feat(contract): add ScrollOwner

common/version/version.go

@@ -6,7 +6,7 @@ import (
 	"strings"
 )
 
-var tag = "v4.1.53"
+var tag = "v4.1.54"
 
 var commit = func() string {
 	if info, ok := debug.ReadBuildInfo(); ok {

contracts/src/misc/ScrollOwner.sol

@@ -0,0 +1,130 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.0;
+
+import {AccessControlEnumerable} from "@openzeppelin/contracts/access/AccessControlEnumerable.sol";
+import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
+
+// solhint-disable no-empty-blocks
+
+contract ScrollOwner is AccessControlEnumerable {
+    using EnumerableSet for EnumerableSet.Bytes32Set;
+
+    /*************
+     * Variables *
+     *************/
+
+    /// @notice Mapping from target address to selector to the list of accessible roles.
+    mapping(address => mapping(bytes4 => EnumerableSet.Bytes32Set)) private targetAccess;
+
+    /**********************
+     * Function Modifiers *
+     **********************/
+
+    modifier hasAccess(
+        address _target,
+        bytes4 _selector,
+        bytes32 _role
+    ) {
+        // admin has access to all methods
+        require(_role == DEFAULT_ADMIN_ROLE || targetAccess[_target][_selector].contains(_role), "no access");
+        _;
+    }
+
+    /***************
+     * Constructor *
+     ***************/
+
+    constructor() {
+        _grantRole(DEFAULT_ADMIN_ROLE, msg.sender);
+    }
+
+    /*************************
+     * Public View Functions *
+     *************************/
+
+    /// @notice Return a list of roles which has access to the function.
+    /// @param _target The address of target contract.
+    /// @param _selector The function selector to query.
+    /// @return _roles The list of roles.
+    function callableRoles(address _target, bytes4 _selector) external view returns (bytes32[] memory _roles) {
+        EnumerableSet.Bytes32Set storage _lists = targetAccess[_target][_selector];
+        _roles = new bytes32[](_lists.length());
+        for (uint256 i = 0; i < _roles.length; i++) {
+            _roles[i] = _lists.at(i);
+        }
+    }
+
+    /*****************************
+     * Public Mutating Functions *
+     *****************************/
+
+    /// @notice Perform a function call from arbitrary role.
+    /// @param _target The address of target contract.
+    /// @param _value The value passing to target contract.
+    /// @param _data The calldata passing to target contract.
+    /// @param _role The expected role of the caller.
+    function execute(
+        address _target,
+        uint256 _value,
+        bytes calldata _data,
+        bytes32 _role
+    ) public payable onlyRole(_role) hasAccess(_target, bytes4(_data[0:4]), _role) {
+        _execute(_target, _value, _data);
+    }
+
+    // allow others to send ether to this contract.
+    receive() external payable {}
+
+    /************************
+     * Restricted Functions *
+     ************************/
+
+    /// @notice Update the access to target contract.
+    /// @param _target The address of target contract.
+    /// @param _selectors The list of function selectors to update.
+    /// @param _role The role to change.
+    /// @param _status True if we are going to add the role, otherwise remove the role.
+    function updateAccess(
+        address _target,
+        bytes4[] memory _selectors,
+        bytes32 _role,
+        bool _status
+    ) external onlyRole(DEFAULT_ADMIN_ROLE) {
+        if (_status) {
+            for (uint256 i = 0; i < _selectors.length; i++) {
+                targetAccess[_target][_selectors[i]].add(_role);
+            }
+        } else {
+            for (uint256 i = 0; i < _selectors.length; i++) {
+                targetAccess[_target][_selectors[i]].remove(_role);
+            }
+        }
+    }
+
+    /**********************
+     * Internal Functions *
+     **********************/
+
+    /// @dev Internal function to call contract. If the call reverted, the error will be popped up.
+    /// @param _target The address of target contract.
+    /// @param _value The value passing to target contract.
+    /// @param _data The calldata passing to target contract.
+    function _execute(
+        address _target,
+        uint256 _value,
+        bytes calldata _data
+    ) internal {
+        // solhint-disable-next-line avoid-low-level-calls
+        (bool success, ) = address(_target).call{value: _value}(_data);
+        if (!success) {
+            // solhint-disable-next-line no-inline-assembly
+            assembly {
+                let ptr := mload(0x40)
+                let size := returndatasize()
+                returndatacopy(ptr, 0, size)
+                revert(ptr, size)
+            }
+        }
+    }
+}

contracts/src/test/ScrollOwner.t.sol

@@ -0,0 +1,87 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.0;
+
+import {DSTestPlus} from "solmate/test/utils/DSTestPlus.sol";
+
+import {ScrollOwner} from "../misc/ScrollOwner.sol";
+
+contract ScrollOwnerTest is DSTestPlus {
+    event Call();
+
+    ScrollOwner private owner;
+
+    function setUp() public {
+        owner = new ScrollOwner();
+    }
+
+    function testUpdateAccess() external {
+        // not admin, evert
+        hevm.startPrank(address(1));
+        hevm.expectRevert(
+            "AccessControl: account 0x0000000000000000000000000000000000000001 is missing role 0x0000000000000000000000000000000000000000000000000000000000000000"
+        );
+        owner.updateAccess(address(0), new bytes4[](0), bytes32(0), true);
+        hevm.stopPrank();
+
+        bytes4[] memory _selectors;
+        bytes32[] memory _roles;
+
+        // add access then remove access
+        _roles = owner.callableRoles(address(this), ScrollOwnerTest.revertOnCall.selector);
+        assertEq(0, _roles.length);
+        _selectors = new bytes4[](1);
+        _selectors[0] = ScrollOwnerTest.revertOnCall.selector;
+        owner.updateAccess(address(this), _selectors, bytes32(uint256(1)), true);
+        _roles = owner.callableRoles(address(this), ScrollOwnerTest.revertOnCall.selector);
+        assertEq(1, _roles.length);
+        assertEq(_roles[0], bytes32(uint256(1)));
+        owner.updateAccess(address(this), _selectors, bytes32(uint256(1)), false);
+        _roles = owner.callableRoles(address(this), ScrollOwnerTest.revertOnCall.selector);
+        assertEq(0, _roles.length);
+    }
+
+    function testAdminExecute() external {
+        // call with revert
+        hevm.expectRevert("Called");
+        owner.execute(address(this), 0, abi.encodeWithSelector(ScrollOwnerTest.revertOnCall.selector), bytes32(0));
+
+        // call with emit
+        hevm.expectEmit(false, false, false, true);
+        emit Call();
+        owner.execute(address(this), 0, abi.encodeWithSelector(ScrollOwnerTest.emitOnCall.selector), bytes32(0));
+    }
+
+    function testExecute(bytes32 _role) external {
+        hevm.assume(_role != bytes32(0));
+
+        bytes4[] memory _selectors = new bytes4[](2);
+        _selectors[0] = ScrollOwnerTest.revertOnCall.selector;
+        _selectors[1] = ScrollOwnerTest.emitOnCall.selector;
+
+        owner.grantRole(_role, address(this));
+
+        // no access, revert
+        hevm.expectRevert("no access");
+        owner.execute(address(this), 0, abi.encodeWithSelector(ScrollOwnerTest.revertOnCall.selector), _role);
+
+        owner.updateAccess(address(this), _selectors, _role, true);
+
+        // call with revert
+        hevm.expectRevert("Called");
+        owner.execute(address(this), 0, abi.encodeWithSelector(ScrollOwnerTest.revertOnCall.selector), _role);
+
+        // call with emit
+        hevm.expectEmit(false, false, false, true);
+        emit Call();
+        owner.execute(address(this), 0, abi.encodeWithSelector(ScrollOwnerTest.emitOnCall.selector), _role);
+    }
+
+    function revertOnCall() external pure {
+        revert("Called");
+    }
+
+    function emitOnCall() external {
+        emit Call();
+    }
+}