Skip to content

FIP-82b: Configure roles so TribalCouncil can operate#678

Merged
thomas-waite merged 59 commits intodevelopfrom
feat-role-transfer
May 4, 2022
Merged

FIP-82b: Configure roles so TribalCouncil can operate#678
thomas-waite merged 59 commits intodevelopfrom
feat-role-transfer

Conversation

@thomas-waite
Copy link
Contributor

@thomas-waite thomas-waite commented Apr 10, 2022

Summary

Configures roles and contract admins throughout the system so that the TribalCouncil can operate the protocol on an operational basis. Specifically:

  • Transfers admin of all non-major TribalRoles to the ROLE_ADMIN. ROLE_ADMIN is held by the TribalCouncil, which will allow it to grant and revoke all non-major roles
  • According to an initial spec, creates new roles to act as the contract admin of certain contracts. Sets the admin of these new roles to be the ROLE_ADMIN calls the individual contracts to set the CONTRACT_ADMIN_ROLE
  • Grants newly created operational roles to the TribalCouncil timelock
  • If a contract admin was changed, then it grants the new contract admin role to whichever contract used to be granted the previous contract admin role. This prevents any bricking of the system, any previous admin contracts will still have admin functionality

Changed admin functionality

FuseGuardian

Prev: TRIBAL_CHIEF_ADMIN_ROLE
New admin role: FUSE_ADMIN
Granted new to: optimisticTimelock,tribalChiefSyncV2, 'tribalCouncilTimelock`

optimisticMinter

Prev: GOVERN_ROLE
New: FEI_MINT_ADMIN
Granted new to: 'feiDAOTimelock', 'tribalCouncilTimelock`

pcvEquityMinter

Prev: GOVERN_ROLE
New: FEI_MINT_ADMIN
Granted new to: 'feiDAOTimelock', 'tribalCouncilTimelock'

ethLidoPCVDeposit

Implementation on chain does not use a CoreRef implementation that has a setContractAdminRole() function. Removed.

indexDelegator

Prev: METAGOVERNANCE_VOTE_ADMIN
New: METAGOVERNANCE_VOTE_ADMIN (no change)
Granted new to: feiDAOTimelock', 'opsOptimisticTimelock', 'tribalCouncilTimelock

ethTokemakPCVDeposit

Unknown admin role: 0x6c9ecf07a5886fd74a8d32f4d3c317a7d5e5b5c7a073a3ab06c217e9ce5288e3
Prev: TOKEMAK_DEPOSIT_ADMIN_ROLE
New: TOKEMAK_DEPOSIT_ADMIN_ROLE (no change)
Granted to: feiDAOTimelock, optimisticTimelock, tribalCouncilTimelock

uniswapPCVDeposit

Prev: GOVERN_ROLE
New: PCV_MINOR_PARAM_ROLE
Granted new to: 'feiDAOTimelock', optimisticTimelock,tribalCouncilTimelock

daiPSMFeiSkimmer

Prev: GOVERN_ROLE
New: PCV_MINOR_PARAM_ROLE
Granted new to: 'feiDAOTimelock', optimisticTimelock,tribalCouncilTimelock

lusdPSMFeiSkimmer

Prev: GOVERN_ROLE
New: PCV_MINOR_PARAM_ROLE
Granted new to: 'feiDAOTimelock', optimisticTimelock,tribalCouncilTimelock

ethPSMFeiSkimmer

Prev: GOVERN_ROLE
New: PCV_MINOR_PARAM_ROLE
Granted new to: 'feiDAOTimelock', optimisticTimelock,tribalCouncilTimelock

aaveEthPCVDripController

Prev: GOVERN_ROLE
New: PCV_MINOR_PARAM_ROLE
Granted new to: 'feiDAOTimelock', optimisticTimelock,tribalCouncilTimelock

daiPCVDripController

Prev: GOVERN_ROLE
New: PCV_MINOR_PARAM_ROLE
Granted new to: 'feiDAOTimelock', optimisticTimelock,tribalCouncilTimelock

lusdPCVDripController

Prev: GOVERN_ROLE
New: PCV_MINOR_PARAM_ROLE
Granted new to: 'feiDAOTimelock', optimisticTimelock,tribalCouncilTimelock

compoundEthPCVDripController

Prev: GOVERN_ROLE
New: PCV_MINOR_PARAM_ROLE
Granted new to: 'feiDAOTimelock', optimisticTimelock,tribalCouncilTimelock

@thomas-waite thomas-waite self-assigned this Apr 10, 2022
@thomas-waite thomas-waite requested a review from a team as a code owner April 10, 2022 23:09
@thomas-waite thomas-waite changed the base branch from feat-governance-upgrade to gov-todos April 10, 2022 23:09
@thomas-waite thomas-waite force-pushed the feat-role-transfer branch 2 times, most recently from ad54ad3 to e12ac60 Compare April 11, 2022 20:54
expect(await contracts.ethTokemakPCVDeposit.CONTRACT_ADMIN_ROLE()).to.be.equal(ethers.utils.id('PCV_ADMIN'));
expect(await contracts.uniswapPCVDeposit.CONTRACT_ADMIN_ROLE()).to.be.equal(ethers.utils.id('PCV_ADMIN'));

expect(await contracts.daiPSMFeiSkimmer.CONTRACT_ADMIN_ROLE()).to.be.equal(ethers.utils.id('PCV_ADMIN'));
Copy link
Contributor Author

@thomas-waite thomas-waite Apr 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note, @Joeysantoro we're revisiting PCV_MINOR_PARAM_ROLE, possibly to more closely scope it's powers

@thomas-waite thomas-waite changed the title Configure roles so TribalCouncil can operate FIP-82b: Configure roles so TribalCouncil can operate Apr 12, 2022
@Joeysantoro
Copy link
Contributor

Made this jist clarifying the PR description accuracy https://gist.github.com/Joeysantoro/21d92cbea44bde4476814952424427fb/revisions

@Joeysantoro
Copy link
Contributor

Before we can submit I'd like to see these new role changes reflected in the governance and roles doc https://fei-protocol.github.io/docs/docs/protocol/Governance/detailedAccessControl#fuse_admin

values: '0',
method: 'createRole(bytes32,bytes32)',
arguments: [
'0xf0b50f04623eeaacfa1f202e062a3001c925a35c6b75d6903e67b43f44bbf152', // PARAMETER_ADMIN
Copy link
Contributor

@Joeysantoro Joeysantoro May 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PARAMETER_ADMIN doesn't appear anywhere in the protocol or the permissions test, and I don't think we have plans to use it. I prefer removing it from TribeRoles and this script

Copy link
Contributor Author

@thomas-waite thomas-waite May 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's used in the NonCustodialPSM, but hasn't been created or granted out yet. We should leave as it's in an access modifier on NonCustodialPSM - have added to permissions.ts

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

imo the roles should be consolidated/clarified. There is a PSM_ADMIN_ROLE and a MINOR_PARAMETER_ADMIN. At least one of those should replace this one or vice versa

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed, leaving for now

@thomas-waite thomas-waite force-pushed the feat-role-transfer branch from 26780f1 to ee41371 Compare May 4, 2022 16:22
@thomas-waite
Copy link
Contributor Author

Made this jist clarifying the PR description accuracy https://gist.github.com/Joeysantoro/21d92cbea44bde4476814952424427fb/revisions

Updated PR description with this and made the two role changes in there

@thomas-waite
Copy link
Contributor Author

Before we can submit I'd like to see these new role changes reflected in the governance and roles doc https://fei-protocol.github.io/docs/docs/protocol/Governance/detailedAccessControl#fuse_admin

Updated

Joeysantoro
Joeysantoro previously approved these changes May 4, 2022
@thomas-waite thomas-waite merged commit 0c9a37e into develop May 4, 2022
@thomas-waite thomas-waite deleted the feat-role-transfer branch May 4, 2022 21:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants

Comments