-
Notifications
You must be signed in to change notification settings - Fork 835
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(evm): Add PermissionsPolicy for permissioned EVM #2538
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice approach @facs95! I have one question. If the authorization is associated with the sender, how a contract that requires to create new ERC20 tokens, like an AMM, can work?
Reimplemented with a new approach based on @0xstepit suggestions! Please take a look and give me feedback. Will implement tests afterwards. Tested locally and works as expected. I will add a brief description tomorrow to explain it better. cc. @fedekunze Pay special attention to:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, great job @facs95 !
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work @facs95!!
Left a few comments
Also, we'll need to update the module version and add the corresponding store migration
…nto facs95/create-hook
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
utACK
Description
Closes: #XXXX
With this we take a similar approach to CosmosWasm to make it possible to make the EVM permissioned. This proposes to have now within the EVM params a permissions field with the following types.
This allows for a granular control over permissions for create and call opcodes while also making it customizable for other customers of the evmosOS (this will improve in future versions).
In our version of the implementation we are passing this into the opcodeHooks for it to be called within the CREATE and CALL opcodes. If
AccessTypeWhitelistAddress
is chosen, then we will check first that if the signer of the tx is a whitelisted address, if not then we check if the caller (contracts performing internal calls) has permissions.NOTE: This is blocked by evmos/go-ethereum#28
Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
Reviewers Checklist
All items are required.
Please add a note if the item is not applicable
and please add your handle next to the items reviewed
if you only reviewed selected items.
I have...
Unreleased
section inCHANGELOG.md