SuperRBAC

Last updated 6 months ago

Was this helpful?

SuperRBAC

Introduction

SuperRBAC manages role-based access control in the Superform Protocol. It allows for granting and revoking various roles to specific addresses.

Core Concepts

There are multiple roles in the Superform ecosystem that serve to ensure uptime for the protocol and future upgrade capabilities. The responsibilities of these roles will be decentralized over time.

Generic Roles

These roles are multi-sigs given their potential to impact liveliness of the overall protocol.

PROTOCOL_ADMIN_ROLE: Role for managing overall protocol administration. More on this here Protocol Admin Functionality
EMERGENCY_ADMIN_ROLE: Role for managing emergency administrative actions

Contract Specific Roles

These roles serve specialized functions in individual contracts for added security and improved UX.

PAYMENT_ADMIN_ROLE: Role for managing payment-related actions in .
BROADCASTER_ROLE: Role for managing broadcasting payloads in .
CORE_STATE_REGISTRY_PROCESSOR_ROLE: Role for managing processing operations in .
BROADCAST_REGISTRY_PROCESSOR_ROLE : Role for managing processing broadcast payloads in .
CORE_STATE_REGISTRY_UPDATER_ROLE: Role for managing updating operations in .
DST_SWAPPER_ROLE: Role for managing swapping operations on .
CORE_STATE_REGISTRY_RESCUER_ROLE: Role for managing rescue operations in .
CORE_STATE_REGISTRY_DISPUTER_ROLE: Role for managing dispute operations in .
WORMHOLE_VAA_RELAYER_ROLE: Role that will be reading VAAs for broadcast functionality in .

Protocol Admin Functionality

setSuperRegistry

function setSuperRegistry(
    address superRegistry_
) external override onlyRole(PROTOCOL_ADMIN_ROLE)

name

superRegistry_

address of the SuperRegistry contract

setRoleAdmin

This function allows the existing PROTOCOL_ADMIN to create a new role in the Superform ecosystem with an admin address for it (typically still PROTOCOL_ADMIN)

function setRoleAdmin(
    bytes32 role_,
    bytes32 adminRole_
) external override onlyRole(PROTOCOL_ADMIN_ROLE)

name

description

role_

bytes32 hash of the role_ to set

adminRole_

bytes32 hash of the administrator who is allowed to make changes to that role

revokeRoleSuperBroadcast

function revokeRoleSuperBroadcast(
    bytes32 role_,
    address addressToRevoke_,
    bytes memory extraData_,
    bytes32 superRegistryAddressId_
) external payable override onlyRole(PROTOCOL_ADMIN_ROLE)

name

description

role_

bytes32 hash of the role

extraData_

bytes broadcasting data

superRegistryAddressId_

bytes32 super registry id

Granting and Revoking Roles

Checking Roles

All addresses can be checked if they have a role by calling the appropriate check if an address has a role (i.e. hasProtocolAdminRole), returns a bool, which wrappers

Last updated 6 months ago

Was this helpful?

Introduction

SuperRBAC manages role-based access control in the Superform Protocol. It allows for granting and revoking various roles to specific addresses.

Core Concepts

There are multiple roles in the Superform ecosystem that serve to ensure uptime for the protocol and future upgrade capabilities. The responsibilities of these roles will be decentralized over time.

Generic Roles

These roles are multi-sigs given their potential to impact liveliness of the overall protocol.

PROTOCOL_ADMIN_ROLE: Role for managing overall protocol administration. More on this here Protocol Admin Functionality
EMERGENCY_ADMIN_ROLE: Role for managing emergency administrative actions

Contract Specific Roles

These roles serve specialized functions in individual contracts for added security and improved UX.

PAYMENT_ADMIN_ROLE: Role for managing payment-related actions in .
BROADCASTER_ROLE: Role for managing broadcasting payloads in .
CORE_STATE_REGISTRY_PROCESSOR_ROLE: Role for managing processing operations in .
BROADCAST_REGISTRY_PROCESSOR_ROLE : Role for managing processing broadcast payloads in .
CORE_STATE_REGISTRY_UPDATER_ROLE: Role for managing updating operations in .
DST_SWAPPER_ROLE: Role for managing swapping operations on .
CORE_STATE_REGISTRY_RESCUER_ROLE: Role for managing rescue operations in .
CORE_STATE_REGISTRY_DISPUTER_ROLE: Role for managing dispute operations in .
WORMHOLE_VAA_RELAYER_ROLE: Role that will be reading VAAs for broadcast functionality in .

Protocol Admin Functionality

setSuperRegistry

This function sets the contract address.

function setSuperRegistry(
    address superRegistry_
) external override onlyRole(PROTOCOL_ADMIN_ROLE)

name

superRegistry_

address of the SuperRegistry contract

setRoleAdmin

This function allows the existing PROTOCOL_ADMIN to create a new role in the Superform ecosystem with an admin address for it (typically still PROTOCOL_ADMIN)

function setRoleAdmin(
    bytes32 role_,
    bytes32 adminRole_
) external override onlyRole(PROTOCOL_ADMIN_ROLE)

name

description

role_

bytes32 hash of the role_ to set

adminRole_

bytes32 hash of the administrator who is allowed to make changes to that role

revokeRoleSuperBroadcast

This function revokes the role from on all chains. Note that neither of the general roles (Protocol Admin or Emergency Admin) may be revoked in this manner.

function revokeRoleSuperBroadcast(
    bytes32 role_,
    address addressToRevoke_,
    bytes memory extraData_,
    bytes32 superRegistryAddressId_
) external payable override onlyRole(PROTOCOL_ADMIN_ROLE)

name

description

role_

bytes32 hash of the role

extraData_

bytes broadcasting data

superRegistryAddressId_

bytes32 super registry id

Granting and Revoking Roles

Inherited from

Checking Roles

All addresses can be checked if they have a role by calling the appropriate check if an address has a role (i.e. hasProtocolAdminRole), returns a bool, which wrappers