From e112d77417c7e54520088891c747b3bd773fdf86 Mon Sep 17 00:00:00 2001 From: GitGuru7 <128375421+GitGuru7@users.noreply.github.com> Date: Fri, 18 Aug 2023 13:16:22 +0530 Subject: [PATCH] feat: use ACM instead of onlyOwner --- contracts/Bridge/XVSProxyOFTDest.sol | 30 ++++++++-------------------- contracts/Bridge/XVSProxyOFTSrc.sol | 20 +++++-------------- contracts/Bridge/lzApp/LzApp.sol | 29 ++++++++++++++++++++++----- contracts/Bridge/oft/OFTCoreV2.sol | 3 ++- 4 files changed, 39 insertions(+), 43 deletions(-) diff --git a/contracts/Bridge/XVSProxyOFTDest.sol b/contracts/Bridge/XVSProxyOFTDest.sol index 48daedda7..51b1f52d0 100644 --- a/contracts/Bridge/XVSProxyOFTDest.sol +++ b/contracts/Bridge/XVSProxyOFTDest.sol @@ -4,17 +4,12 @@ pragma solidity 0.8.13; import { ProxyOFTV2 } from "./oft/ProxyOFTV2.sol"; import { ILayerZeroUserApplicationConfig } from "./interfaces/ILayerZeroUserApplicationConfig.sol"; import { Pausable } from "@openzeppelin/contracts/security/Pausable.sol"; -import { IAccessControlManagerV8 } from "@venusprotocol/governance-contracts/contracts/Governance/IAccessControlManagerV8.sol"; import { IXVS } from "./interfaces/IXVS.sol"; import { ResilientOracleInterface } from "@venusprotocol/oracle/contracts/interfaces/OracleInterface.sol"; import { ensureNonzeroAddress } from "../lib/validators.sol"; -import { EXP_SCALE } from "../lib/constants.sol"; +import { ExponentialNoError } from "../ExponentialNoError.sol"; -contract XVSProxyOFTDest is Pausable, ILayerZeroUserApplicationConfig, ProxyOFTV2 { - /** - * @notice Address of access control manager contract. - */ - address public accessControlManager; +contract XVSProxyOFTDest is Pausable, ILayerZeroUserApplicationConfig, ExponentialNoError, ProxyOFTV2 { /** * @notice The address of ResilientOracle contract wrapped in its interface. */ @@ -189,12 +184,11 @@ contract XVSProxyOFTDest is Pausable, ILayerZeroUserApplicationConfig, ProxyOFTV uint16 dstChainId_, uint256 amount_ ) internal { - if (whitelist[from_]) { - return; - } + bool isWhiteListedUser = whitelist[from_]; + uint256 amountInUsd; - uint256 oraclePrice = oracle.getPrice(address(innerToken)); - amountInUsd = (oraclePrice * amount_) / EXP_SCALE; + Exp memory oraclePrice = Exp({ mantissa: oracle.getPrice(address(innerToken)) }); + amountInUsd = mul_ScalarTruncate(oraclePrice, amount_); uint256 currentBlock = block.timestamp; uint256 lastDayWindowStart = chainIdToLast24HourWindowStart[dstChainId_]; @@ -202,7 +196,7 @@ contract XVSProxyOFTDest is Pausable, ILayerZeroUserApplicationConfig, ProxyOFTV uint256 maxSingleTransactionLimit = chainIdToMaxSingleTransactionLimit[dstChainId_]; uint256 maxDailyLimit = chainIdToMaxDailyLimit[dstChainId_]; - if (amountInUsd > maxSingleTransactionLimit) { + if (amountInUsd > maxSingleTransactionLimit && !isWhiteListedUser) { revert MaxSingleTransactionLimitExceed(amountInUsd, maxSingleTransactionLimit); } @@ -213,18 +207,10 @@ contract XVSProxyOFTDest is Pausable, ILayerZeroUserApplicationConfig, ProxyOFTV transferredInWindow += amountInUsd; } - if (transferredInWindow > maxDailyLimit) { + if (transferredInWindow > maxDailyLimit && !isWhiteListedUser) { revert MaxDailyLimitExceed(amountInUsd, maxDailyLimit); } chainIdToLast24HourTransferred[dstChainId_] = transferredInWindow; return; } - - /// @dev Checks the caller is allowed to call the specified fuction - function _ensureAllowed(string memory functionSig_) internal view { - require( - IAccessControlManagerV8(accessControlManager).isAllowedToCall(msg.sender, functionSig_), - "access denied" - ); - } } diff --git a/contracts/Bridge/XVSProxyOFTSrc.sol b/contracts/Bridge/XVSProxyOFTSrc.sol index 3a4fa302e..96176b1c4 100644 --- a/contracts/Bridge/XVSProxyOFTSrc.sol +++ b/contracts/Bridge/XVSProxyOFTSrc.sol @@ -4,17 +4,11 @@ pragma solidity 0.8.13; import { ProxyOFTV2 } from "./oft/ProxyOFTV2.sol"; import { ILayerZeroUserApplicationConfig } from "./interfaces/ILayerZeroUserApplicationConfig.sol"; import { Pausable } from "@openzeppelin/contracts/security/Pausable.sol"; -import { IAccessControlManagerV8 } from "@venusprotocol/governance-contracts/contracts/Governance/IAccessControlManagerV8.sol"; import { ResilientOracleInterface } from "@venusprotocol/oracle/contracts/interfaces/OracleInterface.sol"; import { ensureNonzeroAddress } from "../lib/validators.sol"; -import { EXP_SCALE } from "../lib/constants.sol"; import { ExponentialNoError } from "../ExponentialNoError.sol"; contract XVSProxyOFTSrc is Pausable, ILayerZeroUserApplicationConfig, ExponentialNoError, ProxyOFTV2 { - /** - * @notice Address of access control manager contract. - */ - address public accessControlManager; /** * @notice The address of ResilientOracle contract wrapped in its interface. */ @@ -174,7 +168,11 @@ contract XVSProxyOFTSrc is Pausable, ILayerZeroUserApplicationConfig, Exponentia return super._debitFrom(from_, dstChainId_, toAddress_, amount_); } - function _isEligibleToSend(address from_, uint16 dstChainId_, uint256 amount_) internal { + function _isEligibleToSend( + address from_, + uint16 dstChainId_, + uint256 amount_ + ) internal { bool isWhiteListedUser = whitelist[from_]; uint256 amountInUsd; @@ -204,12 +202,4 @@ contract XVSProxyOFTSrc is Pausable, ILayerZeroUserApplicationConfig, Exponentia chainIdToLast24HourTransferred[dstChainId_] = transferredInWindow; return; } - - /// @dev Checks the caller is allowed to call the specified fuction - function _ensureAllowed(string memory functionSig_) internal view { - require( - IAccessControlManagerV8(accessControlManager).isAllowedToCall(msg.sender, functionSig_), - "access denied" - ); - } } diff --git a/contracts/Bridge/lzApp/LzApp.sol b/contracts/Bridge/lzApp/LzApp.sol index 89b7f653e..9b65204f0 100644 --- a/contracts/Bridge/lzApp/LzApp.sol +++ b/contracts/Bridge/lzApp/LzApp.sol @@ -3,6 +3,7 @@ pragma solidity ^0.8.0; import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol"; +import { IAccessControlManagerV8 } from "@venusprotocol/governance-contracts/contracts/Governance/IAccessControlManagerV8.sol"; import { ILayerZeroReceiver } from "../interfaces/ILayerZeroReceiver.sol"; import { ILayerZeroEndpoint } from "../interfaces/ILayerZeroEndpoint.sol"; import { BytesLib } from "../util/BytesLib.sol"; @@ -12,6 +13,10 @@ import { BytesLib } from "../util/BytesLib.sol"; */ abstract contract LzApp is Ownable, ILayerZeroReceiver { using BytesLib for bytes; + /** + * @notice Address of access control manager contract. + */ + address public accessControlManager; // ua can not send payload larger than this by default, but it can be changed by the ua owner uint256 public constant DEFAULT_PAYLOAD_SIZE_LIMIT = 10000; @@ -121,23 +126,27 @@ abstract contract LzApp is Ownable, ILayerZeroReceiver { // _path = abi.encodePacked(remoteAddress, localAddress) // this function set the trusted path for the cross-chain communication - function setTrustedRemote(uint16 _remoteChainId, bytes calldata _path) external onlyOwner { + function setTrustedRemote(uint16 _remoteChainId, bytes calldata _path) external { + _ensureAllowed("setTrustedRemote(uint16,bytes)"); trustedRemoteLookup[_remoteChainId] = _path; emit SetTrustedRemote(_remoteChainId, _path); } - function setTrustedRemoteAddress(uint16 _remoteChainId, bytes calldata _remoteAddress) external onlyOwner { + function setTrustedRemoteAddress(uint16 _remoteChainId, bytes calldata _remoteAddress) external { + _ensureAllowed("setTrustedRemoteAddress(uint16,bytes)"); trustedRemoteLookup[_remoteChainId] = abi.encodePacked(_remoteAddress, address(this)); emit SetTrustedRemoteAddress(_remoteChainId, _remoteAddress); } function getTrustedRemoteAddress(uint16 _remoteChainId) external view returns (bytes memory) { + _ensureAllowed("getTrustedRemoteAddress(uint16)"); bytes memory path = trustedRemoteLookup[_remoteChainId]; require(path.length != 0, "LzApp: no trusted path record"); return path.slice(0, path.length - 20); // the last 20 bytes should be address(this) } - function setPrecrime(address _precrime) external onlyOwner { + function setPrecrime(address _precrime) external { + _ensureAllowed("setPrecrime(address)"); precrime = _precrime; emit SetPrecrime(_precrime); } @@ -146,14 +155,16 @@ abstract contract LzApp is Ownable, ILayerZeroReceiver { uint16 _dstChainId, uint16 _packetType, uint256 _minGas - ) external onlyOwner { + ) external { + _ensureAllowed("setMinDstGas(uint16,uint16,uint256)"); require(_minGas > 0, "LzApp: invalid minGas"); minDstGasLookup[_dstChainId][_packetType] = _minGas; emit SetMinDstGas(_dstChainId, _packetType, _minGas); } // if the size is 0, it means default size limit - function setPayloadSizeLimit(uint16 _dstChainId, uint256 _size) external onlyOwner { + function setPayloadSizeLimit(uint16 _dstChainId, uint256 _size) external { + _ensureAllowed("setPayloadSizeLimit(uint16,uint256)"); payloadSizeLimitLookup[_dstChainId] = _size; } @@ -162,4 +173,12 @@ abstract contract LzApp is Ownable, ILayerZeroReceiver { bytes memory trustedSource = trustedRemoteLookup[_srcChainId]; return keccak256(trustedSource) == keccak256(_srcAddress); } + + /// @dev Checks the caller is allowed to call the specified fuction + function _ensureAllowed(string memory functionSig_) internal view { + require( + IAccessControlManagerV8(accessControlManager).isAllowedToCall(msg.sender, functionSig_), + "access denied" + ); + } } diff --git a/contracts/Bridge/oft/OFTCoreV2.sol b/contracts/Bridge/oft/OFTCoreV2.sol index 790357c57..87572dd42 100644 --- a/contracts/Bridge/oft/OFTCoreV2.sol +++ b/contracts/Bridge/oft/OFTCoreV2.sol @@ -75,7 +75,8 @@ abstract contract OFTCoreV2 is NonblockingLzApp { ); } - function setUseCustomAdapterParams(bool _useCustomAdapterParams) public virtual onlyOwner { + function setUseCustomAdapterParams(bool _useCustomAdapterParams) public virtual { + _ensureAllowed("setUseCustomAdapterParams(bool)"); useCustomAdapterParams = _useCustomAdapterParams; emit SetUseCustomAdapterParams(_useCustomAdapterParams); }