CCIP-4105: adds OZ AccessControl support to the registry module (#15067)

* adds OZ AccessControl support to the registry module * [Bot] Update changeset file with jira issues * fix snap * update version --------- Co-authored-by: app-token-issuer-infra-releng[bot] <120227048+app-token-issuer-infra-releng[bot]@users.noreply.github.com>
smartcontractkit · Nov 5, 2024 · eeb58e2 · eeb58e2
1 parent a71cbc6
commit eeb58e2
Show file tree

Hide file tree

Showing 6 changed files with 110 additions and 15 deletions.
diff --git a/contracts/.changeset/metal-ducks-hunt.md b/contracts/.changeset/metal-ducks-hunt.md
@@ -0,0 +1,10 @@
+---
+'@chainlink/contracts': patch
+---
+
+#feature adds OZ AccessControl support to the registry module
+
+
+PR issue: CCIP-4105
+
+Solidity Review issue: CCIP-3966
diff --git a/contracts/gas-snapshots/ccip.gas-snapshot b/contracts/gas-snapshots/ccip.gas-snapshot
@@ -640,11 +640,13 @@ RateLimiter_consume:test_TokenRateLimitReached_Revert() (gas: 24930)
 RateLimiter_currentTokenBucketState:test_CurrentTokenBucketState_Success() (gas: 38947)
 RateLimiter_currentTokenBucketState:test_Refill_Success() (gas: 46852)
 RateLimiter_setTokenBucketConfig:test_SetRateLimiterConfig_Success() (gas: 38509)
-RegistryModuleOwnerCustom_constructor:test_constructor_Revert() (gas: 36033)
-RegistryModuleOwnerCustom_registerAdminViaGetCCIPAdmin:test_registerAdminViaGetCCIPAdmin_Revert() (gas: 19763)
-RegistryModuleOwnerCustom_registerAdminViaGetCCIPAdmin:test_registerAdminViaGetCCIPAdmin_Success() (gas: 130104)
-RegistryModuleOwnerCustom_registerAdminViaOwner:test_registerAdminViaOwner_Revert() (gas: 19568)
-RegistryModuleOwnerCustom_registerAdminViaOwner:test_registerAdminViaOwner_Success() (gas: 129908)
+RegistryModuleOwnerCustom_constructor:test_constructor_Revert() (gas: 36107)
+RegistryModuleOwnerCustom_registerAccessControlDefaultAdmin:test_registerAccessControlDefaultAdmin_Revert() (gas: 20200)
+RegistryModuleOwnerCustom_registerAccessControlDefaultAdmin:test_registerAccessControlDefaultAdmin_Success() (gas: 130631)
+RegistryModuleOwnerCustom_registerAdminViaGetCCIPAdmin:test_registerAdminViaGetCCIPAdmin_Revert() (gas: 19797)
+RegistryModuleOwnerCustom_registerAdminViaGetCCIPAdmin:test_registerAdminViaGetCCIPAdmin_Success() (gas: 130126)
+RegistryModuleOwnerCustom_registerAdminViaOwner:test_registerAdminViaOwner_Revert() (gas: 19602)
+RegistryModuleOwnerCustom_registerAdminViaOwner:test_registerAdminViaOwner_Success() (gas: 129930)
 Router_applyRampUpdates:test_OffRampMismatch_Revert() (gas: 89591)
 Router_applyRampUpdates:test_OffRampUpdatesWithRouting() (gas: 10749462)
 Router_applyRampUpdates:test_OnRampDisable() (gas: 56428)
@@ -702,12 +704,12 @@ TokenAdminRegistry_setPool:test_setPool_ZeroAddressRemovesPool_Success() (gas: 3
 TokenAdminRegistry_transferAdminRole:test_transferAdminRole_OnlyAdministrator_Revert() (gas: 18202)
 TokenAdminRegistry_transferAdminRole:test_transferAdminRole_Success() (gas: 49592)
 TokenPoolFactoryTests:test_TokenPoolFactory_Constructor_Revert() (gas: 1039441)
-TokenPoolFactoryTests:test_createTokenPoolLockRelease_ExistingToken_predict_Success() (gas: 11497148)
-TokenPoolFactoryTests:test_createTokenPool_BurnFromMintTokenPool_Success() (gas: 5833878)
-TokenPoolFactoryTests:test_createTokenPool_ExistingRemoteToken_AndPredictPool_Success() (gas: 12127839)
-TokenPoolFactoryTests:test_createTokenPool_WithNoExistingRemoteContracts_predict_Success() (gas: 12464532)
-TokenPoolFactoryTests:test_createTokenPool_WithNoExistingTokenOnRemoteChain_Success() (gas: 5687016)
-TokenPoolFactoryTests:test_createTokenPool_WithRemoteTokenAndRemotePool_Success() (gas: 5830403)
+TokenPoolFactoryTests:test_createTokenPoolLockRelease_ExistingToken_predict_Success() (gas: 11571451)
+TokenPoolFactoryTests:test_createTokenPool_BurnFromMintTokenPool_Success() (gas: 5833900)
+TokenPoolFactoryTests:test_createTokenPool_ExistingRemoteToken_AndPredictPool_Success() (gas: 12202164)
+TokenPoolFactoryTests:test_createTokenPool_WithNoExistingRemoteContracts_predict_Success() (gas: 12538879)
+TokenPoolFactoryTests:test_createTokenPool_WithNoExistingTokenOnRemoteChain_Success() (gas: 5687038)
+TokenPoolFactoryTests:test_createTokenPool_WithRemoteTokenAndRemotePool_Success() (gas: 5830425)
 TokenPoolWithAllowList_applyAllowListUpdates:test_AllowListNotEnabled_Revert() (gas: 1934078)
 TokenPoolWithAllowList_applyAllowListUpdates:test_OnlyOwner_Revert() (gas: 12119)
 TokenPoolWithAllowList_applyAllowListUpdates:test_SetAllowListSkipsZero_Success() (gas: 23567)

diff --git a/contracts/src/v0.8/ccip/test/tokenAdminRegistry/RegistryModuleOwnerCustom.t.sol b/contracts/src/v0.8/ccip/test/tokenAdminRegistry/RegistryModuleOwnerCustom.t.sol
@@ -8,6 +8,7 @@ import {RegistryModuleOwnerCustom} from "../../tokenAdminRegistry/RegistryModule
 import {TokenAdminRegistry} from "../../tokenAdminRegistry/TokenAdminRegistry.sol";
 import {BurnMintERC677Helper} from "../helpers/BurnMintERC677Helper.sol";
 
+import {AccessControl} from "../../../vendor/openzeppelin-solidity/v5.0.2/contracts/access/AccessControl.sol";
 import {Test} from "forge-std/Test.sol";
 
 contract RegistryModuleOwnerCustomSetup is Test {
@@ -102,3 +103,54 @@ contract RegistryModuleOwnerCustom_registerAdminViaOwner is RegistryModuleOwnerC
     s_registryModuleOwnerCustom.registerAdminViaOwner(s_token);
   }
 }
+
+contract AccessController is AccessControl {
+  constructor(
+    address admin
+  ) {
+    _grantRole(DEFAULT_ADMIN_ROLE, admin);
+  }
+}
+
+contract RegistryModuleOwnerCustom_registerAccessControlDefaultAdmin is RegistryModuleOwnerCustomSetup {
+  function setUp() public override {
+    super.setUp();
+
+    s_token = address(new AccessController(OWNER));
+  }
+
+  function test_registerAccessControlDefaultAdmin_Success() public {
+    assertEq(s_tokenAdminRegistry.getTokenConfig(s_token).administrator, address(0));
+
+    bytes32 defaultAdminRole = AccessController(s_token).DEFAULT_ADMIN_ROLE();
+
+    vm.expectCall(address(s_token), abi.encodeWithSelector(AccessControl.hasRole.selector, defaultAdminRole, OWNER), 1);
+    vm.expectCall(
+      address(s_tokenAdminRegistry),
+      abi.encodeWithSelector(TokenAdminRegistry.proposeAdministrator.selector, s_token, OWNER),
+      1
+    );
+
+    vm.expectEmit();
+    emit RegistryModuleOwnerCustom.AdministratorRegistered(s_token, OWNER);
+
+    s_registryModuleOwnerCustom.registerAccessControlDefaultAdmin(s_token);
+
+    assertEq(s_tokenAdminRegistry.getTokenConfig(s_token).pendingAdministrator, OWNER);
+  }
+
+  function test_registerAccessControlDefaultAdmin_Revert() public {
+    bytes32 defaultAdminRole = AccessController(s_token).DEFAULT_ADMIN_ROLE();
+
+    address wrongSender = makeAddr("Not_expected_owner");
+    vm.startPrank(wrongSender);
+
+    vm.expectRevert(
+      abi.encodeWithSelector(
+        RegistryModuleOwnerCustom.RequiredRoleNotFound.selector, wrongSender, defaultAdminRole, s_token
+      )
+    );
+
+    s_registryModuleOwnerCustom.registerAccessControlDefaultAdmin(s_token);
+  }
+}
diff --git a/contracts/src/v0.8/ccip/tokenAdminRegistry/RegistryModuleOwnerCustom.sol b/contracts/src/v0.8/ccip/tokenAdminRegistry/RegistryModuleOwnerCustom.sol
@@ -6,13 +6,16 @@ import {IGetCCIPAdmin} from "../interfaces/IGetCCIPAdmin.sol";
 import {IOwner} from "../interfaces/IOwner.sol";
 import {ITokenAdminRegistry} from "../interfaces/ITokenAdminRegistry.sol";
 
+import {AccessControl} from "../../vendor/openzeppelin-solidity/v5.0.2/contracts/access/AccessControl.sol";
+
 contract RegistryModuleOwnerCustom is ITypeAndVersion {
   error CanOnlySelfRegister(address admin, address token);
+  error RequiredRoleNotFound(address msgSender, bytes32 role, address token);
   error AddressZero();
 
   event AdministratorRegistered(address indexed token, address indexed administrator);
 
-  string public constant override typeAndVersion = "RegistryModuleOwnerCustom 1.5.0";
+  string public constant override typeAndVersion = "RegistryModuleOwnerCustom 1.6.0";
 
   // The TokenAdminRegistry contract
   ITokenAdminRegistry internal immutable i_tokenAdminRegistry;
@@ -44,6 +47,20 @@ contract RegistryModuleOwnerCustom is ITypeAndVersion {
     _registerAdmin(token, IOwner(token).owner());
   }
 
+  /// @notice Registers the admin of the token using OZ's AccessControl DEFAULT_ADMIN_ROLE.
+  /// @param token The token to register the admin for.
+  /// @dev The caller must have the DEFAULT_ADMIN_ROLE as defined by the contract itself.
+  function registerAccessControlDefaultAdmin(
+    address token
+  ) external {
+    bytes32 defaultAdminRole = AccessControl(token).DEFAULT_ADMIN_ROLE();
+    if (!AccessControl(token).hasRole(defaultAdminRole, msg.sender)) {
+      revert RequiredRoleNotFound(msg.sender, defaultAdminRole, token);
+    }
+
+    _registerAdmin(token, msg.sender);
+  }
+
   /// @notice Registers the admin of the token to msg.sender given that the
   /// admin is equal to msg.sender.
   /// @param token The token to register the admin for.

diff --git a/.../gethwrappers/ccip/generated/registry_module_owner_custom/registry_module_owner_custom.go b/.../gethwrappers/ccip/generated/registry_module_owner_custom/registry_module_owner_custom.go
diff --git a/core/gethwrappers/ccip/generation/generated-wrapper-dependency-versions-do-not-edit.txt b/core/gethwrappers/ccip/generation/generated-wrapper-dependency-versions-do-not-edit.txt
@@ -19,7 +19,7 @@ nonce_manager: ../../../contracts/solc/v0.8.24/NonceManager/NonceManager.abi ../
 offramp: ../../../contracts/solc/v0.8.24/OffRamp/OffRamp.abi ../../../contracts/solc/v0.8.24/OffRamp/OffRamp.bin d20e6c0baf08926b341c31ed0018983e135a75b7d120591de49ca4ece3824d0b
 onramp: ../../../contracts/solc/v0.8.24/OnRamp/OnRamp.abi ../../../contracts/solc/v0.8.24/OnRamp/OnRamp.bin 2bf74188a997218502031f177cb2df505b272d66b25fd341a741289e77380c59
 ping_pong_demo: ../../../contracts/solc/v0.8.24/PingPongDemo/PingPongDemo.abi ../../../contracts/solc/v0.8.24/PingPongDemo/PingPongDemo.bin 24b4415a883a470d65c484be0fa20714a46b1c9262db205f1c958017820307b2
-registry_module_owner_custom: ../../../contracts/solc/v0.8.24/RegistryModuleOwnerCustom/RegistryModuleOwnerCustom.abi ../../../contracts/solc/v0.8.24/RegistryModuleOwnerCustom/RegistryModuleOwnerCustom.bin 75be86323c227917a9bbc3f799d7ed02f92db546653a36db30ed0ebe64461353
+registry_module_owner_custom: ../../../contracts/solc/v0.8.24/RegistryModuleOwnerCustom/RegistryModuleOwnerCustom.abi ../../../contracts/solc/v0.8.24/RegistryModuleOwnerCustom/RegistryModuleOwnerCustom.bin 0fc277a0b512db4e20b5a32a775b94ed2c0d342d8237511de78c94f7dacad428
 report_codec: ../../../contracts/solc/v0.8.24/ReportCodec/ReportCodec.abi ../../../contracts/solc/v0.8.24/ReportCodec/ReportCodec.bin 6c943b39f003aa67c3cefa19a8ff99e846236a058e1ceae77569c3a065ffd5c7
 rmn_home: ../../../contracts/solc/v0.8.24/RMNHome/RMNHome.abi ../../../contracts/solc/v0.8.24/RMNHome/RMNHome.bin 84ca84b3d0c00949905a3d10a91255f877cf32b2a0d7f7f7ce3121ced34a8cb7
 rmn_proxy_contract: ../../../contracts/solc/v0.8.24/ARMProxy/ARMProxy.abi ../../../contracts/solc/v0.8.24/ARMProxy/ARMProxy.bin b048d8e752e3c41113ebb305c1efa06737ad36b4907b93e627fb0a3113023454