From 4e6d333031217daddbe5d7ceddbf5fe9629facdc Mon Sep 17 00:00:00 2001 From: drikssy Date: Tue, 8 Oct 2024 13:05:08 +0200 Subject: [PATCH 1/2] add revoke deployer roles script + makefile update --- Makefile | 4 +++ script/deployment/RevokeDeployer.s.sol | 37 ++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 script/deployment/RevokeDeployer.s.sol diff --git a/Makefile b/Makefile index a7b4be6..6d4b6cb 100644 --- a/Makefile +++ b/Makefile @@ -69,6 +69,10 @@ update-devs: @echo "Updating devs on $(NETWORK)..." forge script script/deployment/UpdateDevs.s.sol --rpc-url $(NETWORK) --broadcast --verify --optimize +revoke-deployer: + @echo "Revoking deployer roles on $(NETWORK)..." + forge script script/deployment/RevokeDeployer.s.sol --rpc-url $(NETWORK) --broadcast --verify --optimize + diff --git a/script/deployment/RevokeDeployer.s.sol b/script/deployment/RevokeDeployer.s.sol new file mode 100644 index 0000000..47f6434 --- /dev/null +++ b/script/deployment/RevokeDeployer.s.sol @@ -0,0 +1,37 @@ +// SPDX-License-Identifier: MIT +pragma solidity 0.8.23; + +import { BaseScript } from "../Base.s.sol"; +import { AddressProvider } from "contracts/core/AddressProvider.sol"; +import { Roles } from "contracts/libraries/Roles.sol"; +import { AccessControl } from "@openzeppelin/contracts/access/AccessControl.sol"; +import { console } from "@forge-std/console.sol"; + +contract RevokeDeployer is BaseScript { + function run() public virtual initConfig broadcast { + if (addressProvider == address(0)) { + revert AddressProviderAddressIsZero(); + } + + AddressProvider ap = AddressProvider(addressProvider); + AccessControl ac = AccessControl(address(ap.getAccessController())); + + //////////////////// Revoking Deployer //////////////////// + // !!!! HERE WE ARE REVOKING THE DEPLOYER DEFAULT ADMIN AND PROTOCOL MAINTAINER FROM THE DEPLOYER ADDRESS !!!! + bytes32 adminRole = ac.DEFAULT_ADMIN_ROLE(); + + if (ac.hasRole(Roles.PROTOCOL_MAINTAINER, address(broadcaster))) { + ac.renounceRole(Roles.PROTOCOL_MAINTAINER, address(broadcaster)); + console.log("Protocol Maintainer role renounced from: ", broadcaster); + } else { + console.log("Protocol Maintainer role not found for: ", broadcaster); + } + + if (ac.hasRole(adminRole, address(broadcaster))) { + ac.renounceRole(adminRole, address(broadcaster)); + console.log("Default Admin role renounced from: ", broadcaster); + } else { + console.log("Default Admin role not found for: ", broadcaster); + } + } +} From b8fd74c2822660e32c01311de6cde095c729c242 Mon Sep 17 00:00:00 2001 From: drikssy Date: Tue, 8 Oct 2024 13:05:33 +0200 Subject: [PATCH 2/2] explicit roles bytes32 expression --- contracts/libraries/Roles.sol | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/contracts/libraries/Roles.sol b/contracts/libraries/Roles.sol index 8bd8ef5..43f71de 100644 --- a/contracts/libraries/Roles.sol +++ b/contracts/libraries/Roles.sol @@ -2,10 +2,21 @@ pragma solidity 0.8.23; library Roles { + // keccak256("AIRDROP_ACCESSOR") = 0x12a908b2cba1a015c528e378ff2e86bffc8be37d2def9c75c22ca89d6cc368ee bytes32 public constant AIRDROP_ACCESSOR = keccak256("AIRDROP_ACCESSOR"); + + // keccak256("DAO_FUND_ACCESSOR") = 0x574aeecb7d7c7ccc071afb958bd8e81063287e9f574301a7ba2caafd4967c48d bytes32 public constant DAO_FUND_ACCESSOR = keccak256("DAO_FUND_ACCESSOR"); + + // keccak256("DEV_FUND_ACCESSOR") = 0xa49bfefdfe87a8a34837d023db66628b615dd0344cc92d7feada291ae122d0e9 bytes32 public constant DEV_FUND_ACCESSOR = keccak256("DEV_FUND_ACCESSOR"); + + // keccak256("ENTROPY_ACCESSOR") = 0xb209b7f8ff6851be0ae7c043cc14fc21c75535142ed26d70dda8704da6e4eae6 bytes32 public constant ENTROPY_ACCESSOR = keccak256("ENTROPY_ACCESSOR"); + + // keccak256("PROTOCOL_MAINTAINER") = 0xc30f007ba88184a2af73fb442cfac292aa54837e5929d0d24188903703ab54b8 bytes32 public constant PROTOCOL_MAINTAINER = keccak256("PROTOCOL_MAINTAINER"); + + //keccak256("NUKE_FUND_ACCESSOR") = 0xe5f0a35a3e35af422c1c7ab250c429955f7c0b4fe424ff55bfb7af43067ab779 bytes32 public constant NUKE_FUND_ACCESSOR = keccak256("NUKE_FUND_ACCESSOR"); }