SuperRBAC

Introduction

SuperRBAC manages role-based access control in the Superform Protocol. It allows for granting and revoking various roles to specific addresses.

Core Concepts

There are multiple roles in the Superform ecosystem that serve to ensure uptime for the protocol and future upgrade capabilities. The responsibilities of these roles will be decentralized over time.

Generic Roles

These roles are multi-sigs given their potential to impact liveliness of the overall protocol.

  • PROTOCOL_ADMIN_ROLE: Role for managing overall protocol administration. More on this here Protocol Admin Functionality

  • EMERGENCY_ADMIN_ROLE: Role for managing emergency administrative actions

Contract Specific Roles

These roles serve specialized functions in individual contracts for added security and improved UX.

  • PAYMENT_ADMIN_ROLE: Role for managing payment-related actions in PayMaster.

  • BROADCASTER_ROLE: Role for managing broadcasting payloads in BroadcastRegistry.

  • CORE_STATE_REGISTRY_PROCESSOR_ROLE: Role for managing processing operations in CoreStateRegistry.

  • BROADCAST_REGISTRY_PROCESSOR_ROLE : Role for managing processing broadcast payloads in BroadcastRegistry.

  • CORE_STATE_REGISTRY_UPDATER_ROLE: Role for managing updating operations in CoreStateRegistry.

  • DST_SWAPPER_ROLE: Role for managing swapping operations on DstSwapper.

  • CORE_STATE_REGISTRY_RESCUER_ROLE: Role for managing rescue operations in CoreStateRegistry.

  • CORE_STATE_REGISTRY_DISPUTER_ROLE: Role for managing dispute operations in CoreStateRegistry.

  • WORMHOLE_VAA_RELAYER_ROLE: Role that will be reading VAAs for broadcast functionality in WormholeSRImplementation.

Protocol Admin Functionality

setSuperRegistry

This function sets the SuperRegistry contract address.

function setSuperRegistry(
    address superRegistry_
) external override onlyRole(PROTOCOL_ADMIN_ROLE)

setRoleAdmin

This function allows the existing PROTOCOL_ADMIN to create a new role in the Superform ecosystem with an admin address for it (typically still PROTOCOL_ADMIN)

function setRoleAdmin(
    bytes32 role_,
    bytes32 adminRole_
) external override onlyRole(PROTOCOL_ADMIN_ROLE)

revokeRoleSuperBroadcast

This function revokes the role from SuperRegistry on all chains. Note that neither of the general roles (Protocol Admin or Emergency Admin) may be revoked in this manner. 

function revokeRoleSuperBroadcast(
    bytes32 role_,
    address addressToRevoke_,
    bytes memory extraData_,
    bytes32 superRegistryAddressId_
) external payable override onlyRole(PROTOCOL_ADMIN_ROLE)

Granting and Revoking Roles

Inherited from https://docs.openzeppelin.com/contracts/3.x/access-control

Checking Roles

All addresses can be checked if they have a role by calling the appropriate check if an address has a role (i.e. hasProtocolAdminRole), returns a bool, which wrappers

Last updated