Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACL: privileged root account / mode #563

Open
sohkai opened this issue Dec 27, 2019 · 0 comments
Open

ACL: privileged root account / mode #563

sohkai opened this issue Dec 27, 2019 · 0 comments
Labels
component: acl enhancement
Milestone
aragonOS 6.0

Comments

@sohkai
Copy link
Contributor

sohkai commented Dec 27, 2019

Preamble

Similar to some discussions in #546, but generalized to also work for already deployed organizations who may want to do many permission changes at once (e.g. a permissions migration). Ideally, this would also work for the onboarding case in #546.

Changes

Add storage slots and management functionality to the ACL to keep track of one (or perhaps more?) "root" addresses that has the ability to change any aspect of the ACL.

The ideal user would write a contract / evm script that completes all the permissions migrations atomically, and then wrap a call into this contract / evm script with an enterRootMode() and exitRootMode(). Their ACL would enter and exit root mode in the same transaction, leaving no exposed vulnerabilities by the end.

We may even want to further protect access to this functionality by only offering an exposed function that already has this wrapped, that accepts either a contract address and calldata or evmscript.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component: acl enhancement
Projects
None yet
Milestone
aragonOS 6.0
Development

No branches or pull requests
1 participant
@sohkai