From 5fad7f793cc10f3030b130d4127e40ef284ecfcf Mon Sep 17 00:00:00 2001 From: The Dark Jester Date: Sun, 20 Oct 2024 08:47:24 -0700 Subject: [PATCH] [Fix] Set default admin for token bridge on reinitialization (#211) * set default admin for token bridge on reinit * Use more applicable naming for admin --- .../contracts/tokenBridge/TokenBridge.sol | 11 ++++++- contracts/test/tokenBridge/TokenBridge.ts | 31 +++++++++++++++++-- 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/contracts/contracts/tokenBridge/TokenBridge.sol b/contracts/contracts/tokenBridge/TokenBridge.sol index be61b4f90..65428fd63 100644 --- a/contracts/contracts/tokenBridge/TokenBridge.sol +++ b/contracts/contracts/tokenBridge/TokenBridge.sol @@ -154,21 +154,30 @@ contract TokenBridge is /** * @notice Sets permissions for a list of addresses and their roles as well as initialises the PauseManager pauseType:role mappings. * @dev This function is a reinitializer and can only be called once per version. Should be called using an upgradeAndCall transaction to the ProxyAdmin. + * @param _defaultAdmin The default admin account's address. * @param _roleAddresses The list of addresses and roles to assign permissions to. * @param _pauseTypeRoles The list of pause types to associate with roles. * @param _unpauseTypeRoles The list of unpause types to associate with roles. */ function reinitializePauseTypesAndPermissions( + address _defaultAdmin, RoleAddress[] calldata _roleAddresses, PauseTypeRole[] calldata _pauseTypeRoles, PauseTypeRole[] calldata _unpauseTypeRoles ) external reinitializer(2) { + if (_defaultAdmin == address(0)) { + revert ZeroAddressNotAllowed(); + } + + _grantRole(DEFAULT_ADMIN_ROLE, _defaultAdmin); + assembly { /// @dev Wiping the storage slot 101 of _owner as it is replaced by AccessControl and there is now the ERC165 __gap in its place. - /// @dev Wiping the storage slot 213 of _status as it is replaced by ReentrancyGuardUpgradeable at slot 1. sstore(101, 0) + /// @dev Wiping the storage slot 213 of _status as it is replaced by ReentrancyGuardUpgradeable at slot 1. sstore(213, 0) } + __ReentrancyGuard_init(); __PauseManager_init(_pauseTypeRoles, _unpauseTypeRoles); __Permissions_init(_roleAddresses); diff --git a/contracts/test/tokenBridge/TokenBridge.ts b/contracts/test/tokenBridge/TokenBridge.ts index 7c27dd456..0c268121f 100644 --- a/contracts/test/tokenBridge/TokenBridge.ts +++ b/contracts/test/tokenBridge/TokenBridge.ts @@ -30,6 +30,7 @@ import { expectRevertWithCustomError, expectRevertWithReason, } from "../common/helpers"; +import { DEFAULT_ADMIN_ROLE } from "contracts/common/constants"; const initialUserBalance = BigInt(10 ** 9); const mockName = "L1 DAI"; @@ -905,13 +906,35 @@ describe("TokenBridge", function () { describe("reinitializePauseTypesAndPermissions", function () { it("Should revert with ZeroAddressNotAllowed when addressWithRole is zero address in reinitializePauseTypesAndPermissions", async function () { - const { l1TokenBridge } = await loadFixture(deployContractsFixture); + const { owner, l1TokenBridge } = await loadFixture(deployContractsFixture); const roleAddresses = [{ addressWithRole: ZeroAddress, role: SET_RESERVED_TOKEN_ROLE }]; await expectRevertWithCustomError( l1TokenBridge, - l1TokenBridge.reinitializePauseTypesAndPermissions(roleAddresses, pauseTypeRoles, unpauseTypeRoles), + l1TokenBridge.reinitializePauseTypesAndPermissions( + owner.address, + roleAddresses, + pauseTypeRoles, + unpauseTypeRoles, + ), + "ZeroAddressNotAllowed", + ); + }); + + it("Should revert with ZeroAddressNotAllowed when default admin is zero address", async function () { + const { owner, l1TokenBridge } = await loadFixture(deployContractsFixture); + + const roleAddresses = [{ addressWithRole: owner.address, role: SET_RESERVED_TOKEN_ROLE }]; + + await expectRevertWithCustomError( + l1TokenBridge, + l1TokenBridge.reinitializePauseTypesAndPermissions( + ZeroAddress, //owner is set to zeroaddress + roleAddresses, + pauseTypeRoles, + unpauseTypeRoles, + ), "ZeroAddressNotAllowed", ); }); @@ -971,6 +994,7 @@ describe("TokenBridge", function () { await tokenBridgeV2Implementation.waitForDeployment(); const reinitializeCallData = TokenBridgeV2.interface.encodeFunctionData("reinitializePauseTypesAndPermissions", [ + owner.address, newRoleAddresses, pauseTypeRoles, unpauseTypeRoles, @@ -1062,6 +1086,7 @@ describe("TokenBridge", function () { await tokenBridgeV2Implementation.waitForDeployment(); const reinitializeCallData = TokenBridgeV2.interface.encodeFunctionData("reinitializePauseTypesAndPermissions", [ + owner.address, newRoleAddresses, pauseTypeRoles, unpauseTypeRoles, @@ -1085,6 +1110,8 @@ describe("TokenBridge", function () { for (const { role, addressWithRole } of newRoleAddresses) { expect(await upgradedTokenBridge.hasRole(role, addressWithRole)).to.be.true; } + + expect(await upgradedTokenBridge.hasRole(DEFAULT_ADMIN_ROLE, owner.address)).to.be.true; }); }); });