Merge pull request #772 from fei-protocol/split-pcv-guard-role

thomas-waite · web-flow · commit 8da609d02f81 · 2022-05-04T01:32:26.000+01:00
Add PCV_SAFE_MOVER_ROLE
diff --git a/contracts/core/TribeRoles.sol b/contracts/core/TribeRoles.sol
@@ -101,6 +101,6 @@ library TribeRoles {
     /// @notice capable of changing PCV Deposit and Global Rate Limited Minter in the PSM
     bytes32 internal constant PSM_ADMIN_ROLE = keccak256("PSM_ADMIN_ROLE");
 
-    /// @notice capable of moving PCV on the PCVGuardian
-    bytes32 internal constant PCV_MOVER = keccak256("PCV_MOVER");
+    /// @notice capable of moving PCV between safe addresses on the PCVGuardian
+    bytes32 internal constant PCV_SAFE_MOVER_ROLE = keccak256("PCV_SAFE_MOVER_ROLE");
 }
diff --git a/contracts/pcv/PCVGuardian.sol b/contracts/pcv/PCVGuardian.sol
@@ -6,6 +6,7 @@ import "../refs/CoreRef.sol";
 import "./IPCVGuardian.sol";
 import "./IPCVDeposit.sol";
 import "../libs/CoreRefPauseableLib.sol";
+import {TribeRoles} from "../core/TribeRoles.sol";
 
 contract PCVGuardian is IPCVGuardian, CoreRef {
     using CoreRefPauseableLib for address;
@@ -15,8 +16,6 @@ contract PCVGuardian is IPCVGuardian, CoreRef {
     EnumerableSet.AddressSet private safeAddresses;
 
     constructor(address _core, address[] memory _safeAddresses) CoreRef(_core) {
-        _setContractAdminRole(keccak256("PCV_GUARDIAN_ADMIN_ROLE"));
-
         for (uint256 i = 0; i < _safeAddresses.length; i++) {
             _setSafeAddress(_safeAddresses[i]);
         }
@@ -35,34 +34,50 @@ contract PCVGuardian is IPCVGuardian, CoreRef {
         return safeAddresses.values();
     }
 
-    // ---------- Governor-or-Admin-Only State-Changing API ----------
+    // ---------- GOVERNOR-or-PCV_GUARDIAN_ADMIN-Only State-Changing API ----------
 
     /// @notice governor-only method to set an address as "safe" to withdraw funds to
     /// @param pcvDeposit the address to set as safe
-    function setSafeAddress(address pcvDeposit) external override onlyGovernorOrAdmin {
+    function setSafeAddress(address pcvDeposit)
+        external
+        override
+        hasAnyOfTwoRoles(TribeRoles.GOVERNOR, TribeRoles.PCV_GUARDIAN_ADMIN)
+    {
         _setSafeAddress(pcvDeposit);
     }
 
     /// @notice batch version of setSafeAddress
     /// @param _safeAddresses the addresses to set as safe, as calldata
-    function setSafeAddresses(address[] calldata _safeAddresses) external override onlyGovernorOrAdmin {
+    function setSafeAddresses(address[] calldata _safeAddresses)
+        external
+        override
+        hasAnyOfTwoRoles(TribeRoles.GOVERNOR, TribeRoles.PCV_GUARDIAN_ADMIN)
+    {
         require(_safeAddresses.length != 0, "empty");
         for (uint256 i = 0; i < _safeAddresses.length; i++) {
             _setSafeAddress(_safeAddresses[i]);
         }
     }
 
-    // ---------- Governor-or-Admin-Or-Guardian-Only State-Changing API ----------
+    // ---------- GOVERNOR-or-PCV_GUARDIAN_ADMIN-Or-GUARDIAN-Only State-Changing API ----------
 
     /// @notice governor-or-guardian-only method to un-set an address as "safe" to withdraw funds to
     /// @param pcvDeposit the address to un-set as safe
-    function unsetSafeAddress(address pcvDeposit) external override isGovernorOrGuardianOrAdmin {
+    function unsetSafeAddress(address pcvDeposit)
+        external
+        override
+        hasAnyOfThreeRoles(TribeRoles.GOVERNOR, TribeRoles.GUARDIAN, TribeRoles.PCV_GUARDIAN_ADMIN)
+    {
         _unsetSafeAddress(pcvDeposit);
     }
 
     /// @notice batch version of unsetSafeAddresses
     /// @param _safeAddresses the addresses to un-set as safe
-    function unsetSafeAddresses(address[] calldata _safeAddresses) external override isGovernorOrGuardianOrAdmin {
+    function unsetSafeAddresses(address[] calldata _safeAddresses)
+        external
+        override
+        hasAnyOfThreeRoles(TribeRoles.GOVERNOR, TribeRoles.GUARDIAN, TribeRoles.PCV_GUARDIAN_ADMIN)
+    {
         require(_safeAddresses.length != 0, "empty");
         for (uint256 i = 0; i < _safeAddresses.length; i++) {
             _unsetSafeAddress(_safeAddresses[i]);
@@ -81,7 +96,7 @@ contract PCVGuardian is IPCVGuardian, CoreRef {
         uint256 amount,
         bool pauseAfter,
         bool depositAfter
-    ) external override isGovernorOrGuardianOrAdmin {
+    ) external override hasAnyOfThreeRoles(TribeRoles.GOVERNOR, TribeRoles.PCV_SAFE_MOVER_ROLE, TribeRoles.GUARDIAN) {
         require(isSafeAddress(safeAddress), "Provided address is not a safe address!");
 
         pcvDeposit._ensureUnpaused();
@@ -111,7 +126,7 @@ contract PCVGuardian is IPCVGuardian, CoreRef {
         uint256 amount,
         bool pauseAfter,
         bool depositAfter
-    ) external override isGovernorOrGuardianOrAdmin {
+    ) external override hasAnyOfThreeRoles(TribeRoles.GOVERNOR, TribeRoles.PCV_SAFE_MOVER_ROLE, TribeRoles.GUARDIAN) {
         require(isSafeAddress(safeAddress), "Provided address is not a safe address!");
 
         pcvDeposit._ensureUnpaused();
@@ -142,7 +157,7 @@ contract PCVGuardian is IPCVGuardian, CoreRef {
         uint256 amount,
         bool pauseAfter,
         bool depositAfter
-    ) external override isGovernorOrGuardianOrAdmin {
+    ) external override hasAnyOfThreeRoles(TribeRoles.GOVERNOR, TribeRoles.PCV_SAFE_MOVER_ROLE, TribeRoles.GUARDIAN) {
         require(isSafeAddress(safeAddress), "Provided address is not a safe address!");
 
         pcvDeposit._ensureUnpaused();
diff --git a/proposals/dao/fip_82.ts b/proposals/dao/fip_82.ts
@@ -7,18 +7,14 @@ import {
   TeardownUpgradeFunc,
   ValidateUpgradeFunc
 } from '@custom-types/types';
-import { getImpersonatedSigner } from '@test/helpers';
+import { getImpersonatedSigner, validateArraysEqual } from '@test/helpers';
 import { tribeCouncilPodConfig, PodCreationConfig } from '@protocol/optimisticGovernance';
 import { abi as inviteTokenABI } from '../../artifacts/@orcaprotocol/contracts/contracts/InviteToken.sol/InviteToken.json';
 import { abi as timelockABI } from '../../artifacts/@openzeppelin/contracts/governance/TimelockController.sol/TimelockController.json';
 import { abi as gnosisSafeABI } from '../../artifacts/contracts/pods/interfaces/IGnosisSafe.sol/IGnosisSafe.json';
 import { Contract } from 'ethers';
 import { SignerWithAddress } from '@nomiclabs/hardhat-ethers/signers';
 
-const validateArraysEqual = (arrayA: string[], arrayB: string[]) => {
-  arrayA.every((a) => expect(arrayB.map((b) => b.toLowerCase()).includes(a.toLowerCase())));
-};
-
 // Transfers Orca tokens from deployer address to the factory, so that it can deploy pods
 // Requirement of holding Orca tokens to deploy is a slow rollout mechanism used by Orca
 const transferOrcaTokens = async (
diff --git a/proposals/dao/fip_82b.ts b/proposals/dao/fip_82b.ts
@@ -9,6 +9,7 @@ import {
   ValidateUpgradeFunc
 } from '@custom-types/types';
 import { Contract } from 'ethers';
+import { validateArraysEqual } from '@test/helpers';
 
 /*
 
@@ -26,9 +27,17 @@ const fipNumber = 'fip_82b';
 // Do any deployments
 // This should exclusively include new contract deployments
 const deploy: DeployUpgradeFunc = async (deployAddress: string, addresses: NamedAddresses, logging: boolean) => {
-  console.log(`No deploy actions for fip${fipNumber}`);
+  const deploySigner = (await ethers.getSigners())[0];
+  const previousPCVGuardian = await ethers.getContractAt('PCVGuardian', addresses.pcvGuardian, deploySigner);
+  const safeAddresses = await previousPCVGuardian.getSafeAddresses();
+
+  const pcvGuardianFactory = await ethers.getContractFactory('PCVGuardian');
+  const pcvGuardianNew = await pcvGuardianFactory.deploy(addresses.core, safeAddresses);
+  logging && console.log('PCVGuardian deployed to: ', pcvGuardianNew.address);
+  logging && console.log('PCVGuardian safeAddresses: ', safeAddresses);
+
   return {
-    // put returned contract objects here
+    pcvGuardianNew
   };
 };
 
@@ -48,7 +57,40 @@ const teardown: TeardownUpgradeFunc = async (addresses, oldContracts, contracts,
 // Run any validations required on the fip using mocha or console logging
 // IE check balances, check state of contracts, etc.
 const validate: ValidateUpgradeFunc = async (addresses, oldContracts, contracts, logging) => {
-  console.log(`No actions to complete in validate for fip${fipNumber}`);
+  // 1. Validate new PCVGuardian deployment and roles granted
+  const core = contracts.core;
+  const newPCVGuardian = contracts.pcvGuardianNew;
+
+  const safeAddresses = await newPCVGuardian.getSafeAddresses();
+  const expectedSafeAddresses = [
+    '0xd51dba7a94e1adea403553a8235c302cebf41a3c',
+    '0x4fcb1435fd42ce7ce7af3cb2e98289f79d2962b3',
+    '0x98e5f5706897074a4664dd3a32eb80242d6e694b',
+    '0x5b86887e171bae0c2c826e87e34df8d558c079b9',
+    '0x2a188f9eb761f70ecea083ba6c2a40145078dfc2',
+    '0xb0e731f036adfdec12da77c15aab0f90e8e45a0e',
+    '0x24f663c69cd4b263cf5685a49013ff5f1c898d24',
+    '0x5ae217de26f6ff5f481c6e10ec48b2cf2fc857c8',
+    '0xe8633c49ace655eb4a8b720e6b12f09bd3a97812',
+    '0xcd1ac0014e2ebd972f40f24df1694e6f528b2fd4',
+    '0xc5bb8f0253776bec6ff450c2b40f092f7e7f5b57',
+    '0xc4eac760c2c631ee0b064e39888b89158ff808b2',
+    '0x2c47fef515d2c70f2427706999e158533f7cf090',
+    '0x9aadffe00eae6d8e59bb4f7787c6b99388a6960d',
+    '0xd2174d78637a40448112aa6b30f9b19e6cf9d1f9',
+    '0x5dde9b4b14edf59cb23c1d4579b279846998205e'
+  ];
+  validateArraysEqual(safeAddresses, expectedSafeAddresses);
+
+  // New PCV Guardian roles - validate granted
+  expect(await core.hasRole(ethers.utils.id('GUARDIAN_ROLE'), newPCVGuardian.address)).to.be.true;
+  expect(await core.hasRole(ethers.utils.id('PCV_CONTROLLER_ROLE'), newPCVGuardian.address)).to.be.true;
+
+  // Old PCV Guardian roles - validate revoked
+  expect(await core.hasRole(ethers.utils.id('GUARDIAN_ROLE'), addresses.pcvGuardian)).to.be.false;
+  expect(await core.hasRole(ethers.utils.id('PCV_CONTROLLER_ROLE'), addresses.pcvGuardian)).to.be.false;
+
+  // 2. Validate TribalCouncil role transfers
   await validateTransferredRoleAdmins(contracts.core);
   await validateNewCouncilRoles(contracts.core);
   await validateContractAdmins(contracts);
@@ -76,6 +118,7 @@ const validateTransferredRoleAdmins = async (core: Contract) => {
   expect(await core.getRoleAdmin(ethers.utils.id('METAGOVERNANCE_GAUGE_ADMIN'))).to.be.equal(ROLE_ADMIN);
   expect(await core.getRoleAdmin(ethers.utils.id('SWAP_ADMIN_ROLE'))).to.be.equal(ROLE_ADMIN);
   expect(await core.getRoleAdmin(ethers.utils.id('VOTIUM_ADMIN_ROLE'))).to.be.equal(ROLE_ADMIN);
+  expect(await core.getRoleAdmin(ethers.utils.id('RATE_LIMITED_MINTER_ADMIN'))).to.be.equal(ROLE_ADMIN);
 };
 
 /// Validate that the expected new TribeRoles have been created
@@ -86,6 +129,8 @@ const validateNewCouncilRoles = async (core: Contract) => {
   expect(await core.getRoleAdmin(ethers.utils.id('FEI_MINT_ADMIN'))).to.be.equal(ROLE_ADMIN);
   expect(await core.getRoleAdmin(ethers.utils.id('PCV_MINOR_PARAM_ROLE'))).to.be.equal(ROLE_ADMIN);
   expect(await core.getRoleAdmin(ethers.utils.id('PSM_ADMIN_ROLE'))).to.be.equal(ROLE_ADMIN);
+  expect(await core.getRoleAdmin(ethers.utils.id('PCV_SAFE_MOVER_ROLE'))).to.be.equal(ROLE_ADMIN);
+  expect(await core.getRoleAdmin(ethers.utils.id('PCV_GUARDIAN_ADMIN_ROLE'))).to.be.equal(ROLE_ADMIN);
 };
 
 /// Validate that the relevant contract admins have been set to their expected values
@@ -134,6 +179,7 @@ const validateTribalCouncilRoles = async (core: Contract, tribalCouncilTimelockA
   expect(await core.hasRole(ethers.utils.id('PCV_GUARDIAN_ADMIN_ROLE'), tribalCouncilTimelockAddress)).to.be.true;
   expect(await core.hasRole(ethers.utils.id('ORACLE_ADMIN_ROLE'), tribalCouncilTimelockAddress)).to.be.true;
   expect(await core.hasRole(ethers.utils.id('PSM_ADMIN_ROLE'), tribalCouncilTimelockAddress)).to.be.true;
+  expect(await core.hasRole(ethers.utils.id('PCV_SAFE_MOVER_ROLE'), tribalCouncilTimelockAddress)).to.be.true;
 };
 
 export { deploy, setup, teardown, validate };
diff --git a/proposals/description/fip_82b.ts b/proposals/description/fip_82b.ts
@@ -165,6 +165,16 @@ const fip_82b: ProposalDescription = {
       ],
       description: 'Create MINOR_PARAM_ROLE role, assigning ROLE_ADMIN as the role admin'
     },
+    {
+      target: 'core',
+      values: '0',
+      method: 'createRole(bytes32,bytes32)',
+      arguments: [
+        '0xd387c7eec7161b3637e694ef5cf8f1a9e29bfd35135c86c9b540bebec4ef221a', // PCV_SAFE_MOVER_ROLE
+        '0x2172861495e7b85edac73e3cd5fbb42dd675baadf627720e687bcfdaca025096' // ROLE_ADMIN
+      ],
+      description: 'Create PCV_SAFE_MOVER_ROLE role, assigning ROLE_ADMIN as the role admin'
+    },
     ///////   Set the relevant contract admins to the newly created roles //////////
     // FUSE_ADMIN
     {
@@ -298,16 +308,6 @@ const fip_82b: ProposalDescription = {
       ],
       description: 'Grant TribalCouncil timelock the PCV_MINOR_PARAM_ROLE role'
     },
-    {
-      target: 'core',
-      values: '0',
-      method: 'grantRole(bytes32,address)',
-      arguments: [
-        '0xdf6ce05acd28d71e96472375ef55c4a692f167af3ccda9500570f7373c1ba22c', // PCV_GUARDIAN_ADMIN_ROLE
-        '{tribalCouncilTimelock}'
-      ],
-      description: 'Grant TribalCouncil timelock the PCV_GUARDIAN_ADMIN_ROLE role'
-    },
     {
       target: 'core',
       values: '0',
@@ -388,6 +388,67 @@ const fip_82b: ProposalDescription = {
         '{optimisticTimelock}'
       ],
       description: 'Grant optimisticTimelock the TOKEMAK_DEPOSIT_ADMIN_ROLE role'
+    },
+    {
+      target: 'core',
+      values: '0',
+      method: 'grantRole(bytes32,address)',
+      arguments: [
+        '0xd387c7eec7161b3637e694ef5cf8f1a9e29bfd35135c86c9b540bebec4ef221a', // PCV_SAFE_MOVER_ROLE
+        '{tribalCouncilTimelock}'
+      ],
+      description: 'Grant tribalCouncilTimelock the PCV_SAFE_MOVER_ROLE role'
+    },
+    {
+      target: 'core',
+      values: '0',
+      method: 'grantRole(bytes32,address)',
+      arguments: [
+        '0xdf6ce05acd28d71e96472375ef55c4a692f167af3ccda9500570f7373c1ba22c', // PCV_GUARDIAN_ADMIN_ROLE
+        '{tribalCouncilTimelock}'
+      ],
+      description: 'Grant tribalCouncilTimelock the PCV_GUARDIAN_ADMIN_ROLE role'
+    },
+    ////// Authorise new PCV Guardian and revoke old PCV Guardian ////////
+    {
+      target: 'core',
+      values: '0',
+      method: 'grantRole(bytes32,address)',
+      arguments: [
+        '0x0866eae1216ed05a11636a648003f3f62921eb97ccb05acc30636f62958a8bd6', // PCV_CONTROLLER
+        '{pcvGuardianNew}'
+      ],
+      description: 'Grant newPCVGuardian the PCV_CONTROLLER_ROLE'
+    },
+    {
+      target: 'core',
+      values: '0',
+      method: 'grantRole(bytes32,address)',
+      arguments: [
+        '0x55435dd261a4b9b3364963f7738a7a662ad9c84396d64be3365284bb7f0a5041', // GUARDIAN
+        '{pcvGuardianNew}'
+      ],
+      description: 'Grant newPCVGuardian the GUARDIAN role'
+    },
+    {
+      target: 'core',
+      values: '0',
+      method: 'revokeRole(bytes32,address)',
+      arguments: [
+        '0x0866eae1216ed05a11636a648003f3f62921eb97ccb05acc30636f62958a8bd6', // PCV_CONTROLLER
+        '{pcvGuardian}'
+      ],
+      description: 'Revoke PCV_CONTROLLER from old pcvGuardian'
+    },
+    {
+      target: 'core',
+      values: '0',
+      method: 'revokeRole(bytes32,address)',
+      arguments: [
+        '0x55435dd261a4b9b3364963f7738a7a662ad9c84396d64be3365284bb7f0a5041', // GUARDIAN
+        '{pcvGuardian}'
+      ],
+      description: 'Revoke GUARDIAN from old pcvGuardian'
     }
   ],
   description: `
diff --git a/protocol-configuration/permissions.ts b/protocol-configuration/permissions.ts
@@ -17,14 +17,14 @@ export const permissions = {
     'feiDAOTimelock',
     'ratioPCVControllerV2',
     'aaveEthPCVDripController',
-    'pcvGuardian',
+    'pcvGuardianNew',
     'daiPCVDripController',
     'lusdPCVDripController',
     'ethPSMFeiSkimmer',
     'lusdPSMFeiSkimmer',
     'raiPCVDripController'
   ],
-  GUARDIAN_ROLE: ['multisig', 'pcvGuardian', 'pcvSentinel'],
+  GUARDIAN_ROLE: ['multisig', 'pcvGuardianNew', 'pcvSentinel'],
   ORACLE_ADMIN_ROLE: [
     'collateralizationOracleGuardian',
     'optimisticTimelock',
@@ -38,6 +38,7 @@ export const permissions = {
   FUSE_ADMIN: ['optimisticTimelock', 'tribalChiefSyncV2', 'tribalCouncilTimelock'],
   VOTIUM_ADMIN_ROLE: ['opsOptimisticTimelock'],
   PCV_GUARDIAN_ADMIN_ROLE: ['optimisticTimelock', 'tribalCouncilTimelock'],
+  PCV_SAFE_MOVER_ROLE: ['tribalCouncilTimelock'],
   METAGOVERNANCE_VOTE_ADMIN: ['feiDAOTimelock', 'opsOptimisticTimelock'],
   METAGOVERNANCE_TOKEN_STAKING: ['feiDAOTimelock', 'opsOptimisticTimelock'],
   METAGOVERNANCE_GAUGE_ADMIN: ['feiDAOTimelock', 'optimisticTimelock'],
diff --git a/test/helpers.ts b/test/helpers.ts
@@ -134,6 +134,11 @@ async function getCore(): Promise<Core> {
   return core;
 }
 
+const validateArraysEqual = (arrayA: string[], arrayB: string[]) => {
+  expect(arrayA.length).to.equal(arrayB.length);
+  arrayA.every((a) => expect(arrayB.map((b) => b.toLowerCase()).includes(a.toLowerCase())));
+};
+
 async function expectApprox(
   actual: string | number | BigNumberish,
   expected: string | number | BigNumberish,
@@ -343,5 +348,6 @@ export {
   resetFork,
   overwriteChainlinkAggregator,
   performDAOAction,
-  initialiseGnosisSDK
+  initialiseGnosisSDK,
+  validateArraysEqual
 };
diff --git a/test/integration/proposals_config.ts b/test/integration/proposals_config.ts
diff --git a/test/unit/pcv/PCVGuardian.test.ts b/test/unit/pcv/PCVGuardian.test.ts

Original file line number	Diff line number	Diff line change
`@@ -101,6 +101,6 @@ library TribeRoles {`
`101`	`101`	`/// @notice capable of changing PCV Deposit and Global Rate Limited Minter in the PSM`
`102`	`102`	`bytes32 internal constant PSM_ADMIN_ROLE = keccak256("PSM_ADMIN_ROLE");`
`103`	`103`
`104`		`- /// @notice capable of moving PCV on the PCVGuardian`
`105`		`- bytes32 internal constant PCV_MOVER = keccak256("PCV_MOVER");`
	`104`	`+ /// @notice capable of moving PCV between safe addresses on the PCVGuardian`
	`105`	`+ bytes32 internal constant PCV_SAFE_MOVER_ROLE = keccak256("PCV_SAFE_MOVER_ROLE");`
`106`	`106`	`}`