feat: access module

package.json

@@ -38,7 +38,7 @@
     "package.json": "sort-package-json"
   },
   "dependencies": {
-    "@defi-wonderland/prophet-core": "0.0.0-3afab791",
+    "@defi-wonderland/prophet-core": "0.0.0-823459fc",
     "@openzeppelin/contracts": "4.9.5",
     "solmate": "https://github.com/transmissions11/solmate.git#bfc9c25865a274a7827fea5abf6e4fb64fc64e6c"
   },

solidity/contracts/modules/accessControl/AccessControllerModule.sol → solidity/contracts/modules/access/ModuleAccessController.sol

@@ -1,11 +1,13 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.19;
 
-import {AccessController} from '@defi-wonderland/prophet-core/solidity/contracts/AccessController.sol';
+import {CommonAccessController} from '@defi-wonderland/prophet-core/solidity/contracts/CommonAccessController.sol';
+
+import {IModuleAccessController} from '../../../interfaces/modules/access/IModuleAccessController.sol';
 import {Module} from '@defi-wonderland/prophet-core/solidity/contracts/Module.sol';
 import {IOracle} from '@defi-wonderland/prophet-core/solidity/interfaces/IOracle.sol';
 
-abstract contract AccessControllerModule is AccessController, Module {
+abstract contract ModuleAccessController is IModuleAccessController, CommonAccessController, Module {
   constructor(IOracle _oracle) Module(_oracle) {}
 
   /**
@@ -19,7 +21,6 @@ abstract contract AccessControllerModule is AccessController, Module {
   }
 
   /**
-   * // todo: update name to _selfAccessControl
    * @notice Returns an access control object using the contract address as user, and empty data
    *
    * @dev should only be used by modules as the self-access-control object
@@ -28,4 +29,19 @@ abstract contract AccessControllerModule is AccessController, Module {
   function _defaultAccessControl() internal view returns (AccessControl memory _accessControl) {
     _accessControl = _defaultAccessControl(bytes(''));
   }
+
+  modifier hasAccess(
+    address _accessModule,
+    bytes32 _typehash,
+    bytes memory _params,
+    AccessControl memory _accessControl
+  ) {
+    // Revert if sender is acting for a user without module approval
+    if (msg.sender != _accessControl.user && !ORACLE.isAccessModuleApproved(_accessControl.user, _accessModule)) {
+      revert ModuleAccessController_AccessModuleNotApproved();
+    }
+    // todo: probably a change name is required here, something like `_ensureAccess`?
+    _hasAccess(_accessModule, _typehash, _params, _accessControl);
+    _;
+  }
 }

solidity/contracts/modules/dispute/BondEscalationModule.sol

@@ -7,10 +7,11 @@ import {FixedPointMathLib} from 'solmate/src/utils/FixedPointMathLib.sol';
 
 import {IBondEscalationModule} from '../../../interfaces/modules/dispute/IBondEscalationModule.sol';
 
-import {_PLEDGE_AGAINST_DISPUTE_TYPEHASH, _PLEDGE_FOR_DISPUTE_TYPEHASH} from '../../utils/Typehash.sol';
-import {AccessControllerModule} from '../accessControl/AccessControllerModule.sol';
+import {ModuleAccessController} from '../access/ModuleAccessController.sol';
 
-contract BondEscalationModule is AccessControllerModule, IBondEscalationModule {
+import {ModuleTypehash} from '../../utils/ModuleTypehash.sol';
+
+contract BondEscalationModule is ModuleAccessController, IBondEscalationModule {
   /// @inheritdoc IBondEscalationModule
   mapping(bytes32 _requestId => mapping(address _pledger => uint256 pledges)) public pledgesForDispute;
 
@@ -22,7 +23,7 @@ contract BondEscalationModule is AccessControllerModule, IBondEscalationModule {
    */
   mapping(bytes32 _requestId => BondEscalation) internal _escalations;
 
-  constructor(IOracle _oracle) AccessControllerModule(_oracle) {}
+  constructor(IOracle _oracle) ModuleAccessController(_oracle) {}
 
   /// @inheritdoc IModule
   function moduleName() external pure returns (string memory _moduleName) {
@@ -217,7 +218,12 @@ contract BondEscalationModule is AccessControllerModule, IBondEscalationModule {
     AccessControl calldata _accessControl
   )
     external
-    hasAccess(_request.accessControlModule, _PLEDGE_FOR_DISPUTE_TYPEHASH, abi.encode(_request, _dispute), _accessControl)
+    hasAccess(
+      _request.accessModule,
+      ModuleTypehash._PLEDGE_FOR_DISPUTE_TYPEHASH,
+      abi.encode(_request, _dispute),
+      _accessControl
+    )
   {
     bytes32 _disputeId = _getId(_dispute);
     RequestParameters memory _params = _pledgeChecks(_request, _dispute, true);
@@ -245,8 +251,8 @@ contract BondEscalationModule is AccessControllerModule, IBondEscalationModule {
   )
     external
     hasAccess(
-      _request.accessControlModule,
-      _PLEDGE_AGAINST_DISPUTE_TYPEHASH,
+      _request.accessModule,
+      ModuleTypehash._PLEDGE_AGAINST_DISPUTE_TYPEHASH,
       abi.encode(_request, _dispute),
       _accessControl
     )

solidity/contracts/modules/dispute/CircuitResolverModule.sol

@@ -7,13 +7,13 @@ import {IOracle} from '@defi-wonderland/prophet-core/solidity/interfaces/IOracle
 import {IProphetVerifier} from '../../../interfaces/IProphetVerifier.sol';
 import {ICircuitResolverModule} from '../../../interfaces/modules/dispute/ICircuitResolverModule.sol';
 
-import {AccessControllerModule} from '../accessControl/AccessControllerModule.sol';
+import {ModuleAccessController} from '../access/ModuleAccessController.sol';
 
-contract CircuitResolverModule is AccessControllerModule, ICircuitResolverModule {
+contract CircuitResolverModule is ModuleAccessController, ICircuitResolverModule {
   /// @notice Keeps track of the correct responses to requests
   mapping(bytes32 _requestId => bytes _correctResponse) internal _correctResponses;
 
-  constructor(IOracle _oracle) AccessControllerModule(_oracle) {}
+  constructor(IOracle _oracle) ModuleAccessController(_oracle) {}
 
   /// @inheritdoc IModule
   function moduleName() external pure returns (string memory _moduleName) {

solidity/contracts/modules/dispute/RootVerificationModule.sol

@@ -6,17 +6,17 @@ import {IOracle} from '@defi-wonderland/prophet-core/solidity/interfaces/IOracle
 
 import {IRootVerificationModule} from '../../../interfaces/modules/dispute/IRootVerificationModule.sol';
 import {MerkleLib} from '../../libraries/MerkleLib.sol';
-import {AccessControllerModule} from '../accessControl/AccessControllerModule.sol';
+import {ModuleAccessController} from '../access/ModuleAccessController.sol';
 
-contract RootVerificationModule is AccessControllerModule, IRootVerificationModule {
+contract RootVerificationModule is ModuleAccessController, IRootVerificationModule {
   using MerkleLib for MerkleLib.Tree;
 
   /**
    * @notice The calculated correct root for a given request
    */
   mapping(bytes32 _requestId => bytes32 _correctRoot) internal _correctRoots;
 
-  constructor(IOracle _oracle) AccessControllerModule(_oracle) {}
+  constructor(IOracle _oracle) ModuleAccessController(_oracle) {}
 
   /// @inheritdoc IModule
   function moduleName() external pure returns (string memory _moduleName) {

solidity/contracts/modules/resolution/ArbitratorModule.sol

@@ -6,16 +6,15 @@ import {IOracle} from '@defi-wonderland/prophet-core/solidity/interfaces/IOracle
 
 import {IArbitrator} from '../../../interfaces/IArbitrator.sol';
 import {IArbitratorModule} from '../../../interfaces/modules/resolution/IArbitratorModule.sol';
+import {ModuleAccessController} from '../access/ModuleAccessController.sol';
 
-import {AccessControllerModule} from '../accessControl/AccessControllerModule.sol';
-
-contract ArbitratorModule is AccessControllerModule, IArbitratorModule {
+contract ArbitratorModule is ModuleAccessController, IArbitratorModule {
   /**
    * @notice The status of all disputes
    */
   mapping(bytes32 _disputeId => ArbitrationStatus _status) internal _disputeData;
 
-  constructor(IOracle _oracle) AccessControllerModule(_oracle) {}
+  constructor(IOracle _oracle) ModuleAccessController(_oracle) {}
 
   /// @inheritdoc IModule
   function moduleName() external pure returns (string memory _moduleName) {

solidity/contracts/modules/resolution/BondEscalationResolutionModule.sol

@@ -3,7 +3,7 @@
 
 // solhint-disable-next-line no-unused-import
 
 import {IERC20} from '@openzeppelin/contracts/token/ERC20/IERC20.sol';
 import {SafeERC20} from '@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol';
 import {FixedPointMathLib} from 'solmate/src/utils/FixedPointMathLib.sol';
 
@@ -16,15 +16,11 @@
 
 import {IBondEscalationResolutionModule} from
   '../../../interfaces/modules/resolution/IBondEscalationResolutionModule.sol';
-import {AccessControllerModule} from '../accessControl/AccessControllerModule.sol';
+import {ModuleAccessController} from '../access/ModuleAccessController.sol';
 
-import {
-  _CLAIM_PLEDGE_TYPEHASH,
-  _PLEDGE_AGAINST_DISPUTE_TYPEHASH,
-  _PLEDGE_FOR_DISPUTE_TYPEHASH
-} from '../../utils/Typehash.sol';
+import {ModuleTypehash} from '../../utils/ModuleTypehash.sol';
 
-contract BondEscalationResolutionModule is AccessControllerModule, IBondEscalationResolutionModule {
+contract BondEscalationResolutionModule is ModuleAccessController, IBondEscalationResolutionModule {
   using SafeERC20 for IERC20;
 
   /// @inheritdoc IBondEscalationResolutionModule
@@ -42,7 +38,7 @@
   /// @inheritdoc IBondEscalationResolutionModule
   mapping(bytes32 _disputeId => mapping(address _pledger => uint256 pledges)) public pledgesAgainstDispute;
 
-  constructor(IOracle _oracle) AccessControllerModule(_oracle) {}
+  constructor(IOracle _oracle) ModuleAccessController(_oracle) {}
 
   /// @inheritdoc IModule
   function moduleName() external pure returns (string memory _moduleName) {
@@ -74,8 +70,8 @@
   )
     external
     hasAccess(
-      _request.accessControlModule,
-      _PLEDGE_FOR_DISPUTE_TYPEHASH,
+      _request.accessModule,
+      ModuleTypehash._PLEDGE_FOR_DISPUTE_TYPEHASH,
       abi.encode(_request, _dispute, _pledgeAmount),
       _accessControl
     )
@@ -98,8 +94,8 @@
   )
     external
     hasAccess(
-      _request.accessControlModule,
-      _PLEDGE_AGAINST_DISPUTE_TYPEHASH,
+      _request.accessModule,
+      ModuleTypehash._PLEDGE_AGAINST_DISPUTE_TYPEHASH,
       abi.encode(_request, _dispute, _pledgeAmount),
       _accessControl
     )
@@ -164,7 +160,12 @@
     AccessControl calldata _accessControl
   )
     external
-    hasAccess(_request.accessControlModule, _CLAIM_PLEDGE_TYPEHASH, abi.encode(_request, _dispute), _accessControl)
+    hasAccess(
+      _request.accessModule,
+      ModuleTypehash._CLAIM_PLEDGE_TYPEHASH,
+      abi.encode(_request, _dispute),
+      _accessControl
+    )
   {
     bytes32 _disputeId = _validateDispute(_request, _dispute);
     Escalation storage _escalation = escalations[_disputeId];

solidity/contracts/modules/resolution/ERC20ResolutionModule.sol

@@ -11,10 +11,10 @@ import {IOracle} from '@defi-wonderland/prophet-core/solidity/interfaces/IOracle
 
 import {IERC20ResolutionModule} from '../../../interfaces/modules/resolution/IERC20ResolutionModule.sol';
 
-import {_CAST_VOTE_TYPEHASH, _CLAIM_VOTE_TYPEHASH} from '../../utils/Typehash.sol';
-import {AccessControllerModule} from '../accessControl/AccessControllerModule.sol';
+import {ModuleTypehash} from '../../utils/ModuleTypehash.sol';
+import {ModuleAccessController} from '../access/ModuleAccessController.sol';
 
-contract ERC20ResolutionModule is AccessControllerModule, IERC20ResolutionModule {
+contract ERC20ResolutionModule is ModuleAccessController, IERC20ResolutionModule {
   using SafeERC20 for IERC20;
   using EnumerableSet for EnumerableSet.AddressSet;
 
@@ -29,7 +29,7 @@ contract ERC20ResolutionModule is AccessControllerModule, IERC20ResolutionModule
    */
   mapping(bytes32 _disputeId => EnumerableSet.AddressSet _votersSet) internal _voters;
 
-  constructor(IOracle _oracle) AccessControllerModule(_oracle) {}
+  constructor(IOracle _oracle) ModuleAccessController(_oracle) {}
 
   /// @inheritdoc IModule
   function moduleName() external pure returns (string memory _moduleName) {
@@ -61,8 +61,8 @@ contract ERC20ResolutionModule is AccessControllerModule, IERC20ResolutionModule
   )
     external
     hasAccess(
-      _request.accessControlModule,
-      _CAST_VOTE_TYPEHASH,
+      _request.accessModule,
+      ModuleTypehash._CAST_VOTE_TYPEHASH,
       abi.encode(_request, _dispute, _numberOfVotes, _numberOfVotes),
       _accessControl
     )
@@ -140,7 +140,7 @@ contract ERC20ResolutionModule is AccessControllerModule, IERC20ResolutionModule
     AccessControl calldata _accessControl
   )
     external
-    hasAccess(_request.accessControlModule, _CLAIM_VOTE_TYPEHASH, abi.encode(_request, _dispute), _accessControl)
+    hasAccess(_request.accessModule, ModuleTypehash._CLAIM_VOTE_TYPEHASH, abi.encode(_request, _dispute), _accessControl)
   {
     bytes32 _disputeId = _validateDispute(_request, _dispute);
     Escalation memory _escalation = escalations[_disputeId];

solidity/contracts/modules/resolution/PrivateERC20ResolutionModule.sol

@@ -6,14 +6,14 @@ import {IERC20} from '@openzeppelin/contracts/token/ERC20/IERC20.sol';
 import {SafeERC20} from '@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol';
 import {EnumerableSet} from '@openzeppelin/contracts/utils/structs/EnumerableSet.sol';
 
-import {_COMMIT_VOTE_TYPEHASH, _REVEAL_VOTE_TYPEHASH} from '../../utils/Typehash.sol';
+import {ModuleTypehash} from '../../utils/ModuleTypehash.sol';
 import {IModule, Module} from '@defi-wonderland/prophet-core/solidity/contracts/Module.sol';
 import {IOracle} from '@defi-wonderland/prophet-core/solidity/interfaces/IOracle.sol';
 
 import {IPrivateERC20ResolutionModule} from '../../../interfaces/modules/resolution/IPrivateERC20ResolutionModule.sol';
-import {AccessControllerModule} from '../accessControl/AccessControllerModule.sol';
+import {ModuleAccessController} from '../access/ModuleAccessController.sol';
 
-contract PrivateERC20ResolutionModule is AccessControllerModule, IPrivateERC20ResolutionModule {
+contract PrivateERC20ResolutionModule is ModuleAccessController, IPrivateERC20ResolutionModule {
   using SafeERC20 for IERC20;
   using EnumerableSet for EnumerableSet.AddressSet;
 
@@ -28,7 +28,7 @@ contract PrivateERC20ResolutionModule is AccessControllerModule, IPrivateERC20Re
    */
   mapping(bytes32 _disputeId => EnumerableSet.AddressSet _votersSet) internal _voters;
 
-  constructor(IOracle _oracle) AccessControllerModule(_oracle) {}
+  constructor(IOracle _oracle) ModuleAccessController(_oracle) {}
 
   /// @inheritdoc IModule
   function moduleName() external pure returns (string memory _moduleName) {
@@ -60,8 +60,8 @@ contract PrivateERC20ResolutionModule is AccessControllerModule, IPrivateERC20Re
   )
     external
     hasAccess(
-      _request.accessControlModule,
-      _COMMIT_VOTE_TYPEHASH,
+      _request.accessModule,
+      ModuleTypehash._COMMIT_VOTE_TYPEHASH,
       abi.encode(_request, _dispute, _commitment),
       _accessControl
     )
@@ -94,8 +94,8 @@ contract PrivateERC20ResolutionModule is AccessControllerModule, IPrivateERC20Re
   )
     external
     hasAccess(
-      _request.accessControlModule,
-      _REVEAL_VOTE_TYPEHASH,
+      _request.accessModule,
+      ModuleTypehash._REVEAL_VOTE_TYPEHASH,
       abi.encode(_request, _dispute, _numberOfVotes, _salt),
       _accessControl
     )

solidity/contracts/modules/response/BondedResponseModule.sol

@@ -5,10 +5,9 @@ import {IModule, Module} from '@defi-wonderland/prophet-core/solidity/contracts/
 import {IOracle} from '@defi-wonderland/prophet-core/solidity/interfaces/IOracle.sol';
 
 import {IBondedResponseModule} from '../../../interfaces/modules/response/IBondedResponseModule.sol';
-import {AccessControllerModule} from '../accessControl/AccessControllerModule.sol';
 
-contract BondedResponseModule is AccessControllerModule, IBondedResponseModule {
-  constructor(IOracle _oracle) AccessControllerModule(_oracle) {}
+contract BondedResponseModule is Module, IBondedResponseModule {
+  constructor(IOracle _oracle) Module(_oracle) {}
 
   /// @inheritdoc IModule
   function moduleName() public pure returns (string memory _moduleName) {

solidity/contracts/utils/ModuleTypehash.sol

@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.19;
+
+library ModuleTypehash {
+  bytes32 internal constant _PLEDGE_FOR_DISPUTE_TYPEHASH =
+    keccak256('pledgeForDispute(Request _request, Dispute _dispute,IAccessController.AccessControl _accessControl)');
+
+  bytes32 internal constant _PLEDGE_AGAINST_DISPUTE_TYPEHASH =
+    keccak256('pledgeAgainstDispute(Request _request,Dispute _dispute,IAccessController.AccessControl _accessControl)');
+
+  bytes32 internal constant _CLAIM_PLEDGE_TYPEHASH =
+    keccak256('claimPledge(Request _request,Dispute _dispute,AccessControl _accessControl)');
+
+  bytes32 internal constant _CLAIM_VOTE_TYPEHASH =
+    keccak256('claimVote(Request _request,Dispute _dispute,AccessControl _accessControl)');
+
+  bytes32 internal constant _CAST_VOTE_TYPEHASH =
+    keccak256('castVote(Request _request,Dispute _dispute,uint256 _numberOfVotes,AccessControl _accessControl)');
+
+  bytes32 internal constant _COMMIT_VOTE_TYPEHASH =
+    keccak256('commitVote(Request _request,Dispute _dispute,bytes32 _commitment,AccessControl _accessControl)');
+
+  bytes32 internal constant _REVEAL_VOTE_TYPEHASH = keccak256(
+    'revealVote(Request _request,Dispute _dispute,uint256 _numberOfVotes,bytes32 _salt,AccessControl _accessControl)'
+  );
+}