From 402eccb77a55edc9fd54b479d039b59b2379c5ee Mon Sep 17 00:00:00 2001 From: eboado Date: Fri, 17 Feb 2023 10:07:28 +0100 Subject: [PATCH 1/9] wip: collector permissions movement opt/arb --- .gitmodules | 5 +-- lib/aave-address-book | 2 +- lib/aave-helpers | 2 +- lib/forge-std | 2 +- .../DeployPermissionsMigrationPayload.s.sol | 35 +++++++++++++++++ .../CollectorPermissionsMigrationPayload.sol | 39 +++++++++++++++++++ 6 files changed, 79 insertions(+), 6 deletions(-) create mode 100644 src/contracts/misc-guardian/CollectorPermissionsMigrationPayload.sol diff --git a/.gitmodules b/.gitmodules index 1a1878a..7187a01 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,8 +4,7 @@ [submodule "lib/aave-address-book"] path = lib/aave-address-book url = https://github.com/lib/aave-address-book - branch = v1.10.0 [submodule "lib/aave-helpers"] path = lib/aave-helpers - url = https://github.com/lib/aave-helpers - branch = v1.4.0 + url = https://github.com/bgd-labs/aave-helpers + branch = v2.1.0 diff --git a/lib/aave-address-book b/lib/aave-address-book index 2cbbf1d..2b8bc75 160000 --- a/lib/aave-address-book +++ b/lib/aave-address-book @@ -1 +1 @@ -Subproject commit 2cbbf1d9e3f6125a215bce38363c7390c509fcbf +Subproject commit 2b8bc7586b834aca66571c41d5c108a94bc0d6ee diff --git a/lib/aave-helpers b/lib/aave-helpers index 2fca32a..256d7d8 160000 --- a/lib/aave-helpers +++ b/lib/aave-helpers @@ -1 +1 @@ -Subproject commit 2fca32af3ec51994e3a72ee2aa901ede40a4fdf7 +Subproject commit 256d7d87865cc249adab75c029800655d170d014 diff --git a/lib/forge-std b/lib/forge-std index 1c418a0..a2edd39 160000 --- a/lib/forge-std +++ b/lib/forge-std @@ -1 +1 @@ -Subproject commit 1c418a04f6f6b002a1631838da5761641391858b +Subproject commit a2edd39db95df7e9dd3f9ef9edc8c55fefddb6df diff --git a/script/DeployPermissionsMigrationPayload.s.sol b/script/DeployPermissionsMigrationPayload.s.sol index 9d84b1a..4d22311 100644 --- a/script/DeployPermissionsMigrationPayload.s.sol +++ b/script/DeployPermissionsMigrationPayload.s.sol @@ -6,6 +6,7 @@ import {AaveGovernanceV2} from 'aave-address-book/AaveGovernanceV2.sol'; import {AaveV3Optimism} from 'aave-address-book/AaveV3Optimism.sol'; import {AaveV3Arbitrum} from 'aave-address-book/AaveV3Arbitrum.sol'; import {PermissionsMigrationPayload} from '../src/contracts/misc-guardian/PermissionsMigrationPayload.sol'; +import {CollectorPermissionsMigrationPayload} from '../contracts/mic-guardian/CollectorPermissionsMigrationPayload.sol'; library OptimismPayloadLib { function _deploy() internal returns (PermissionsMigrationPayload) { @@ -19,6 +20,15 @@ library OptimismPayloadLib { AaveV3Optimism.POOL_ADDRESSES_PROVIDER ); } + + function _deployPayloadCollector() internal returns (CollectorPermissionsMigrationPayload) { + return + new CollectorPermissionsMigrationPayload( + AaveGovernanceV2.OPTIMISM_BRIDGE_EXECUTOR, + AaveV3Optimism.COLLECTOR, + AaveV3Optimism.COLLECTOR_CONTROLLER + ); + } } library ArbitrumPayloadLib { @@ -33,6 +43,15 @@ library ArbitrumPayloadLib { AaveV3Arbitrum.POOL_ADDRESSES_PROVIDER ); } + + function _deployPayloadCollector() internal returns (CollectorPermissionsMigrationPayload) { + return + new CollectorPermissionsMigrationPayload( + AaveGovernanceV2.ARBITRUM_BRIDGE_EXECUTOR, + AaveV3Arbitrum.COLLECTOR, + AaveV3Arbitrum.COLLECTOR_CONTROLLER + ); + } } contract DeployOptimismPayload is Script { @@ -50,3 +69,19 @@ contract DeployArbitrumPayload is Script { vm.stopBroadcast(); } } + +contract DeployCollectorOptimismPayload is Script { + function run() external { + vm.startBroadcast(); + OptimismPayloadLib._deployPayloadCollector(); + vm.stopBroadcast(); + } +} + +contract DeployCollectorArbitrumPayload is Script { + function run() external { + vm.startBroadcast(); + ArbitrumPayloadLib._deployPayloadCollector(); + vm.stopBroadcast(); + } +} diff --git a/src/contracts/misc-guardian/CollectorPermissionsMigrationPayload.sol b/src/contracts/misc-guardian/CollectorPermissionsMigrationPayload.sol new file mode 100644 index 0000000..14b03a1 --- /dev/null +++ b/src/contracts/misc-guardian/CollectorPermissionsMigrationPayload.sol @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.0; + +import {AaveGovernanceV2} from 'aave-address-book/AaveGovernanceV2.sol'; +import {IACLManager, IPoolAddressesProvider} from 'aave-address-book/AaveV3.sol'; +import {ICollector} from 'aave-address-book/AaveV3.sol'; +import {IOwnable} from '../interfaces/IOwnable.sol'; + +interface ITransparentProxy { + function changeAdmin(address newAdmin) external; +} + +/** + * @dev One-time-use helper contract to be used by Aave Guardians (Gnosis Safe generally) to do migration + * of permissions to the cross-chain governance system. + * - Different to the Steward patterns, this payload is designed to be executed via DELEGATECALL on the Gnosis Safe + * - The payload doesn't affect anyhow the storage of the address "running it". + * - This migration has been done ad-hoc, taking into account how permissions are in the networks target: Optimism + * and Arbitrum. + */ +contract CollectorPermissionsMigrationPayload { + ITransparentProxy public immutable COLLECTOR; + IOwnable public immutable CONTROLLER_OF_COLLECTOR; + address public immutable BRIDGE_EXECUTOR; + + constructor( + address bridgeExecutor, + ICollector collector, + address controllerOfCollector + ) { + COLLECTOR = IOwnable(collector); + CONTROLLER_OF_COLLECTOR = ITransparentProxy(controllerOfCollector); + } + + function execute() external { + CONTROLLER_OF_COLLECTOR.transferOwnership(BRIDGE_EXECUTOR); + COLLECTOR.changeAdmin(BRIDGE_EXECUTOR); + } +} From e08830bec3e33987f4835f63c48f46e60ad79c5d Mon Sep 17 00:00:00 2001 From: Lukas Date: Fri, 17 Feb 2023 10:14:39 +0100 Subject: [PATCH 2/9] fix: add remappings --- remappings.txt | 9 +++++++++ script/DeployPermissionsMigrationPayload.s.sol | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 remappings.txt diff --git a/remappings.txt b/remappings.txt new file mode 100644 index 0000000..0f7be7e --- /dev/null +++ b/remappings.txt @@ -0,0 +1,9 @@ +@aave/core-v3/=lib/aave-address-book/lib/aave-v3-core/ +@aave/periphery-v3/=lib/aave-address-book/lib/aave-v3-periphery/ +aave-address-book/=lib/aave-address-book/src/ +aave-helpers/=lib/aave-helpers/src/ +aave-v3-core/=lib/aave-address-book/lib/aave-v3-core/ +aave-v3-periphery/=lib/aave-address-book/lib/aave-v3-periphery/ +ds-test/=lib/forge-std/lib/ds-test/src/ +forge-std/=lib/forge-std/src/ +solidity-utils/=lib/aave-helpers/lib/solidity-utils/src diff --git a/script/DeployPermissionsMigrationPayload.s.sol b/script/DeployPermissionsMigrationPayload.s.sol index 4d22311..1c64112 100644 --- a/script/DeployPermissionsMigrationPayload.s.sol +++ b/script/DeployPermissionsMigrationPayload.s.sol @@ -6,7 +6,7 @@ import {AaveGovernanceV2} from 'aave-address-book/AaveGovernanceV2.sol'; import {AaveV3Optimism} from 'aave-address-book/AaveV3Optimism.sol'; import {AaveV3Arbitrum} from 'aave-address-book/AaveV3Arbitrum.sol'; import {PermissionsMigrationPayload} from '../src/contracts/misc-guardian/PermissionsMigrationPayload.sol'; -import {CollectorPermissionsMigrationPayload} from '../contracts/mic-guardian/CollectorPermissionsMigrationPayload.sol'; +import {CollectorPermissionsMigrationPayload} from '../src/contracts/misc-guardian/CollectorPermissionsMigrationPayload.sol'; library OptimismPayloadLib { function _deploy() internal returns (PermissionsMigrationPayload) { From 4010aed20f3f876739d9e9c3ee150662e5cdfd6a Mon Sep 17 00:00:00 2001 From: eboado Date: Fri, 17 Feb 2023 12:37:28 +0100 Subject: [PATCH 3/9] Added tests for collector permissions transfer --- Makefile | 4 + diffs/diff-Arbitrum-permissions-migration.md | 34 +-- diffs/diff-Optimism-permissions-migration.md | 34 +-- .../Arbitrum_permissions-post-migration.md | 6 +- reports/Arbitrum_permissions-pre-migration.md | 20 +- .../Optimism_permissions-post-migration.md | 6 +- reports/Optimism_permissions-pre-migration.md | 20 +- .../CollectorPermissionsMigrationPayload.sol | 13 +- ...ctorPermissionsMigrationToCrosschain.t.sol | 211 ++++++++++++++++++ src/test/helpers/PermissionsHelpers.sol | 32 ++- 10 files changed, 301 insertions(+), 79 deletions(-) create mode 100644 src/test/CollectorPermissionsMigrationToCrosschain.t.sol diff --git a/Makefile b/Makefile index 88b4e23..e6d36b5 100644 --- a/Makefile +++ b/Makefile @@ -22,6 +22,10 @@ test-permissions-migration : forge test --match-contract PermissionsMigrationToCrosschain -vvv make git-diff before=./reports/Optimism_permissions-pre-migration.md after=./reports/Optimism_permissions-post-migration.md out=diff-Optimism-permissions-migration make git-diff before=./reports/Arbitrum_permissions-pre-migration.md after=./reports/Arbitrum_permissions-post-migration.md out=diff-Arbitrum-permissions-migration +test-collector-permissions-migration : + forge test --match-contract CollectorPermissionsMigrationToCrosschain -vvv + make git-diff before=./reports/Optimism_permissions-pre-migration.md after=./reports/Optimism_permissions-post-migration.md out=diff-Optimism-permissions-migration + make git-diff before=./reports/Arbitrum_permissions-pre-migration.md after=./reports/Arbitrum_permissions-post-migration.md out=diff-Arbitrum-permissions-migration clean :; forge clean snapshot :; forge snapshot diff --git a/diffs/diff-Arbitrum-permissions-migration.md b/diffs/diff-Arbitrum-permissions-migration.md index 38c5ae9..dc8a299 100644 --- a/diffs/diff-Arbitrum-permissions-migration.md +++ b/diffs/diff-Arbitrum-permissions-migration.md @@ -1,29 +1,17 @@ ```diff diff --git a/./reports/Arbitrum_permissions-pre-migration.md b/./reports/Arbitrum_permissions-post-migration.md -index dcffb56..2ae4d78 100644 +index 94edfc3..a06a824 100644 --- a/./reports/Arbitrum_permissions-pre-migration.md +++ b/./reports/Arbitrum_permissions-post-migration.md -@@ -2,15 +2,15 @@ - - | Permission | Who? | - |---|---| -- | Owner of addresses provider | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | -- | Owner of addresses provider registry | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | -- | aclAdmin on addresses provider | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | -+ | Owner of addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | -+ | Owner of addresses provider registry | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | -+ | aclAdmin on addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | - | Owner repay collateral adapter | **Deployer Account** ( 0x4365F8e70CF38C6cA67DE41448508F2da8825500 ) | - | Owner swap collateral adapter | **Deployer Account** ( 0x4365F8e70CF38C6cA67DE41448508F2da8825500 ) | -- | Owner of wrapped weth gateway | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | -- | Owner of Emission Manager | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | -- | POOL_ADMIN | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | -+ | Owner of wrapped weth gateway | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | -+ | Owner of Emission Manager | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | -+ | POOL_ADMIN | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | +@@ -9,8 +9,8 @@ + | Owner swap collateral adapter | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | + | Owner of wrapped weth gateway | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of Emission Manager | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | +- | Owner of Controller of Collector | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | +- | Proxy admin of Collector | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | ++ | Owner of Controller of Collector | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | ++ | Proxy admin of Collector | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | POOL_ADMIN | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | EMERGENCY_ADMIN | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | -- | DEFAULT_ADMIN_ROLE | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | -+ | DEFAULT_ADMIN_ROLE | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | - - + | DEFAULT_ADMIN_ROLE | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | ``` diff --git a/diffs/diff-Optimism-permissions-migration.md b/diffs/diff-Optimism-permissions-migration.md index 4b8336f..32f92d4 100644 --- a/diffs/diff-Optimism-permissions-migration.md +++ b/diffs/diff-Optimism-permissions-migration.md @@ -1,29 +1,17 @@ ```diff diff --git a/./reports/Optimism_permissions-pre-migration.md b/./reports/Optimism_permissions-post-migration.md -index 53cb79f..b6c957b 100644 +index 3f1b268..f4b1354 100644 --- a/./reports/Optimism_permissions-pre-migration.md +++ b/./reports/Optimism_permissions-post-migration.md -@@ -2,15 +2,15 @@ - - | Permission | Who? | - |---|---| -- | Owner of addresses provider | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | -- | Owner of addresses provider registry | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | -- | aclAdmin on addresses provider | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | -+ | Owner of addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | -+ | Owner of addresses provider registry | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | -+ | aclAdmin on addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | - | Owner repay collateral adapter | **Deployer Account** ( 0x4365F8e70CF38C6cA67DE41448508F2da8825500 ) | - | Owner swap collateral adapter | **Deployer Account** ( 0x4365F8e70CF38C6cA67DE41448508F2da8825500 ) | -- | Owner of wrapped weth gateway | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | -- | Owner of Emission Manager | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | -- | POOL_ADMIN | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | -+ | Owner of wrapped weth gateway | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | -+ | Owner of Emission Manager | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | -+ | POOL_ADMIN | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | +@@ -9,8 +9,8 @@ + | Owner swap collateral adapter | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | + | Owner of wrapped weth gateway | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of Emission Manager | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | +- | Owner of Controller of Collector | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | +- | Proxy admin of Collector | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | ++ | Owner of Controller of Collector | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | ++ | Proxy admin of Collector | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | POOL_ADMIN | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | EMERGENCY_ADMIN | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | -- | DEFAULT_ADMIN_ROLE | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | -+ | DEFAULT_ADMIN_ROLE | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | - - + | DEFAULT_ADMIN_ROLE | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | ``` diff --git a/reports/Arbitrum_permissions-post-migration.md b/reports/Arbitrum_permissions-post-migration.md index 2ae4d78..a06a824 100644 --- a/reports/Arbitrum_permissions-post-migration.md +++ b/reports/Arbitrum_permissions-post-migration.md @@ -5,10 +5,12 @@ | Owner of addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of addresses provider registry | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | aclAdmin on addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | - | Owner repay collateral adapter | **Deployer Account** ( 0x4365F8e70CF38C6cA67DE41448508F2da8825500 ) | - | Owner swap collateral adapter | **Deployer Account** ( 0x4365F8e70CF38C6cA67DE41448508F2da8825500 ) | + | Owner repay collateral adapter | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | + | Owner swap collateral adapter | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | | Owner of wrapped weth gateway | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of Emission Manager | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of Controller of Collector | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Proxy admin of Collector | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | POOL_ADMIN | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | EMERGENCY_ADMIN | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | | DEFAULT_ADMIN_ROLE | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | diff --git a/reports/Arbitrum_permissions-pre-migration.md b/reports/Arbitrum_permissions-pre-migration.md index dcffb56..94edfc3 100644 --- a/reports/Arbitrum_permissions-pre-migration.md +++ b/reports/Arbitrum_permissions-pre-migration.md @@ -2,15 +2,17 @@ | Permission | Who? | |---|---| - | Owner of addresses provider | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | - | Owner of addresses provider registry | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | - | aclAdmin on addresses provider | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | - | Owner repay collateral adapter | **Deployer Account** ( 0x4365F8e70CF38C6cA67DE41448508F2da8825500 ) | - | Owner swap collateral adapter | **Deployer Account** ( 0x4365F8e70CF38C6cA67DE41448508F2da8825500 ) | - | Owner of wrapped weth gateway | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | - | Owner of Emission Manager | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | - | POOL_ADMIN | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of addresses provider registry | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | aclAdmin on addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner repay collateral adapter | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | + | Owner swap collateral adapter | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | + | Owner of wrapped weth gateway | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of Emission Manager | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of Controller of Collector | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | + | Proxy admin of Collector | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | + | POOL_ADMIN | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | EMERGENCY_ADMIN | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | - | DEFAULT_ADMIN_ROLE | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | + | DEFAULT_ADMIN_ROLE | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | diff --git a/reports/Optimism_permissions-post-migration.md b/reports/Optimism_permissions-post-migration.md index b6c957b..f4b1354 100644 --- a/reports/Optimism_permissions-post-migration.md +++ b/reports/Optimism_permissions-post-migration.md @@ -5,10 +5,12 @@ | Owner of addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of addresses provider registry | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | aclAdmin on addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | - | Owner repay collateral adapter | **Deployer Account** ( 0x4365F8e70CF38C6cA67DE41448508F2da8825500 ) | - | Owner swap collateral adapter | **Deployer Account** ( 0x4365F8e70CF38C6cA67DE41448508F2da8825500 ) | + | Owner repay collateral adapter | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | + | Owner swap collateral adapter | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | | Owner of wrapped weth gateway | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of Emission Manager | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of Controller of Collector | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Proxy admin of Collector | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | POOL_ADMIN | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | EMERGENCY_ADMIN | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | | DEFAULT_ADMIN_ROLE | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | diff --git a/reports/Optimism_permissions-pre-migration.md b/reports/Optimism_permissions-pre-migration.md index 53cb79f..3f1b268 100644 --- a/reports/Optimism_permissions-pre-migration.md +++ b/reports/Optimism_permissions-pre-migration.md @@ -2,15 +2,17 @@ | Permission | Who? | |---|---| - | Owner of addresses provider | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | - | Owner of addresses provider registry | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | - | aclAdmin on addresses provider | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | - | Owner repay collateral adapter | **Deployer Account** ( 0x4365F8e70CF38C6cA67DE41448508F2da8825500 ) | - | Owner swap collateral adapter | **Deployer Account** ( 0x4365F8e70CF38C6cA67DE41448508F2da8825500 ) | - | Owner of wrapped weth gateway | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | - | Owner of Emission Manager | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | - | POOL_ADMIN | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of addresses provider registry | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | aclAdmin on addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner repay collateral adapter | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | + | Owner swap collateral adapter | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | + | Owner of wrapped weth gateway | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of Emission Manager | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of Controller of Collector | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | + | Proxy admin of Collector | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | + | POOL_ADMIN | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | EMERGENCY_ADMIN | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | - | DEFAULT_ADMIN_ROLE | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | + | DEFAULT_ADMIN_ROLE | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | diff --git a/src/contracts/misc-guardian/CollectorPermissionsMigrationPayload.sol b/src/contracts/misc-guardian/CollectorPermissionsMigrationPayload.sol index 14b03a1..f89f8df 100644 --- a/src/contracts/misc-guardian/CollectorPermissionsMigrationPayload.sol +++ b/src/contracts/misc-guardian/CollectorPermissionsMigrationPayload.sol @@ -1,8 +1,6 @@ // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; -import {AaveGovernanceV2} from 'aave-address-book/AaveGovernanceV2.sol'; -import {IACLManager, IPoolAddressesProvider} from 'aave-address-book/AaveV3.sol'; import {ICollector} from 'aave-address-book/AaveV3.sol'; import {IOwnable} from '../interfaces/IOwnable.sol'; @@ -12,7 +10,7 @@ interface ITransparentProxy { /** * @dev One-time-use helper contract to be used by Aave Guardians (Gnosis Safe generally) to do migration - * of permissions to the cross-chain governance system. + * of permissions to the cross-chain governance system, in this case, of Collector-related contracts. * - Different to the Steward patterns, this payload is designed to be executed via DELEGATECALL on the Gnosis Safe * - The payload doesn't affect anyhow the storage of the address "running it". * - This migration has been done ad-hoc, taking into account how permissions are in the networks target: Optimism @@ -25,11 +23,12 @@ contract CollectorPermissionsMigrationPayload { constructor( address bridgeExecutor, - ICollector collector, - address controllerOfCollector + address collector, + ICollector controllerOfCollector ) { - COLLECTOR = IOwnable(collector); - CONTROLLER_OF_COLLECTOR = ITransparentProxy(controllerOfCollector); + COLLECTOR = ITransparentProxy(collector); + CONTROLLER_OF_COLLECTOR = IOwnable(address(controllerOfCollector)); + BRIDGE_EXECUTOR = bridgeExecutor; } function execute() external { diff --git a/src/test/CollectorPermissionsMigrationToCrosschain.t.sol b/src/test/CollectorPermissionsMigrationToCrosschain.t.sol new file mode 100644 index 0000000..bcb3325 --- /dev/null +++ b/src/test/CollectorPermissionsMigrationToCrosschain.t.sol @@ -0,0 +1,211 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.0; + +import {AaveGovernanceV2} from 'aave-address-book/AaveGovernanceV2.sol'; +import {AaveV3Optimism} from 'aave-address-book/AaveV3Optimism.sol'; +import {AaveV3Arbitrum} from 'aave-address-book/AaveV3Arbitrum.sol'; +import {TestWithExecutor} from 'aave-helpers/GovHelpers.sol'; +import {ProxyHelpers} from 'aave-helpers/ProxyHelpers.sol'; +import {IOwnable} from '../contracts/interfaces/IOwnable.sol'; +import {PermissionsData, BaseAavePermissionsHelper} from './helpers/PermissionsHelpers.sol'; +import {OptimismPayloadLib, ArbitrumPayloadLib} from '../../script/DeployPermissionsMigrationPayload.s.sol'; + +contract CollectorPermissionsMigrationToCrosschain is TestWithExecutor, BaseAavePermissionsHelper { + function testPermissionsMigrationOptimism() public { + vm.createSelectFork('optimism', 74940500); + _selectPayloadExecutor(PermissionsData.AAVE_GUARDIAN_OPTIMISM); + + // ------------------------------------------------- + // 1. We generate a permissions report pre-migration + // ------------------------------------------------- + + string memory PATH_REPORT_PRE = './reports/Optimism_permissions-pre-migration.md'; + + vm.writeFile(PATH_REPORT_PRE, ''); + _writePermissionsTable( + PermissionsData.OP_ID, + PATH_REPORT_PRE, + PermissionsData._getPermissionsSourcesOp(), + PermissionsData._pickAddressesKnownAccounts(PermissionsData._getKnownAccountsOp()) + ); + + // --------------------------------------------------------- + // 2. We deploy and execute the payload on the Guardian Safe + // --------------------------------------------------------- + + _executePayload(address(OptimismPayloadLib._deployPayloadCollector())); + + // -------------------------------------------------- + // 3. We generate a permissions report post-migration + // -------------------------------------------------- + + string memory PATH_REPORT_POST = './reports/Optimism_permissions-post-migration.md'; + + vm.writeFile(PATH_REPORT_POST, ''); + _writePermissionsTable( + PermissionsData.OP_ID, + PATH_REPORT_POST, + PermissionsData._getPermissionsSourcesOp(), + PermissionsData._pickAddressesKnownAccounts(PermissionsData._getKnownAccountsOp()) + ); + + // ------------------------ + // 4. We do the validations + // ------------------------ + + assertEq( + IOwnable(AaveV3Optimism.WETH_GATEWAY).owner(), + AaveGovernanceV2.OPTIMISM_BRIDGE_EXECUTOR, + 'Invalid owner of Gateway' + ); + assertEq( + IOwnable(AaveV3Optimism.EMISSION_MANAGER).owner(), + AaveGovernanceV2.OPTIMISM_BRIDGE_EXECUTOR, + 'Invalid owner of Emission Manager' + ); + assertEq( + IOwnable(AaveV3Optimism.POOL_ADDRESSES_PROVIDER_REGISTRY).owner(), + AaveGovernanceV2.OPTIMISM_BRIDGE_EXECUTOR, + 'Invalid owner of Addresses Provider Registry' + ); + assertFalse( + AaveV3Optimism.ACL_MANAGER.isPoolAdmin(PermissionsData.AAVE_GUARDIAN_OPTIMISM), + 'Guardian should not be POOL_ADMIN' + ); + assertTrue( + AaveV3Optimism.ACL_MANAGER.isPoolAdmin(AaveGovernanceV2.OPTIMISM_BRIDGE_EXECUTOR), + 'Bridge Executor should be POOL_ADMIN' + ); + assertEq( + AaveV3Optimism.POOL_ADDRESSES_PROVIDER.getACLAdmin(), + AaveGovernanceV2.OPTIMISM_BRIDGE_EXECUTOR, + 'Bridge Executor should be ACL Admin on Addresses Provider' + ); + assertEq( + IOwnable(address(AaveV3Optimism.POOL_ADDRESSES_PROVIDER)).owner(), + AaveGovernanceV2.OPTIMISM_BRIDGE_EXECUTOR, + 'Invalid owner of Addresses Provider' + ); + assertEq( + IOwnable(address(AaveV3Optimism.COLLECTOR_CONTROLLER)).owner(), + AaveGovernanceV2.OPTIMISM_BRIDGE_EXECUTOR, + 'Invalid owner of Collector of Controller' + ); + assertEq( + ProxyHelpers.getInitializableAdminUpgradeabilityProxyAdmin(vm, AaveV3Optimism.COLLECTOR), + AaveGovernanceV2.OPTIMISM_BRIDGE_EXECUTOR, + 'Invalid proxy admin of Collector' + ); + assertTrue( + AaveV3Optimism.ACL_MANAGER.hasRole( + AaveV3Optimism.ACL_MANAGER.DEFAULT_ADMIN_ROLE(), + AaveGovernanceV2.OPTIMISM_BRIDGE_EXECUTOR + ) + ); + assertFalse( + AaveV3Optimism.ACL_MANAGER.hasRole( + AaveV3Optimism.ACL_MANAGER.DEFAULT_ADMIN_ROLE(), + PermissionsData.AAVE_GUARDIAN_OPTIMISM + ) + ); + } + + function testPermissionsMigrationArbitrum() public { + vm.createSelectFork('arbitrum', 61747690); + _selectPayloadExecutor(PermissionsData.AAVE_GUARDIAN_ARBITRUM); + + // ------------------------------------------------- + // 1. We generate a permissions report pre-migration + // ------------------------------------------------- + + string memory PATH_REPORT_PRE = './reports/Arbitrum_permissions-pre-migration.md'; + + vm.writeFile(PATH_REPORT_PRE, ''); + _writePermissionsTable( + PermissionsData.ARB_ID, + PATH_REPORT_PRE, + PermissionsData._getPermissionsSourcesArb(), + PermissionsData._pickAddressesKnownAccounts(PermissionsData._getKnownAccountsArb()) + ); + + // --------------------------------------------------------- + // 2. We deploy and execute the payload on the Guardian Safe + // --------------------------------------------------------- + + _executePayload(address(ArbitrumPayloadLib._deployPayloadCollector())); + + // -------------------------------------------------- + // 3. We generate a permissions report post-migration + // -------------------------------------------------- + + string memory PATH_REPORT_POST = './reports/Arbitrum_permissions-post-migration.md'; + + vm.writeFile(PATH_REPORT_POST, ''); + _writePermissionsTable( + PermissionsData.ARB_ID, + PATH_REPORT_POST, + PermissionsData._getPermissionsSourcesArb(), + PermissionsData._pickAddressesKnownAccounts(PermissionsData._getKnownAccountsArb()) + ); + + // ------------------------ + // 4. We do the validations + // ------------------------ + + assertEq( + IOwnable(AaveV3Arbitrum.WETH_GATEWAY).owner(), + AaveGovernanceV2.ARBITRUM_BRIDGE_EXECUTOR, + 'Invalid owner of Gateway' + ); + assertEq( + IOwnable(AaveV3Arbitrum.EMISSION_MANAGER).owner(), + AaveGovernanceV2.ARBITRUM_BRIDGE_EXECUTOR, + 'Invalid owner of Emission Manager' + ); + assertEq( + IOwnable(AaveV3Arbitrum.POOL_ADDRESSES_PROVIDER_REGISTRY).owner(), + AaveGovernanceV2.ARBITRUM_BRIDGE_EXECUTOR, + 'Invalid owner of Addresses Provider Registry' + ); + assertFalse( + AaveV3Arbitrum.ACL_MANAGER.isPoolAdmin(PermissionsData.AAVE_GUARDIAN_ARBITRUM), + 'Guardian should not be POOL_ADMIN' + ); + assertTrue( + AaveV3Arbitrum.ACL_MANAGER.isPoolAdmin(AaveGovernanceV2.ARBITRUM_BRIDGE_EXECUTOR), + 'Bridge Executor should be POOL_ADMIN' + ); + assertEq( + AaveV3Arbitrum.POOL_ADDRESSES_PROVIDER.getACLAdmin(), + AaveGovernanceV2.ARBITRUM_BRIDGE_EXECUTOR, + 'Bridge Executor should be ACL Admin on Addresses Provider' + ); + assertEq( + IOwnable(address(AaveV3Arbitrum.POOL_ADDRESSES_PROVIDER)).owner(), + AaveGovernanceV2.ARBITRUM_BRIDGE_EXECUTOR, + 'Invalid owner of Addresses Provider' + ); + assertEq( + IOwnable(address(AaveV3Arbitrum.COLLECTOR_CONTROLLER)).owner(), + AaveGovernanceV2.ARBITRUM_BRIDGE_EXECUTOR, + 'Invalid owner of Collector of Controller' + ); + assertEq( + ProxyHelpers.getInitializableAdminUpgradeabilityProxyAdmin(vm, AaveV3Arbitrum.COLLECTOR), + AaveGovernanceV2.ARBITRUM_BRIDGE_EXECUTOR, + 'Invalid proxy admin of Collector' + ); + assertTrue( + AaveV3Arbitrum.ACL_MANAGER.hasRole( + AaveV3Arbitrum.ACL_MANAGER.DEFAULT_ADMIN_ROLE(), + AaveGovernanceV2.ARBITRUM_BRIDGE_EXECUTOR + ) + ); + assertFalse( + AaveV3Arbitrum.ACL_MANAGER.hasRole( + AaveV3Arbitrum.ACL_MANAGER.DEFAULT_ADMIN_ROLE(), + PermissionsData.AAVE_GUARDIAN_ARBITRUM + ) + ); + } +} diff --git a/src/test/helpers/PermissionsHelpers.sol b/src/test/helpers/PermissionsHelpers.sol index c4d1d56..1921196 100644 --- a/src/test/helpers/PermissionsHelpers.sol +++ b/src/test/helpers/PermissionsHelpers.sol @@ -8,6 +8,7 @@ import {AaveV3Optimism} from 'aave-address-book/AaveV3Optimism.sol'; import {AaveV3Arbitrum} from 'aave-address-book/AaveV3Arbitrum.sol'; import {IACLManager, IPoolAddressesProvider} from 'aave-address-book/AaveV3.sol'; import {IOwnable} from '../../contracts/interfaces/IOwnable.sol'; +import {ProxyHelpers} from 'aave-helpers/ProxyHelpers.sol'; library PermissionsData { address internal constant AAVE_GUARDIAN_ARBITRUM = 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb; @@ -30,6 +31,8 @@ library PermissionsData { address wrappedTokenGateway; address emissionManager; address aclManager; + address collector; + address controllerOfCollector; } function _getPermissionsSourcesArb() internal pure returns (AavePermissionsSources memory) { @@ -41,7 +44,9 @@ library PermissionsData { swapCollateralAdapter: address(AaveV3Arbitrum.SWAP_COLLATERAL_ADAPTER), wrappedTokenGateway: address(AaveV3Arbitrum.WETH_GATEWAY), emissionManager: address(AaveV3Arbitrum.EMISSION_MANAGER), - aclManager: address(AaveV3Arbitrum.ACL_MANAGER) + aclManager: address(AaveV3Arbitrum.ACL_MANAGER), + collector: AaveV3Arbitrum.COLLECTOR, + controllerOfCollector: address(AaveV3Arbitrum.COLLECTOR_CONTROLLER) }); } @@ -54,7 +59,9 @@ library PermissionsData { swapCollateralAdapter: address(AaveV3Optimism.SWAP_COLLATERAL_ADAPTER), wrappedTokenGateway: address(AaveV3Optimism.WETH_GATEWAY), emissionManager: address(AaveV3Optimism.EMISSION_MANAGER), - aclManager: address(AaveV3Optimism.ACL_MANAGER) + aclManager: address(AaveV3Optimism.ACL_MANAGER), + collector: AaveV3Optimism.COLLECTOR, + controllerOfCollector: address(AaveV3Optimism.COLLECTOR_CONTROLLER) }); } @@ -116,16 +123,17 @@ abstract contract BaseAavePermissionsHelper is Test { revert('_chooseIdentifyAddress(). INVALID_NETWORK'); } - function _identifyAddressArb(address who) internal returns (string memory) { + function _identifyAddressArb(address who) internal pure returns (string memory) { return _identifyAddress(who, PermissionsData._getKnownAccountsArb()); } - function _identifyAddressOp(address who) internal returns (string memory) { + function _identifyAddressOp(address who) internal pure returns (string memory) { return _identifyAddress(who, PermissionsData._getKnownAccountsOp()); } function _identifyAddress(address who, PermissionsData.PermissionHolder[] memory knownAccounts) internal + pure returns (string memory) { for (uint256 i = 0; i < knownAccounts.length; i++) { @@ -221,6 +229,22 @@ abstract contract BaseAavePermissionsHelper is Test { _identifyAddressOnNetwork(IOwnable(poolSources.emissionManager).owner()) ) ); + vm.writeLine( + path, + buildMDOneElRow( + 'Owner of Controller of Collector', + _identifyAddressOnNetwork(IOwnable(poolSources.controllerOfCollector).owner()) + ) + ); + vm.writeLine( + path, + buildMDOneElRow( + 'Proxy admin of Collector', + _identifyAddressOnNetwork( + ProxyHelpers.getInitializableAdminUpgradeabilityProxyAdmin(vm, poolSources.collector) + ) + ) + ); string[] memory poolAdminValues = new string[](candidatesToRoles.length); string[] memory emergencyAdminValues = new string[](candidatesToRoles.length); From 911257d045683216596b5d0eed62241738da9673 Mon Sep 17 00:00:00 2001 From: eboado Date: Fri, 17 Feb 2023 15:05:35 +0100 Subject: [PATCH 4/9] Added movement of adapters permissions --- diffs/diff-Arbitrum-permissions-migration.md | 12 +++++++++--- diffs/diff-Optimism-permissions-migration.md | 12 +++++++++--- reports/Arbitrum_permissions-post-migration.md | 4 ++-- reports/Optimism_permissions-post-migration.md | 4 ++-- script/DeployPermissionsMigrationPayload.s.sol | 8 ++++++-- .../CollectorPermissionsMigrationPayload.sol | 10 +++++++++- 6 files changed, 37 insertions(+), 13 deletions(-) diff --git a/diffs/diff-Arbitrum-permissions-migration.md b/diffs/diff-Arbitrum-permissions-migration.md index dc8a299..925feaa 100644 --- a/diffs/diff-Arbitrum-permissions-migration.md +++ b/diffs/diff-Arbitrum-permissions-migration.md @@ -1,10 +1,16 @@ ```diff diff --git a/./reports/Arbitrum_permissions-pre-migration.md b/./reports/Arbitrum_permissions-post-migration.md -index 94edfc3..a06a824 100644 +index 94edfc3..c4bcf9e 100644 --- a/./reports/Arbitrum_permissions-pre-migration.md +++ b/./reports/Arbitrum_permissions-post-migration.md -@@ -9,8 +9,8 @@ - | Owner swap collateral adapter | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | +@@ -5,12 +5,12 @@ + | Owner of addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of addresses provider registry | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | aclAdmin on addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | +- | Owner repay collateral adapter | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | +- | Owner swap collateral adapter | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | ++ | Owner repay collateral adapter | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | ++ | Owner swap collateral adapter | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of wrapped weth gateway | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of Emission Manager | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | - | Owner of Controller of Collector | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | diff --git a/diffs/diff-Optimism-permissions-migration.md b/diffs/diff-Optimism-permissions-migration.md index 32f92d4..163be86 100644 --- a/diffs/diff-Optimism-permissions-migration.md +++ b/diffs/diff-Optimism-permissions-migration.md @@ -1,10 +1,16 @@ ```diff diff --git a/./reports/Optimism_permissions-pre-migration.md b/./reports/Optimism_permissions-post-migration.md -index 3f1b268..f4b1354 100644 +index 3f1b268..d5d6abc 100644 --- a/./reports/Optimism_permissions-pre-migration.md +++ b/./reports/Optimism_permissions-post-migration.md -@@ -9,8 +9,8 @@ - | Owner swap collateral adapter | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | +@@ -5,12 +5,12 @@ + | Owner of addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner of addresses provider registry | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | aclAdmin on addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | +- | Owner repay collateral adapter | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | +- | Owner swap collateral adapter | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | ++ | Owner repay collateral adapter | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | ++ | Owner swap collateral adapter | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of wrapped weth gateway | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of Emission Manager | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | - | Owner of Controller of Collector | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | diff --git a/reports/Arbitrum_permissions-post-migration.md b/reports/Arbitrum_permissions-post-migration.md index a06a824..c4bcf9e 100644 --- a/reports/Arbitrum_permissions-post-migration.md +++ b/reports/Arbitrum_permissions-post-migration.md @@ -5,8 +5,8 @@ | Owner of addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of addresses provider registry | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | aclAdmin on addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | - | Owner repay collateral adapter | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | - | Owner swap collateral adapter | **Guardian** ( 0xbbd9f90699c1FA0D7A65870D241DD1f1217c96Eb ) | + | Owner repay collateral adapter | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner swap collateral adapter | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of wrapped weth gateway | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of Emission Manager | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of Controller of Collector | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | diff --git a/reports/Optimism_permissions-post-migration.md b/reports/Optimism_permissions-post-migration.md index f4b1354..d5d6abc 100644 --- a/reports/Optimism_permissions-post-migration.md +++ b/reports/Optimism_permissions-post-migration.md @@ -5,8 +5,8 @@ | Owner of addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of addresses provider registry | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | aclAdmin on addresses provider | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | - | Owner repay collateral adapter | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | - | Owner swap collateral adapter | **Guardian** ( 0xE50c8C619d05ff98b22Adf991F17602C774F785c ) | + | Owner repay collateral adapter | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | + | Owner swap collateral adapter | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of wrapped weth gateway | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of Emission Manager | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | | Owner of Controller of Collector | **Bridge Executor** ( 0x7d9103572bE58FfE99dc390E8246f02dcAe6f611 ) | diff --git a/script/DeployPermissionsMigrationPayload.s.sol b/script/DeployPermissionsMigrationPayload.s.sol index 1c64112..2fdd467 100644 --- a/script/DeployPermissionsMigrationPayload.s.sol +++ b/script/DeployPermissionsMigrationPayload.s.sol @@ -26,7 +26,9 @@ library OptimismPayloadLib { new CollectorPermissionsMigrationPayload( AaveGovernanceV2.OPTIMISM_BRIDGE_EXECUTOR, AaveV3Optimism.COLLECTOR, - AaveV3Optimism.COLLECTOR_CONTROLLER + AaveV3Optimism.COLLECTOR_CONTROLLER, + AaveV3Optimism.SWAP_COLLATERAL_ADAPTER, + AaveV3Optimism.REPAY_WITH_COLLATERAL_ADAPTER ); } } @@ -49,7 +51,9 @@ library ArbitrumPayloadLib { new CollectorPermissionsMigrationPayload( AaveGovernanceV2.ARBITRUM_BRIDGE_EXECUTOR, AaveV3Arbitrum.COLLECTOR, - AaveV3Arbitrum.COLLECTOR_CONTROLLER + AaveV3Arbitrum.COLLECTOR_CONTROLLER, + AaveV3Arbitrum.SWAP_COLLATERAL_ADAPTER, + AaveV3Arbitrum.REPAY_WITH_COLLATERAL_ADAPTER ); } } diff --git a/src/contracts/misc-guardian/CollectorPermissionsMigrationPayload.sol b/src/contracts/misc-guardian/CollectorPermissionsMigrationPayload.sol index f89f8df..ecd09a6 100644 --- a/src/contracts/misc-guardian/CollectorPermissionsMigrationPayload.sol +++ b/src/contracts/misc-guardian/CollectorPermissionsMigrationPayload.sol @@ -20,19 +20,27 @@ contract CollectorPermissionsMigrationPayload { ITransparentProxy public immutable COLLECTOR; IOwnable public immutable CONTROLLER_OF_COLLECTOR; address public immutable BRIDGE_EXECUTOR; + IOwnable public immutable COLLATERAL_SWAP_ADAPTER; + IOwnable public immutable REPAY_WITH_COLLATERAL_ADAPTER; constructor( address bridgeExecutor, address collector, - ICollector controllerOfCollector + ICollector controllerOfCollector, + address collateralSwapAdapter, + address repayWithCollateralAdapter ) { COLLECTOR = ITransparentProxy(collector); CONTROLLER_OF_COLLECTOR = IOwnable(address(controllerOfCollector)); BRIDGE_EXECUTOR = bridgeExecutor; + COLLATERAL_SWAP_ADAPTER = IOwnable(collateralSwapAdapter); + REPAY_WITH_COLLATERAL_ADAPTER = IOwnable(repayWithCollateralAdapter); } function execute() external { CONTROLLER_OF_COLLECTOR.transferOwnership(BRIDGE_EXECUTOR); COLLECTOR.changeAdmin(BRIDGE_EXECUTOR); + COLLATERAL_SWAP_ADAPTER.transferOwnership(BRIDGE_EXECUTOR); + REPAY_WITH_COLLATERAL_ADAPTER.transferOwnership(BRIDGE_EXECUTOR); } } From 4daa447b885eb7b728d544a86e642fbedc08808a Mon Sep 17 00:00:00 2001 From: eboado Date: Fri, 17 Feb 2023 15:24:27 +0100 Subject: [PATCH 5/9] Added scripts for collector permissions on Makefile --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index e6d36b5..8fb6211 100644 --- a/Makefile +++ b/Makefile @@ -40,7 +40,9 @@ deploy-ava-btcb-steward :; forge script script/DeployAvaBTCbSteward.s.sol:Deplo verify-ava-btcb-steward :; forge script script/DeployAvaBTCbSteward.s.sol:DeployAvaBTCbSteward --rpc-url ${RPC_AVALANCHE} --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_AVALANCHE} -vvvv deploy-permission-migration-op :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployOptimismPayload --rpc-url ${RPC_OPTIMISM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_OPTIMISM} -vvvv +deploy-permission-collector-migration-op :; forge script script/DeployCollectorOptimismPayload.s.sol:DeployOptimismPayload --rpc-url ${RPC_OPTIMISM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_OPTIMISM} -vvvv deploy-permission-migration-arb :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployArbitrumPayload --rpc-url ${RPC_ARBITRUM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_ARBITRUM} -vvvv +deploy-permission-collector-migration-arb :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployCollectorArbitrumPayload --rpc-url ${RPC_ARBITRUM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_ARBITRUM} -vvvv # diffs git-diff : From 76f42c25e1f349c731516ba0bb6d13155675ff33 Mon Sep 17 00:00:00 2001 From: eboado Date: Fri, 17 Feb 2023 15:28:35 +0100 Subject: [PATCH 6/9] fix on Makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 8fb6211..c6d1286 100644 --- a/Makefile +++ b/Makefile @@ -40,7 +40,7 @@ deploy-ava-btcb-steward :; forge script script/DeployAvaBTCbSteward.s.sol:Deplo verify-ava-btcb-steward :; forge script script/DeployAvaBTCbSteward.s.sol:DeployAvaBTCbSteward --rpc-url ${RPC_AVALANCHE} --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_AVALANCHE} -vvvv deploy-permission-migration-op :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployOptimismPayload --rpc-url ${RPC_OPTIMISM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_OPTIMISM} -vvvv -deploy-permission-collector-migration-op :; forge script script/DeployCollectorOptimismPayload.s.sol:DeployOptimismPayload --rpc-url ${RPC_OPTIMISM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_OPTIMISM} -vvvv +deploy-permission-collector-migration-op :; forge script script/DeployCollectorOptimismPayload.s.sol:DeployCollectorArbitrumPayload --rpc-url ${RPC_OPTIMISM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_OPTIMISM} -vvvv deploy-permission-migration-arb :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployArbitrumPayload --rpc-url ${RPC_ARBITRUM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_ARBITRUM} -vvvv deploy-permission-collector-migration-arb :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployCollectorArbitrumPayload --rpc-url ${RPC_ARBITRUM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_ARBITRUM} -vvvv From 2e341ffb99596796cc3bfab53edd3c6fe81e7671 Mon Sep 17 00:00:00 2001 From: Lukas Date: Fri, 17 Feb 2023 15:32:05 +0100 Subject: [PATCH 7/9] Update .gitmodules --- .gitmodules | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index 7187a01..5a451bd 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,4 +7,3 @@ [submodule "lib/aave-helpers"] path = lib/aave-helpers url = https://github.com/bgd-labs/aave-helpers - branch = v2.1.0 From 2e7cb5bf3e65ed22572d54cb9219eec3cc106048 Mon Sep 17 00:00:00 2001 From: eboado Date: Fri, 17 Feb 2023 15:34:55 +0100 Subject: [PATCH 8/9] fix on Makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index c6d1286..42d2a4a 100644 --- a/Makefile +++ b/Makefile @@ -40,7 +40,7 @@ deploy-ava-btcb-steward :; forge script script/DeployAvaBTCbSteward.s.sol:Deplo verify-ava-btcb-steward :; forge script script/DeployAvaBTCbSteward.s.sol:DeployAvaBTCbSteward --rpc-url ${RPC_AVALANCHE} --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_AVALANCHE} -vvvv deploy-permission-migration-op :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployOptimismPayload --rpc-url ${RPC_OPTIMISM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_OPTIMISM} -vvvv -deploy-permission-collector-migration-op :; forge script script/DeployCollectorOptimismPayload.s.sol:DeployCollectorArbitrumPayload --rpc-url ${RPC_OPTIMISM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_OPTIMISM} -vvvv +deploy-permission-collector-migration-op :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployCollectorArbitrumPayload --rpc-url ${RPC_OPTIMISM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_OPTIMISM} -vvvv deploy-permission-migration-arb :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployArbitrumPayload --rpc-url ${RPC_ARBITRUM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_ARBITRUM} -vvvv deploy-permission-collector-migration-arb :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployCollectorArbitrumPayload --rpc-url ${RPC_ARBITRUM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_ARBITRUM} -vvvv From e6b65e560956639aeedbb4b23d31bf4e0d0077e3 Mon Sep 17 00:00:00 2001 From: eboado Date: Fri, 17 Feb 2023 17:24:44 +0100 Subject: [PATCH 9/9] Fixe on Makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 42d2a4a..a8c648d 100644 --- a/Makefile +++ b/Makefile @@ -40,7 +40,7 @@ deploy-ava-btcb-steward :; forge script script/DeployAvaBTCbSteward.s.sol:Deplo verify-ava-btcb-steward :; forge script script/DeployAvaBTCbSteward.s.sol:DeployAvaBTCbSteward --rpc-url ${RPC_AVALANCHE} --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_AVALANCHE} -vvvv deploy-permission-migration-op :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployOptimismPayload --rpc-url ${RPC_OPTIMISM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_OPTIMISM} -vvvv -deploy-permission-collector-migration-op :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployCollectorArbitrumPayload --rpc-url ${RPC_OPTIMISM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_OPTIMISM} -vvvv +deploy-permission-collector-migration-op :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployCollectorOptimismPayload --rpc-url ${RPC_OPTIMISM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_OPTIMISM} -vvvv deploy-permission-migration-arb :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployArbitrumPayload --rpc-url ${RPC_ARBITRUM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_ARBITRUM} -vvvv deploy-permission-collector-migration-arb :; forge script script/DeployPermissionsMigrationPayload.s.sol:DeployCollectorArbitrumPayload --rpc-url ${RPC_ARBITRUM} --broadcast --legacy --ledger --mnemonic-indexes ${MNEMONIC_INDEX} --sender ${LEDGER_SENDER} --verify --etherscan-api-key ${ETHERSCAN_API_KEY_ARBITRUM} -vvvv