Skip to content
This repository has been archived by the owner on Sep 9, 2024. It is now read-only.

Commit

Permalink
Merge pull request #71 from pentagonxyz/fix/v1
Browse files Browse the repository at this point in the history
  • Loading branch information
@refcell
refcell authored Sep 27, 2022
2 parents a8b0009 + c36511e commit 3a81d5a
Show file tree
Hide file tree
Showing 29 changed files with 238 additions and 200 deletions.
4 changes: 4 additions & 0 deletions foundry.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ libs = ['lib']
ffi = true
fuzz_runs = 1000
fs_permissions = [
{ access = "read", path = "./test/auth/mocks/AuthWrappers.huff" },
{ access = "read", path = "./test/auth/mocks/OwnedWrappers.huff" },
{ access = "read", path = "./test/auth/mocks/RolesAuthorityWrappers.huff" },

{ access = "read", path = "./test/data-structures/mocks/ArrayWrappers.huff" },
{ access = "read", path = "./test/data-structures/mocks/HashmapWrappers.huff" },

Expand Down
2 changes: 1 addition & 1 deletion lib/forge-std
Submodule forge-std updated 1 files
+5 −0 src/Vm.sol
79 changes: 40 additions & 39 deletions src/auth/Auth.huff
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,42 +24,42 @@
#define constant AUTHORITY = FREE_STORAGE_POINTER()

/// @notice Constructor
#define macro CONSTRUCTOR() = takes (0) returns (0) {
#define macro AUTH_CONSTRUCTOR() = takes (0) returns (0) {
// Copy the owner into memory
0x20 // [size] - byte size to copy
0x40 codesize sub // [offset, size] - offset in the code to copy from
0x00 // [mem, offset, size] - offset in memory to copy to
codecopy // []
0x20 // [size] - byte size to copy
0x40 codesize sub // [offset, size] - offset in the code to copy from
0x00 // [mem, offset, size] - offset in memory to copy to
codecopy // []

// Copy the authority into memory
0x20 // [size] - byte size to copy
0x20 codesize sub // [offset, size] - offset in the code to copy from
0x20 // [mem, offset, size] - offset in memory to copy to
codecopy // []
0x20 // [size] - byte size to copy
0x20 codesize sub // [offset, size] - offset in the code to copy from
0x20 // [mem, offset, size] - offset in memory to copy to
codecopy // []

// Set the new owner
0x00 mload // [owner]
dup1 // [owner, owner]
[OWNER] // [OWNER, owner, owner]
sstore // [owner]
0x00 mload // [owner]
dup1 // [owner, owner]
[OWNER] // [OWNER, owner, owner]
sstore // [owner]

// Set the new Authority
0x20 mload // [authority, owner]
dup1 // [authority, authority, owner]
[AUTHORITY] // [AUTHORITY, authority, authority, owner]
sstore // [authority, owner]
0x20 mload // [authority, owner]
dup1 // [authority, authority, owner]
[AUTHORITY] // [AUTHORITY, authority, authority, owner]
sstore // [authority, owner]

// Emit the authority updated event
caller // [from, authority, owner]
[AUTHORITY_UPDATED_SIG] // [sig, from, authority, owner]
0x00 0x00 // [0, 0, sig, from, authority, owner]
log3 // [owner]
caller // [from, authority, owner]
__EVENT_HASH(AuthorityUpdated) // [sig, from, authority, owner]
0x00 0x00 // [0, 0, sig, from, authority, owner]
log3 // [owner]

// Emit the owner updated event
caller // [from, owner]
[OWNER_UPDATED_SIG] // [sig, from, owner]
0x00 0x00 // [0, 0, sig, from, owner]
log3 // []
caller // [from, owner]
[OWNER_UPDATED_SIG] // [sig, from, owner]
0x00 0x00 // [0, 0, sig, from, owner]
log3 // []
}

/// @notice Modifier that enforces caller authorization
Expand All @@ -84,8 +84,8 @@
iszero post jumpi // [authority, user, sig]

// WARN: If an account has no code, the call will unintendedly return successfully
dup1 extcodesize // [code, authority, user, sig]
iszero post jumpi // [authority, user, sig]
dup1 extcodesize // [code, authority, user, sig]
iszero post jumpi // [authority, user, sig]

// Store the auth.canCall arguments in memory at offset 0
// function canCall(address user, address target, bytes4 functionSig) external view returns (bool)
Expand Down Expand Up @@ -126,15 +126,15 @@
REQUIRES_AUTH()

// Set the new authority
0x04 calldataload // [newAuthority]
dup1 // [newAuthority, newAuthority]
[AUTHORITY] sstore // [newAuthority]
0x04 calldataload // [newAuthority]
dup1 // [newAuthority, newAuthority]
[AUTHORITY] sstore // [newAuthority]

// Emit the authority updated event
caller // [from, newAuthority]
[AUTHORITY_UPDATED_SIG] // [sig, from, newAuthority]
0x00 0x00 // [0, 32, sig, from, newAuthority]
log3 // []
caller // [from, newAuthority]
__EVENT_HASH(AuthorityUpdated) // [sig, from, newAuthority]
0x00 0x00 // [0, 32, sig, from, newAuthority]
log3 // []

stop
}
Expand Down Expand Up @@ -176,17 +176,16 @@
}

/// @notice Main Function Dispatcher
#define macro MAIN() = takes(0) returns (0) {
// Identify which function is being called using the 4 byte function signature
pc calldataload 0xE0 shr
#define macro AUTH_MAIN() = takes (1) returns (1) {
// Input Stack: [function_selector]

dup1 __FUNC_SIG(setOwner) eq set_owner jumpi
dup1 __FUNC_SIG(setAuthority) eq set_authority jumpi
dup1 __FUNC_SIG(owner) eq owner jumpi
dup1 __FUNC_SIG(authority) eq authority jumpi

// Revert if no signatures match
0x00 0x00 revert
// Bubble up to parent if no function selector matches
no_match jump

set_owner:
SET_OWNER()
Expand All @@ -196,4 +195,6 @@
OWNER()
authority:
AUTHORITY()

no_match:
}
25 changes: 12 additions & 13 deletions src/auth/Owned.huff
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,11 @@
// Events
#define event OwnerUpdated(address indexed user, address indexed newOwner)

// Event Signatures
#define constant OWNER_UPDATED_SIG = 0x8292fce18fa69edf4db7b94ea2e58241df0ae57f97e0a6c9b29067028bf92d76

// Storage Slots
#define constant OWNER = FREE_STORAGE_POINTER()

// CONSTRUCTOR
#define macro CONSTRUCTOR() = takes (0) returns (0) {
#define macro OWNED_CONSTRUCTOR() = takes (0) returns (0) {
// Copy the owner into memory
0x20 // [size] - byte size to copy
0x20 codesize sub // [offset, size] - offset in the code to copy from
Expand All @@ -33,13 +30,13 @@

// Emit the owner updated event
caller // [from, owner]
[OWNER_UPDATED_SIG] // [sig, from, owner]
__EVENT_HASH(OwnerUpdated) // [sig, from, owner]
0x00 0x00 // [0, 0, sig, from, owner]
log3 // []
}

/// @notice Only Owner Modifier
#define macro IS_OWNER() = takes(0) returns(0) {
#define macro IS_OWNER() = takes (0) returns (0) {
caller // [msg.sender]
[OWNER] sload // [owner, msg.sender]
eq authed jumpi // [authed]
Expand All @@ -52,7 +49,7 @@

/// @notice Set the Owner
/// @param {owner} [address] - The new owner
#define macro SET_OWNER() = takes(0) returns(0) {
#define macro SET_OWNER() = takes (0) returns (0) {
// Check that the caller is authorized
IS_OWNER()

Expand All @@ -63,7 +60,7 @@

// Emit the owner updated event
caller // [from, newOwner]
[OWNER_UPDATED_SIG] // [sig, from, newOwner]
__EVENT_HASH(OwnerUpdated) // [sig, from, newOwner]
0x00 0x00 // [0, 32, sig, from, newOwner]
log3 // []

Expand All @@ -72,24 +69,26 @@

/// @notice Get the owner of the contract
/// @return {owner} [address] - The owner of the contract
#define macro OWNER() = takes(0) returns (0) {
#define macro OWNER() = takes (0) returns (0) {
[OWNER] sload // [owner]
0x00 mstore // []
0x20 0x00 return
}

/// @notice Main Function Dispatcher
#define macro MAIN() = takes(0) returns(0) {
pc calldataload 0xE0 shr
#define macro OWNED_MAIN() = takes (1) returns (1) {
// Input Stack: [function_selector]

dup1 __FUNC_SIG(setOwner) eq set_owner jumpi
dup1 __FUNC_SIG(owner) eq owner jumpi

// Revert if no signatures match
0x00 0x00 revert
// Bubble up to parent macro
no_match jump

set_owner:
SET_OWNER()
owner:
OWNER()

no_match:
}
90 changes: 43 additions & 47 deletions src/auth/RolesAuthority.huff
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,6 @@
#define event PublicCapabilityUpdated(address indexed target, bytes4 indexed functionSig, bool enabled)
#define event RoleCapabilityUpdated(uint8 indexed role, address indexed target, bytes4 indexed functionSig, bool enabled)

// Event Signatures
#define constant USER_ROLE_UPDATED_SIG = 0x4c9bdd0c8e073eb5eda2250b18d8e5121ff27b62064fbeeeed4869bb99bc5bf2
#define constant PUBLIC_CAPABILITY_UPDATED_SIG = 0x950a343f5d10445e82a71036d3f4fb3016180a25805141932543b83e2078a93e
#define constant ROLE_CAPABILITY_UPDATED_SIG = 0xa52ea92e6e955aa8ac66420b86350f7139959adfcc7e6a14eee1bd116d09860e

// MAPPINGS
#define constant USER_ROLES_LOCATION = FREE_STORAGE_POINTER()
#define constant IS_CAPABILITY_PUBLIC_LOCATION = FREE_STORAGE_POINTER()
Expand Down Expand Up @@ -117,18 +112,18 @@
REQUIRES_AUTH()

// Set the capability to the passed in value
0x44 calldataload // [value]
0x24 calldataload // [sig, value]
0x04 calldataload // [target, sig, value]
STORE_ELEMENT_FROM_KEYS(0x00) // []
0x44 calldataload // [value]
0x24 calldataload // [sig, value]
0x04 calldataload // [target, sig, value]
STORE_ELEMENT_FROM_KEYS(0x00) // []

// Emit the capability updated event
0x44 calldataload // [value]
0x24 calldataload // [func, value]
0x04 calldataload // [target, func, value]
[PUBLIC_CAPABILITY_UPDATED_SIG] // [sig, target, func, value]
0x00 0x00 // [0, 0, sig, target, func, value]
log3 // []
0x44 calldataload // [value]
0x24 calldataload // [func, value]
0x04 calldataload // [target, func, value]
__EVENT_HASH(PublicCapabilityUpdated) // [sig, target, func, value]
0x00 0x00 // [0, 0, sig, target, func, value]
log3 // []

// End Execution
stop
Expand All @@ -145,54 +140,54 @@
REQUIRES_AUTH()

// Check if enabled
0x64 calldataload // [value]
enable jumpi // []
0x64 calldataload // [value]
enable jumpi // []

// Disable the capability
disable:
// Get the current roles with the capability
0x44 calldataload // [sig]
0x24 calldataload // [target, sig]
GET_ROLE_FOR_CAPABILITY() // [roles]
0x44 calldataload // [sig]
0x24 calldataload // [target, sig]
GET_ROLE_FOR_CAPABILITY() // [roles]

// Shift 1 left the role
0x01 0x04 calldataload shl // [role, roles]
not // [others, roles]
and // [updated]
0x01 0x04 calldataload shl // [role, roles]
not // [others, roles]
and // [updated]

// Store the new capability
0x44 calldataload // [sig, updated]
0x24 calldataload // [target, sig, updated]
STORE_ELEMENT_FROM_KEYS(0x00) // []
0x44 calldataload // [sig, updated]
0x24 calldataload // [target, sig, updated]
STORE_ELEMENT_FROM_KEYS(0x00) // []

// Jump to the emit log label
emit_log jump

// Enable the capability
enable:
// Get the current roles with the capability
0x44 calldataload // [sig]
0x24 calldataload // [target, sig]
GET_ROLE_FOR_CAPABILITY() // [roles]
0x44 calldataload // [sig]
0x24 calldataload // [target, sig]
GET_ROLE_FOR_CAPABILITY() // [roles]

// Shift 1 left the role
0x01 0x04 calldataload shl // [role, roles]
or // [capabilies]
0x01 0x04 calldataload shl // [role, roles]
or // [capabilies]

// Store the new capability
0x44 calldataload // [sig, capabilies]
0x24 calldataload // [target, sig, capabilies]
STORE_ELEMENT_FROM_KEYS(0x00) // []
0x44 calldataload // [sig, capabilies]
0x24 calldataload // [target, sig, capabilies]
STORE_ELEMENT_FROM_KEYS(0x00) // []

// Emit the capability updated event
emit_log:
0x64 calldataload // [enabled]
0x44 calldataload // [func, enabled]
0x24 calldataload // [target, func, enabled]
0x04 calldataload // [role, target, func, enabled]
[ROLE_CAPABILITY_UPDATED_SIG] // [sig, role, target, func, enabled]
0x00 0x00 // [0, 0, sig, role, target, func, enabled]
log4 // []
0x64 calldataload // [enabled]
0x44 calldataload // [func, enabled]
0x24 calldataload // [target, func, enabled]
0x04 calldataload // [role, target, func, enabled]
__EVENT_HASH(RoleCapabilityUpdated) // [sig, role, target, func, enabled]
0x00 0x00 // [0, 0, sig, role, target, func, enabled]
log4 // []

// End Execution
stop
Expand Down Expand Up @@ -251,7 +246,7 @@
0x44 calldataload // [enabled]
0x24 calldataload // [role, enabled]
0x04 calldataload // [account, role, enabled]
[USER_ROLE_UPDATED_SIG] // [sig, account, role, enabled]
__EVENT_HASH(UserRoleUpdated) // [sig, account, role, enabled]
0x00 0x00 // [0, 0, sig, account, role, enabled]
log3 // []

Expand All @@ -260,9 +255,8 @@
}

/// @notice Main Function Dispatcher
#define macro MAIN() = takes(0) returns (0) {
// Identify which function is being called using the 4 byte function signature
pc calldataload 0xe0 shr
#define macro ROLES_AUTHORITY_MAIN() = takes (1) returns (1) {
// Input Stack: [function_selector]

dup1 __FUNC_SIG(hasRole) eq has_role jumpi
dup1 __FUNC_SIG(doesRoleHaveCapability) eq role_capability jumpi
Expand All @@ -277,8 +271,8 @@
dup1 __FUNC_SIG(owner) eq owner jumpi
dup1 __FUNC_SIG(authority) eq authority jumpi

// Revert if no signatures match
0x00 0x00 revert
// Bubble up function selector to parent macro
no_match jump

has_role:
HAS_ROLE()
Expand All @@ -301,6 +295,8 @@
OWNER()
authority:
AUTHORITY()

no_match:
}


Loading

0 comments on commit 3a81d5a

Please sign in to comment.