idOS access grant contracts

When receiving a signed request for data not owned by the signer, idOS nodes use these smart contracts as the source of truth for authorizing (or denying) the request.

The contract functionality is straightforward:

• a grant is an idOS object representing a data access grant from an owner to a grantee for a given data ID (optionally with a timelock)
• the contract stores a collection of grants
• anyone can list grants
• a signer can
  • create a grant that they own
  • delete a grant that they own (unless timelocked)

Contracts

Implementations

Target VM	Language	Source
EVM	Solidity	evm/
NEAR VM	Rust	near-rs/

Deployments

Source	Chain (ID)	Address	Used by idOS nodes
evm/	Ethereum Sepolia (0xaa36a7)	0x11Fe2099B205388ED95BB0e52e424512eb43692f	nodes.playground.idos.network
evm/	Ethereum Sepolia (0xaa36a7)	0xA5Ac9B9703Bd661cd2aC05B41FE57d1A5DD332AA	nodes.idos.network
evm/	Arbitrum Sepolia (0x66eee)	0x350829c8FCb3DF16EeaE9ADDa2565090348426f9	nodes.playground.idos.network
evm/	Arbitrum One (0xa4b1)	0x350829c8FCb3DF16EeaE9ADDa2565090348426f9	nodes.idos.network
evm/	Etherlink Testnet (0x1f47b)	0xeed5537b68baD728A3Bb433d8e06ebab81ac0EAB	nodes.playground.idos.network
evm/	Etherlink (0xa729)	0xeed5537b68baD728A3Bb433d8e06ebab81ac0EAB	nodes.idos.network
near-rs/	NEAR Testnet (testnet)	idos-dev-4.testnet	nodes.playground.idos.network
near-rs/	NEAR Mainnet (mainnet)	idos-dev-4.near	nodes.idos.network

Deploy to Sepolia

1. Copy .env file to .env.local and fill it in accordingly
2. Run npx hardhat --network sepolia run scripts/deploy.js
3. Run npx hardhat --network sepolia verify $RESULTING_ADDRESS

Deploy to local chain

Use hardhat to run local node.

1. Run node in separate process npx hardhat node
2. Compile a contract npx hardhat compile
3. Deploy the contract npx hardhat --network locahost run scripts/deploy.js

Interface

Note

This interface description uses mixedCase, but each implementation follows the respective language's style guide, e.g.:

• in EVM + Solidity, we use mixedCase (insertGrant)
• in NEAR VM + Rust/TypeScript, we use snake_case (insert_grant).

Objects

Grant

Represents an access grant from a data owner, to a grantee, for a given data ID, until a given time.

Variables

• owner: address
• grantee: address
• dataId: string
• lockedUntil: 256-bit unsigned integer

Functions

insertGrant

Creates a new access grant.

Arguments

• required
  • grantee: address
  • dataId: string
• optional
  • lockedUntil: 256-bit unsigned integer

Implements

• creates Grant(signer, grantee, dataId, lockedUntil)
• reverts if this grant already exists

deleteGrant

Deletes an existing access grant.

Arguments

• required
  • grantee: address
  • dataId: string
• optional
  • lockedUntil: 256-bit unsigned integer

Implements

• if given lockedUntil
  • deletes Grant(signer, grantee, dataId, lockedUntil)
  • reverts if lockedUntil is in the future
• else
  • deletes all Grant(signer, grantee, dataId, *)
  • reverts if any lockedUntil is in the future

findGrants

Lists grants matching the provided arguments.

Arguments

• required (both or either)
  • owner: address
  • grantee: address
• optional
  • dataId: string

Implements

Performs a wildcard search, matching existing grants to given arguments, which must follow one of these patterns:

{ owner, grantee, dataId }
{ owner, grantee, ****** }
{ owner, *******, dataId }
{ owner, *******, ****** }
{ *****, grantee, dataId }
{ *****, grantee, ****** }

Returns

A list of 0+ Grants

grantsFor

Lists grants matching the provided arguments.

Arguments

• required
  • grantee: address
  • dataId: string

Implements

Calls grantsBy with no owner argument.

Returns

A list of 0+ Grants