a proxy contract that would take ownership of a world, enabling progressive decentralization of world administration over time.

The basic idea is to wrap the permissioned endpoints in a proxy contract that will be the world admin. The Marionette contract should support the ability to gate calls to these endpoints based on an exception list.

For example, in the case of set_entity, the owner of the Marionette contract can set model exceptions that will prevent the world admin from writing directly to those models. For example, if the world had a erc20 token deployed to it, it could add the erc20 balance model as an exemption which would prevent the admin from modifying that state. The same should be possible for preventing upgrades of particular contracts by the admin.

This will enable world admins to progressively decentralize the operation of the world by selectively making different resources immutable.

An additional feature that could be useful, is to support timelocks for exceptions, so the admin could be able to upgrade and erc20 contract implementation but could be subject to a t day timelock.

The permissioned endpoints to proxy:

    fn set_entity(
        ref self: T,
        model: felt252,
        keys: Span<felt252>,
        offset: u8,
        values: Span<felt252>,
        layout: Span<u8>
    );
    fn delete_entity(ref self: T, model: felt252, keys: Span<felt252>, layout: Span<u8>);
    fn upgrade_contract(ref self: T, address: ContractAddress, class_hash: ClassHash) -> ClassHash;
    fn set_executor(ref self: T, contract_address: ContractAddress);
    fn upgrade(ref self: T, new_class_hash: ClassHash);
    fn grant_owner(ref self: T, address: ContractAddress, resource: felt252);
    fn revoke_owner(ref self: T, address: ContractAddress, resource: felt252);
    fn grant_writer(ref self: T, model: felt252, contract: ContractAddress);
    fn revoke_writer(ref self: T, model: felt252, contract: ContractAddress);

Addition interfaces:

OwnableTwoStep
https://github.com/OpenZeppelin/cairo-contracts/blob/44b5259ca316c4a7931e8ca77699bb3c00c70a54/src/access/ownable/interface.cairo#L20

#[starknet::interface]
trait IMarionetteFreeze<TState> {
    fn freeze(ref self: TState, resource: felt252, timelock: felt252);
}

In the token example, if the model is erc20_balance and the contract is erc20, to make the contract immutable, the admin would call freeze on the model and contract resources. Then any permissioned endpoints that interact with models / contracts will assert the exemption criteria before proxying the call to the underlying world.

[ebukizy1]

will love to work on this can i be assign this task

[PedroRosalba]

@tarrencev Can I work on this?

[jsanchez556]

I am applying to this issue via OnlyDust platform.

My background and how it can be leveraged

Hi, my name is Jose Mario. I am a developer with over 15 years of experience. I am currently eager to contribute to open-source projects and Im deeply engaged in web3 and smart contracts development (Rust, Cairo, and Solidity). My most recent role was as a senior backend developer, where I specialized in technologies such as Node.js, JavaScript, TypeScript, among many others.

How I plan on tackling this issue

1. Develop a Marionette Proxy Contract:

   • Create a contract that functions as the Marionette proxy, capable of managing permissioned endpoints.

2. Implement Proxy Functions:

   • Develop proxy functions for each permissioned endpoint:
     • set_entity
     • delete_entity
     • upgrade_contract
     • set_executor
     • upgrade
     • grant_owner
     • revoke_owner
     • grant_writer
     • revoke_writer

3. Manage Exceptions for Models and Contracts:

   • Implement functionality to add and remove exceptions for specific models and contracts.
   • Exceptions should prevent the world admin from modifying certain states or upgrading specific contracts.
   • Consider creating an interface for managing these exceptions effectively.

4. Develop a Timelock Mechanism for Exceptions:

   • Implement functionality to set a timelock on modifications or upgrades.
   • Ensure this mechanism supports managing exceptions.

5. Integrate Secure Ownership Transfers:

   • Use the OwnableTwoStep interface to manage ownership transfers securely.

6. Implement Resource Freezing with Timelocks:

   • Support freezing resources with a timelock by implementing the IMarionetteFreeze interface.

7. Create Comprehensive Test Cases:

   • Develop test cases to validate the functionality of each proxy function, exception list management, and timelock mechanism.