-
Notifications
You must be signed in to change notification settings - Fork 11.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve RBAC role type #1090
Comments
Personally a fan of the bytes4(keccak) approach, since it gives you both globally(ish) unique identifiers (no collisions) and also visually distinct identifiers. Doing the bytes4(keccak) process is annoying, though, agreed. |
I wonder how hard it'd be to make a collision in 32 bits (i.e. |
ah true, let's just future-proof it with bytes8 with bytes4, there are about 65,000 unique ids ( |
amazing @nventuro ! |
(see #1146 for some relevant discussion first, if you haven't) So, I've tried out a couple of approaches, and am not entirely sure on which one we should pick moving forward. I've split this into multiple posts to make reading it easier. |
@shrugs proposed keeping the current method, but replacing the string with a hash:
The main benefits of this approach stem from the ability to refer to the role with an identifier, allowing to not declare the It also makes role assignment easier, e.g. with an admin role:
Finally, role assignment during construction would also be somewhat straightforward:
And once the experimental ABI encoder hits,
A couple issues, though:
Note that all three of these issues are also present in the |
@frangio, on the other hand, suggested dropping
Because there's no way to refer to each role (except by their storage slot - more on that later), we'd need to provide specific functions for each role, e.g.
This pattern also allows each base class to easily add custom validation rules in their constructor (e.g. only allow a certain number of address). One of the issues with this is the need to have multiple arguments in the constructor, which stems from the fact that |
I'm currently leaning towards @frangio's proposal, because it is able to achieve the same goals as |
Great write up @nventuro! I really liked the second proposal. (I wouldn't say it's mine, though.) Would it be possible to run into a problem with having too many arrays in the constructor? There are some limits imposed by the Solidity compiler, right? |
Yes - though in Remix I managed to compile a constructor receiving 15 arguments of type |
Interesting. It doesn't depend on the length of the arrays, does it? |
No, it depends on the types of the arguments. |
As of v1.11.0, we're using strings as roles in RBAC. This can be problematic, because strings are UTF-8 encoded in Solidity. Therefore, the following is valid Solidity code, and looks correct at a first glance:
doBackerStuff
's modifier, however, does not contain the original string: an invisible ZERO WIDTH SPACE (U+200B) character has been added at the end, causing seemingly correct code to contain an (intentional?) bug.A suggested alternative is to use integers as role identifiers, which removes this issue entirely. Assigning new identifiers to a role becomes a highly arbitrary task however, since numbers don't convey any role information, as opposed to strings like 'admin', 'curator', 'minter', etc. This could be sidestepped by using the hash of the role string as the integer identifier, e.g.,
uint256 public constant adminRole = 0x01ffc9a7...; // 0x01ffc9a... == keccak256('admin')
, at the cost of placing the extra burden of having to use this pattern on the library users.The text was updated successfully, but these errors were encountered: