Преглед изворни кода

Use default admin role in TimelockController (#3799)

Co-authored-by: Hadrien Croubois <hadrien.croubois@gmail.com>
Co-authored-by: Francisco <frangio.1@gmail.com>
JulissaDantes пре 2 година
родитељ
комит
887985413c

+ 4 - 0
CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 # Changelog
 
 
+## Unreleased (Breaking)
+
+ * `TimelockController`: Changed the role architecture to use `DEFAULT_ADMIN_ROLE` as the admin for all roles, instead of the bespoke `TIMELOCK_ADMIN_ROLE` that was used previously. This aligns with the general recommendation for `AccessControl` and makes the addition of new roles easier. Accordingly, the `admin` parameter and timelock will now be granted `DEFAULT_ADMIN_ROLE` instead of `TIMELOCK_ADMIN_ROLE`. ([#3799](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3799))
+
 ## Unreleased
 ## Unreleased
 
 
  * `ReentrancyGuard`: Add a `_reentrancyGuardEntered` function to expose the guard status. ([#3714](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3714))
  * `ReentrancyGuard`: Add a `_reentrancyGuardEntered` function to expose the guard status. ([#3714](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3714))

+ 0 - 2
contracts/governance/README.adoc

@@ -155,8 +155,6 @@ Operations status can be queried using the functions:
 
 
 The admins are in charge of managing proposers and executors. For the timelock to be self-governed, this role should only be given to the timelock itself. Upon deployment, the admin role can be granted to any address (in addition to the timelock itself). After further configuration and testing, this optional admin should renounce its role such that all further maintenance operations have to go through the timelock process.
 The admins are in charge of managing proposers and executors. For the timelock to be self-governed, this role should only be given to the timelock itself. Upon deployment, the admin role can be granted to any address (in addition to the timelock itself). After further configuration and testing, this optional admin should renounce its role such that all further maintenance operations have to go through the timelock process.
 
 
-This role is identified by the *TIMELOCK_ADMIN_ROLE* value: `0x5f58e3a2316349923ce3780f8d587db2d72378aed66a8261c916544fa6846ca5`
-
 [[timelock-proposer]]
 [[timelock-proposer]]
 ===== Proposer
 ===== Proposer
 
 

+ 2 - 8
contracts/governance/TimelockController.sol

@@ -24,7 +24,6 @@ import "../utils/Address.sol";
  * _Available since v3.3._
  * _Available since v3.3._
  */
  */
 contract TimelockController is AccessControl, IERC721Receiver, IERC1155Receiver {
 contract TimelockController is AccessControl, IERC721Receiver, IERC1155Receiver {
-    bytes32 public constant TIMELOCK_ADMIN_ROLE = keccak256("TIMELOCK_ADMIN_ROLE");
     bytes32 public constant PROPOSER_ROLE = keccak256("PROPOSER_ROLE");
     bytes32 public constant PROPOSER_ROLE = keccak256("PROPOSER_ROLE");
     bytes32 public constant EXECUTOR_ROLE = keccak256("EXECUTOR_ROLE");
     bytes32 public constant EXECUTOR_ROLE = keccak256("EXECUTOR_ROLE");
     bytes32 public constant CANCELLER_ROLE = keccak256("CANCELLER_ROLE");
     bytes32 public constant CANCELLER_ROLE = keccak256("CANCELLER_ROLE");
@@ -80,17 +79,12 @@ contract TimelockController is AccessControl, IERC721Receiver, IERC1155Receiver
         address[] memory executors,
         address[] memory executors,
         address admin
         address admin
     ) {
     ) {
-        _setRoleAdmin(TIMELOCK_ADMIN_ROLE, TIMELOCK_ADMIN_ROLE);
-        _setRoleAdmin(PROPOSER_ROLE, TIMELOCK_ADMIN_ROLE);
-        _setRoleAdmin(EXECUTOR_ROLE, TIMELOCK_ADMIN_ROLE);
-        _setRoleAdmin(CANCELLER_ROLE, TIMELOCK_ADMIN_ROLE);
-
         // self administration
         // self administration
-        _setupRole(TIMELOCK_ADMIN_ROLE, address(this));
+        _grantRole(DEFAULT_ADMIN_ROLE, address(this));
 
 
         // optional admin
         // optional admin
         if (admin != address(0)) {
         if (admin != address(0)) {
-            _setupRole(TIMELOCK_ADMIN_ROLE, admin);
+            _grantRole(DEFAULT_ADMIN_ROLE, admin);
         }
         }
 
 
         // register proposers and cancellers
         // register proposers and cancellers

+ 1 - 1
package-lock.json

@@ -28547,4 +28547,4 @@
       "dev": true
       "dev": true
     }
     }
   }
   }
-}
+}

+ 4 - 4
test/governance/TimelockController.test.js

@@ -54,7 +54,7 @@ function genOperationBatch (targets, values, payloads, predecessor, salt) {
 contract('TimelockController', function (accounts) {
 contract('TimelockController', function (accounts) {
   const [ , admin, proposer, canceller, executor, other ] = accounts;
   const [ , admin, proposer, canceller, executor, other ] = accounts;
 
 
-  const TIMELOCK_ADMIN_ROLE = web3.utils.soliditySha3('TIMELOCK_ADMIN_ROLE');
+  const DEFAULT_ADMIN_ROLE = '0x0000000000000000000000000000000000000000000000000000000000000000';
   const PROPOSER_ROLE = web3.utils.soliditySha3('PROPOSER_ROLE');
   const PROPOSER_ROLE = web3.utils.soliditySha3('PROPOSER_ROLE');
   const EXECUTOR_ROLE = web3.utils.soliditySha3('EXECUTOR_ROLE');
   const EXECUTOR_ROLE = web3.utils.soliditySha3('EXECUTOR_ROLE');
   const CANCELLER_ROLE = web3.utils.soliditySha3('CANCELLER_ROLE');
   const CANCELLER_ROLE = web3.utils.soliditySha3('CANCELLER_ROLE');
@@ -84,7 +84,7 @@ contract('TimelockController', function (accounts) {
   it('initial state', async function () {
   it('initial state', async function () {
     expect(await this.mock.getMinDelay()).to.be.bignumber.equal(MINDELAY);
     expect(await this.mock.getMinDelay()).to.be.bignumber.equal(MINDELAY);
 
 
-    expect(await this.mock.TIMELOCK_ADMIN_ROLE()).to.be.equal(TIMELOCK_ADMIN_ROLE);
+    expect(await this.mock.DEFAULT_ADMIN_ROLE()).to.be.equal(DEFAULT_ADMIN_ROLE);
     expect(await this.mock.PROPOSER_ROLE()).to.be.equal(PROPOSER_ROLE);
     expect(await this.mock.PROPOSER_ROLE()).to.be.equal(PROPOSER_ROLE);
     expect(await this.mock.EXECUTOR_ROLE()).to.be.equal(EXECUTOR_ROLE);
     expect(await this.mock.EXECUTOR_ROLE()).to.be.equal(EXECUTOR_ROLE);
     expect(await this.mock.CANCELLER_ROLE()).to.be.equal(CANCELLER_ROLE);
     expect(await this.mock.CANCELLER_ROLE()).to.be.equal(CANCELLER_ROLE);
@@ -111,8 +111,8 @@ contract('TimelockController', function (accounts) {
       { from: other },
       { from: other },
     );
     );
 
 
-    expect(await mock.hasRole(TIMELOCK_ADMIN_ROLE, admin)).to.be.equal(false);
-    expect(await mock.hasRole(TIMELOCK_ADMIN_ROLE, other)).to.be.equal(false);
+    expect(await mock.hasRole(DEFAULT_ADMIN_ROLE, admin)).to.be.equal(false);
+    expect(await mock.hasRole(DEFAULT_ADMIN_ROLE, mock.address)).to.be.equal(true);
   });
   });
 
 
   describe('methods', function () {
   describe('methods', function () {

+ 3 - 3
test/governance/extensions/GovernorTimelockControl.test.js

@@ -15,7 +15,7 @@ const CallReceiver = artifacts.require('CallReceiverMock');
 contract('GovernorTimelockControl', function (accounts) {
 contract('GovernorTimelockControl', function (accounts) {
   const [ owner, voter1, voter2, voter3, voter4, other ] = accounts;
   const [ owner, voter1, voter2, voter3, voter4, other ] = accounts;
 
 
-  const TIMELOCK_ADMIN_ROLE = web3.utils.soliditySha3('TIMELOCK_ADMIN_ROLE');
+  const DEFAULT_ADMIN_ROLE = '0x0000000000000000000000000000000000000000000000000000000000000000';
   const PROPOSER_ROLE = web3.utils.soliditySha3('PROPOSER_ROLE');
   const PROPOSER_ROLE = web3.utils.soliditySha3('PROPOSER_ROLE');
   const EXECUTOR_ROLE = web3.utils.soliditySha3('EXECUTOR_ROLE');
   const EXECUTOR_ROLE = web3.utils.soliditySha3('EXECUTOR_ROLE');
   const CANCELLER_ROLE = web3.utils.soliditySha3('CANCELLER_ROLE');
   const CANCELLER_ROLE = web3.utils.soliditySha3('CANCELLER_ROLE');
@@ -46,7 +46,7 @@ contract('GovernorTimelockControl', function (accounts) {
 
 
     this.helper = new GovernorHelper(this.mock);
     this.helper = new GovernorHelper(this.mock);
 
 
-    this.TIMELOCK_ADMIN_ROLE = await this.timelock.TIMELOCK_ADMIN_ROLE();
+    this.DEFAULT_ADMIN_ROLE = await this.timelock.DEFAULT_ADMIN_ROLE();
     this.PROPOSER_ROLE = await this.timelock.PROPOSER_ROLE();
     this.PROPOSER_ROLE = await this.timelock.PROPOSER_ROLE();
     this.EXECUTOR_ROLE = await this.timelock.EXECUTOR_ROLE();
     this.EXECUTOR_ROLE = await this.timelock.EXECUTOR_ROLE();
     this.CANCELLER_ROLE = await this.timelock.CANCELLER_ROLE();
     this.CANCELLER_ROLE = await this.timelock.CANCELLER_ROLE();
@@ -59,7 +59,7 @@ contract('GovernorTimelockControl', function (accounts) {
     await this.timelock.grantRole(CANCELLER_ROLE, this.mock.address);
     await this.timelock.grantRole(CANCELLER_ROLE, this.mock.address);
     await this.timelock.grantRole(CANCELLER_ROLE, owner);
     await this.timelock.grantRole(CANCELLER_ROLE, owner);
     await this.timelock.grantRole(EXECUTOR_ROLE, constants.ZERO_ADDRESS);
     await this.timelock.grantRole(EXECUTOR_ROLE, constants.ZERO_ADDRESS);
-    await this.timelock.revokeRole(TIMELOCK_ADMIN_ROLE, deployer);
+    await this.timelock.revokeRole(DEFAULT_ADMIN_ROLE, deployer);
 
 
     await this.token.mint(owner, tokenSupply);
     await this.token.mint(owner, tokenSupply);
     await this.helper.delegate({ token: this.token, to: voter1, value: web3.utils.toWei('10') }, { from: owner });
     await this.helper.delegate({ token: this.token, to: voter1, value: web3.utils.toWei('10') }, { from: owner });