From af16ca0035800f4aeba435bed42380656832f4f5 Mon Sep 17 00:00:00 2001 From: 0xpause Date: Mon, 2 Sep 2024 22:26:14 +0800 Subject: [PATCH] add admin cap --- .../released/8/0x2/package.rpd | Bin 54339 -> 54459 bytes .../released/8/0x3/package.rpd | Bin 40283 -> 40448 bytes .../framework-release/released/8/stdlib | Bin 160130 -> 160415 bytes .../moveos-stdlib/doc/core_addresses.md | 13 ++++ .../moveos-stdlib/sources/core_addresses.move | 18 +++++ frameworks/rooch-framework/doc/gas_coin.md | 2 +- frameworks/rooch-framework/doc/genesis.md | 39 +---------- .../rooch-framework/doc/onchain_config.md | 64 ++++++++++++------ frameworks/rooch-framework/doc/upgrade.md | 9 --- .../rooch-framework/sources/gas_coin.move | 4 +- .../rooch-framework/sources/genesis.move | 24 ++++--- .../sources/onchain_config.move | 48 ++++++++----- .../rooch-framework/sources/upgrade.move | 7 +- 13 files changed, 127 insertions(+), 101 deletions(-) diff --git a/frameworks/framework-release/released/8/0x2/package.rpd b/frameworks/framework-release/released/8/0x2/package.rpd index 2b8c4e1b224d576c2be7ac609cceb61de85ffdf5..9ec7912b0c68640508805e5bfc98103154862b80 100644 GIT binary patch delta 223 zcmX@Sf_e8!<_#G^swX)X%Dm=gV_;xlXJlYuX3=Fe6lHfi%*fHn=2B0R{{J0R;g8lgd(~vy4;T0Rab-YgI)71e38E>jH5FdNix;q zA}+hIRQrVDO1cvf5l2O9?LtIxBZ`RN&$+u}>^_wGCQ+;h**ckcJ+ z>GK!pTMthRuDElxpPVFwcp#qo602VX{sT;i-{G+OjJ_-M6}4Ah(7Wwr?fswnV;Y@z zyl~NRLV*DX0g@=9Jt0ODHl_%hKvO_04&s2KWrnkeBg7yGDTD=zyGRiRijX9HmxAI* z&?y5DJ_;HLt>OwB2ZuQ6JZM()6c>U$KE)|v^(aQ^bO8_>h@Lfl5$7{5L7YuWpy?bM z5w}2@z&1P`wg;F;5Iayd5IYgYtzr4Lu(B(_?Fin)wqT2P#FWj5t=QNU%&4iFF+-(C z9l@lx%rcN3(;zi~!huerF9eST=@=Li{=*3!A|?w3YHLXulD|25*yw%jwUy5Ot*7&U zCU?$@R`@C}KGEtdXA4VNtH063_iAgo=d(^Pd<-@6hiWIiYj3Qromf~}$yVF>x3%f~ zvDSFLYrK+(^=CR+*S6a2Zr1B9tS{xC-`h00-)(hzOIdgG&{P`+PywJcW+jY=6RjOd zSc)u&se>ecUvmA4%4YgEk#y@lXdD+Pxb$O8>i;l5m2TUwMTaCMQUw5 z9+C+jN03bJ7l^eXPVE<>mehImy5z2*Xqwkhgv&{T&)}?y(s_K(47bhh7YM^H)rNlxhEb7&g^34yL_uLIHxuEAp89OYX7nE8#y}$}x^H>v4uznIM=5HAxgGsA;Sv^ZD}$v2o{IKfox1795Idp>OfNT z3OTQm1V^dC58-PBtO{%8q>SF$$fCE_yV#+((#jjWeNr5a+yUmn;)R1dD^A|vv=on^ WQ?YZ`9d{}}cV-4gH$ORZ*8U6fXyD=i delta 1476 zcmZWpO=w(I6h7zvzx(cc^X_Dl$(5ohstZ9^wV*^?NT`3HxNs%XMRDcAg<_Ek;-cWWlNO78aK3x*Ip_YIbH4Ll z*=1KgXCFU4-hVrNzxG?I0Kg$Q=5juM5yf{{$jkVs{*axP=2N|({?haI1Ebvq^AXD~ zTT!}V1u*0&P@)12#sD9oBan}2fCLc0GJ=#7I1~U`)G?F*IqiT_To!#KZy$Zih#-d0 zAg~IVFzyz^Tm!G#6b&DBNH~re0-wlon%D9YVLdAdCku~;P0>c#z#+gU-H6i>?jVr+ zNGE3^?2p#jXqb!e#GQm`Qc8-%C*@=)sU*V*Q%(X`&T`99If_ylKusdiAq^B>iiB){ zl5R#dn4%(+PBDBxu@nx}4(zY2KGWV5R-RT^+UU8USkXDYj)87!KAy!W=rQe1H=KrL4qQZYC41` zT!63?DdkfUNu5@}BC$E8!&wH*xyTrz1R0qMUp6*|Zz*c>U&-%pz7*!q+0b2T9;AJd z_&_aHraYr(H)}%`rQ&Jy;zniV&Ogoj4&#|{@3F@47u>w3j;rhHLA$G^`%1rorJr_A z9{ZO0+c>s!=3M9!0R2a#0>>Tai;fs|56m&tJ9 z^wDA6UR~{OZ)~~ex@+5~sMEH(y-t`p^JADgTMdh6e-BTtG=<;>!=De#AqHG-hNYF6 zKC#EgN>IR$XyMUOY!3IT&_a>Q67{*p*^IZCV-|BpP2;6SuShhBAxTIqNlN0#1%2j- zHdgqYq|^{C8VXuRTg7`z%q30PHc<1y1ht4GQ5puLco-I5EUrBjUVV20hjvbex9q>k CIFHJEmzG=Z1tu?W>m0EMu@=qo52}-{V1z*4LbA5pOenX6?OVgn z)&RE=_$aXjTeLk%?9$n2P$ou0d=exUnM6*rH_dU!2QJXW9E-x!~2)E5?;^qi^h zZ~4YtE4<_y-FK?^+!i;vI6M2~_|$Y`W-^|gpIn@2jJKxu&o!FG`sC#J!u)uBW@i3S zpj!9yQC!{G`&%WI^M^>ml0vi5YK_lNb(1NqnT2M3t~J$YF26g3li0=zB4Y_Jk-q|r zagg$iSduV@Y0M~5B+oEo8D}hLL{~I;!W}x6rYxi$gSeF9kWkWS*u+AbQKYH}WhObT zlTb(buvo%OXv}0(YD1S(I5utO+-p%w?XL|J$~jMOUxDGP9)JvvriH zw=z7Y{UV7mT{9*L2Xb6HCgngnDEh8T+PP?*7$6aCr&Up-)euQX=vm7@TR$cpv0MjV z9l4@isy%U^TnojUk6uTduP`c#AVGMCU#&S}wq;iEq+g6Mxw)dZe}Lvs991V-&3-q^ zq(9Hr7XD_`Ixw#`kf6wUO{a*6V#_VnA2CcxVANZH31X*Z^x}z_-BZK3*mDzSRv6Mb zaCxXZy#XKSRF4eRNIjGrP(^!+HByQxftr$iCDmfNybp(MPS8 zt)iX_W;K`4R{cOh(rc(wYaB2{4P0v}^vNJKEjJiba|%!h5Ctd(CYU zRUUyEqC;)12q4#|q&!@rcE*X@N-3?td#StuM==G?rIkfXU?urWxzd)3{*?~idxtvM zm{^!^>iWdQ{Nmg~GBKambzYE-mcLrbq|#6;_1yipgXgaQY1l?fHyZ~V%~qrP#WC#d z9y!2JreCULZrryQNU#@aqF zW#pn=MCz51p{J;OmN739k#VtJZXz$Kpkt8<&n0ny)ns~3%lxC?a?x#l&S{?SvX_>6Gu_bG*cZnlwl~p%b`?!20c00L8OKph0tT=Up b(Mmo@MmguN8}4-X(h00#@AA4XPMrS_!lwY{ delta 1667 zcmZWpTWFj`6h3FJ|7HHmY<4%-rki_gQ`^U_1RJ51BGSHzh?=b1Z7igT%_fLex+QHz zMDVh)f2|fTGzi+NSTQdJ(FdiVpokO{AGC<5s1FtNrQn%OgT)SDPOH3l#up1i{6q9Lwq3&!YDuPN+B7)7+esN1H24qXqPV0V)G15q(^1 z*?2dWn!&Nd*$>^gsrluOf##7Xa@m^$*mq&@_=AYLdF;e46wON~UQ4u9Od$Y@5VYyL zaOuehPBmT%*B@XI3^OtBI*;NrOyy03xSjC;?*H0g0QY4J2#pY;s5rXhRQyAd+W`CMM(lSmKp+Q6Cx;vi zyVVi5FzVo*TL?ox@l)UWIls-%`vspVBY`Uu@PL!Y>6gj_)FcuOQb*qlDG0z?DCuTY ztsyE}(jjKAlq&_e`TboZS`}R#P%uQBiX67E9IZ$5+NHJfl*C*%ptG!v;i^c5sJ1}j& z|4wJN^?r<-zy7j$^<+P8#|ASzl@w`;O9+;gDYP-Y)*6OR>0ej!n1>iL8!;Cvbn4i8 zeL_i3!w7S6L1ASIc_z3sa7=Br5OYvQjb%oAd?s6#WnLC#$rLo)KANerX8Pt=6d8qi z?PSa|pAO7znIMX+HG{TY#1Yz#or18lg7!nx^jK)rb@C9E_i4cjzf#C5*v4zR4?fTA( z=q<4c^$8mb{$SEvWh2RHPI-x~TmT7*_^e@!Na}L|BB0Nci|H;jS^;xOz{x`O+jqdlW%(1Y?|0ZE(JDb%AO@03jI4{}>Vteoh0n zQMIG&Cy{x^DbGO?mx_wi*zWlcA%q)#DR9;cNzw9M?|Hii)oPE zbe!&q0r-Z5jC<)0qOK5B1dK8sgp3kclGBeYrMX+n pTN@C&Nzuse 0x1::signer; @@ -124,3 +125,15 @@ Return true if addr is either the VM address or an Rooch system add 
public fun is_reserved_address(addr: address): bool
+ + + + + +## Function `list_system_reserved_addresses` + +List all the on chain governance's reserved addresses. + + +
public fun list_system_reserved_addresses(): vector<address>
+
diff --git a/frameworks/moveos-stdlib/sources/core_addresses.move b/frameworks/moveos-stdlib/sources/core_addresses.move index 71e3c84f3c..c262dcf584 100644 --- a/frameworks/moveos-stdlib/sources/core_addresses.move +++ b/frameworks/moveos-stdlib/sources/core_addresses.move @@ -3,6 +3,7 @@ module moveos_std::core_addresses { use std::signer; + use std::vector; /// The operation can only be performed by the VM const ErrorNotVM: u64 = 1; @@ -54,4 +55,21 @@ module moveos_std::core_addresses { public fun is_reserved_address(addr: address): bool { is_system_reserved_address(addr) || is_vm_address(addr) } + + /// List all the on chain governance's reserved addresses. + public fun list_system_reserved_addresses(): vector
{ + let addrs = vector::empty
(); + vector::push_back(&mut addrs, @0x1); + vector::push_back(&mut addrs, @0x2); + vector::push_back(&mut addrs, @0x3); + vector::push_back(&mut addrs, @0x4); + vector::push_back(&mut addrs, @0x5); + vector::push_back(&mut addrs, @0x6); + vector::push_back(&mut addrs, @0x7); + vector::push_back(&mut addrs, @0x8); + vector::push_back(&mut addrs, @0x9); + vector::push_back(&mut addrs, @0xa); + + addrs + } } diff --git a/frameworks/rooch-framework/doc/gas_coin.md b/frameworks/rooch-framework/doc/gas_coin.md index ed0394925b..6134811c68 100644 --- a/frameworks/rooch-framework/doc/gas_coin.md +++ b/frameworks/rooch-framework/doc/gas_coin.md @@ -116,7 +116,7 @@ Mint gas coin to the given account. ## Function `faucet_entry` -Entry point for the faucet, anyone can get Gas via this function on local/dev net, otherwise only sequencer account can call this function. +Entry point for the faucet, anyone can get Gas via this function on local/dev net, otherwise only admin account can call this function. 
public entry fun faucet_entry(account: &signer, amount: u256)
diff --git a/frameworks/rooch-framework/doc/genesis.md b/frameworks/rooch-framework/doc/genesis.md
index 3a4fba0181..6ccf3e66c1 100644
--- a/frameworks/rooch-framework/doc/genesis.md
+++ b/frameworks/rooch-framework/doc/genesis.md
@@ -10,8 +10,11 @@
 
 
 
use 0x1::option;
+use 0x1::vector;
 use 0x2::account;
+use 0x2::core_addresses;
 use 0x2::module_store;
+use 0x2::signer;
 use 0x2::tx_context;
 use 0x3::account;
 use 0x3::account_coin_store;
@@ -51,39 +54,3 @@ GenesisContext is a genesis init parameters in the TxContext.
 
 
const ErrorGenesisInit: u64 = 1;
 

-
-
-
-
-
-
-
-
const MoveosStdAccount: address = 0x2;
-

-
-
-
-
-
-
-
-
const BitcoinMoveAccount: address = 0x4;
-

-
-
-
-
-
-
-
-
const MoveStdAccount: address = 0x1;
-

-
-
-
-
-
-
-
-
const RoochFrameworkAccount: address = 0x3;
-

diff --git a/frameworks/rooch-framework/doc/onchain_config.md b/frameworks/rooch-framework/doc/onchain_config.md
index 8ead57d09e..3565a191d3 100644
--- a/frameworks/rooch-framework/doc/onchain_config.md
+++ b/frameworks/rooch-framework/doc/onchain_config.md
@@ -6,13 +6,15 @@
 
 
 -  [Resource `OnchainConfig`](#0x3_onchain_config_OnchainConfig)
+-  [Resource `AdminCap`](#0x3_onchain_config_AdminCap)
 -  [Constants](#@Constants_0)
 -  [Function `genesis_init`](#0x3_onchain_config_genesis_init)
+-  [Function `admin`](#0x3_onchain_config_admin)
+-  [Function `ensure_admin`](#0x3_onchain_config_ensure_admin)
 -  [Function `sequencer`](#0x3_onchain_config_sequencer)
 -  [Function `update_framework_version`](#0x3_onchain_config_update_framework_version)
 -  [Function `framework_version`](#0x3_onchain_config_framework_version)
 -  [Function `onchain_config`](#0x3_onchain_config_onchain_config)
--  [Function `ensure_sequencer`](#0x3_onchain_config_ensure_sequencer)
 -  [Function `add_to_publishing_allowlist`](#0x3_onchain_config_add_to_publishing_allowlist)
 -  [Function `remove_from_publishing_allowlist`](#0x3_onchain_config_remove_from_publishing_allowlist)
 -  [Function `change_feature_flags`](#0x3_onchain_config_change_feature_flags)
@@ -39,16 +41,28 @@ OnchainConfig is framework configurations stored on chain.
 
 
 
+
+
+## Resource `AdminCap`
+
+AdminCap is the capability for admin operations, such as update onchain configurations.
+
+
+
struct AdminCap has store, key
+

+
+
+
 
 
 ## Constants
 
 
-
+
 
 
 
-
const ErrorNotSequencer: u64 = 1;
+
const ErrorNotAdmin: u64 = 1;
 

 
 
@@ -64,6 +78,28 @@ OnchainConfig is framework configurations stored on chain.
 
 
 
+
+
+## Function `admin`
+
+
+
+
public fun admin(): address
+

+
+
+
+
+
+## Function `ensure_admin`
+
+
+
+
public fun ensure_admin(account: &signer)
+

+
+
+
 
 
 ## Function `sequencer`
@@ -108,27 +144,15 @@ OnchainConfig is framework configurations stored on chain.
 
 
 
-
-
-## Function `ensure_sequencer`
-
-
-
-
public fun ensure_sequencer(account: &signer)
-

-
-
-
 
 
 ## Function `add_to_publishing_allowlist`
 
-When module_publishing_allowlist_feature is enabled, only address in allowlist
-can publish modules.
-Add publisher to publishing allowlist.
+When module_publishing_allowlist_feature is enabled, only packed_id in allowlist can be published.
+Add package_id to publishing allowlist.
 
 
-
public entry fun add_to_publishing_allowlist(account: &signer, publisher: address)
+
public entry fun add_to_publishing_allowlist(account: &signer, package_id: address)
 

 
 
@@ -137,10 +161,10 @@ Add publisher to publishing allowlist.
 
 ## Function `remove_from_publishing_allowlist`
 
-Remove publisher from publishing allowlist.
+Remove package_id from publishing allowlist.
 
 
-
public entry fun remove_from_publishing_allowlist(account: &signer, publisher: address)
+
public entry fun remove_from_publishing_allowlist(account: &signer, package_id: address)
 

 
 
diff --git a/frameworks/rooch-framework/doc/upgrade.md b/frameworks/rooch-framework/doc/upgrade.md
index 4ea4b6f3cd..48d8b0717c 100644
--- a/frameworks/rooch-framework/doc/upgrade.md
+++ b/frameworks/rooch-framework/doc/upgrade.md
@@ -35,15 +35,6 @@ Event for framework upgrades
 ## Constants
 
 
-
-
-
-
-
const ErrorNotSequencer: u64 = 1;
-

-
-
-
 
 
 
diff --git a/frameworks/rooch-framework/sources/gas_coin.move b/frameworks/rooch-framework/sources/gas_coin.move
index 318870baf7..633f816ca7 100644
--- a/frameworks/rooch-framework/sources/gas_coin.move
+++ b/frameworks/rooch-framework/sources/gas_coin.move
@@ -65,10 +65,10 @@ module rooch_framework::gas_coin {
         faucet(addr, amount);
     }
 
-    /// Entry point for the faucet, anyone can get Gas via this function on local/dev net, otherwise only sequencer account can call this function.
+    /// Entry point for the faucet, anyone can get Gas via this function on local/dev net, otherwise only admin account can call this function.
     public entry fun faucet_entry(account: &signer, amount: u256) {
         if(!chain_id::is_local_or_dev()){
-            onchain_config::ensure_sequencer(account);
+            onchain_config::ensure_admin(account);
         };
         let addr = signer::address_of(account); 
         faucet(addr, amount);
diff --git a/frameworks/rooch-framework/sources/genesis.move b/frameworks/rooch-framework/sources/genesis.move
index 8ba97f0afe..8d4a769863 100644
--- a/frameworks/rooch-framework/sources/genesis.move
+++ b/frameworks/rooch-framework/sources/genesis.move
@@ -4,8 +4,11 @@
 module rooch_framework::genesis {
 
     use std::option;
+    use std::vector;
+    use moveos_std::signer;
     use moveos_std::tx_context;
     use moveos_std::module_store;
+    use moveos_std::core_addresses;
     use rooch_framework::account;
     use rooch_framework::auth_validator_registry;
     use rooch_framework::builtin_validators;
@@ -20,11 +23,6 @@ module rooch_framework::genesis {
 
     const ErrorGenesisInit: u64 = 1;
 
-    const MoveStdAccount: address = @0x1;
-    const MoveosStdAccount: address = @0x2;
-    const RoochFrameworkAccount: address = @0x3;
-    const BitcoinMoveAccount: address = @0x4;
-
     /// GenesisContext is a genesis init parameters in the TxContext.
     struct GenesisContext has copy,store,drop{
         chain_id: u64,
@@ -33,7 +31,13 @@ module rooch_framework::genesis {
     }
 
     fun init(){
-        let genesis_account = &account::create_system_account(@rooch_framework);
+        // create all system accounts
+        let system_addresses = core_addresses::list_system_reserved_addresses();
+        vector::for_each(system_addresses, |addr| {
+            let _ = account::create_system_account(addr);
+        });
+
+        let genesis_account = &signer::module_signer();
         let genesis_context_option = tx_context::get_attribute();
         assert!(option::is_some(&genesis_context_option), ErrorGenesisInit);
         let genesis_context = option::extract(&mut genesis_context_option);
@@ -55,10 +59,10 @@ module rooch_framework::genesis {
         };
 
         // issue framework packages upgrade cap to sequencer
-        module_store::issue_upgrade_cap_by_system(genesis_account, MoveStdAccount, sequencer_addr);
-        module_store::issue_upgrade_cap_by_system(genesis_account, MoveosStdAccount, sequencer_addr);
-        module_store::issue_upgrade_cap_by_system(genesis_account, RoochFrameworkAccount, sequencer_addr);
-        module_store::issue_upgrade_cap_by_system(genesis_account, BitcoinMoveAccount, sequencer_addr);
+        let system_addresses = core_addresses::list_system_reserved_addresses();
+        vector::for_each(system_addresses, |addr| {
+            module_store::issue_upgrade_cap_by_system(genesis_account, addr, sequencer_addr);
+        });
         
         // give some gas coin to the sequencer
         gas_coin::faucet(sequencer_addr, 1000000_00000000u256);
diff --git a/frameworks/rooch-framework/sources/onchain_config.move b/frameworks/rooch-framework/sources/onchain_config.move
index c48b181f22..e110879b94 100644
--- a/frameworks/rooch-framework/sources/onchain_config.move
+++ b/frameworks/rooch-framework/sources/onchain_config.move
@@ -13,7 +13,7 @@ module rooch_framework::onchain_config {
     friend rooch_framework::upgrade;
     friend rooch_framework::genesis;
 
-    const ErrorNotSequencer: u64 = 1;
+    const ErrorNotAdmin: u64 = 1;
 
     /// OnchainConfig is framework configurations stored on chain.
     struct OnchainConfig has key {
@@ -21,6 +21,10 @@ module rooch_framework::onchain_config {
         sequencer: address,
     }
 
+    /// AdminCap is the capability for admin operations, such as update onchain configurations.
+    struct AdminCap has key, store {}
+
+
     public(friend) fun genesis_init(genesis_account: &signer, sequencer: address){
         let config = OnchainConfig{
             framework_version: 0,
@@ -28,9 +32,25 @@ module rooch_framework::onchain_config {
         };
         let obj = object::new_named_object(config);
         object::transfer_extend(obj, @rooch_framework);
+
+        let admin_cap = object::new_named_object(AdminCap{});
+        object::transfer(admin_cap, sequencer);
+
         set_code_features(genesis_account);
     }
 
+    public fun admin(): address {
+        let object_id = object::named_object_id();
+        let obj = object::borrow_object(object_id);
+        object::owner(obj)
+    }
+
+    public fun ensure_admin(account: &signer) {
+        let sender = signer::address_of(account);
+        assert!(sender == admin(), ErrorNotAdmin);
+    }
+
+
     public fun sequencer(): address {
         onchain_config().sequencer
     }
@@ -50,27 +70,21 @@ module rooch_framework::onchain_config {
         object::borrow(obj)
     }
 
-    public fun ensure_sequencer(account: &signer) {
-        let sender = signer::address_of(account);
-        assert!(sender == sequencer(), ErrorNotSequencer);
-    }
-
     /******  API for update module publishing allowlist. ******/
 
-    /// When module_publishing_allowlist_feature is enabled, only address in allowlist 
-    /// can publish modules.
-    /// Add `publisher` to publishing allowlist.
-    public entry fun add_to_publishing_allowlist(account: &signer, publisher: address) {
-        ensure_sequencer(account);
+    /// When module_publishing_allowlist_feature is enabled, only packed_id in allowlist can be published.
+    /// Add `package_id` to publishing allowlist.
+    public entry fun add_to_publishing_allowlist(account: &signer, package_id: address) {
+        ensure_admin(account);
         let system_account = signer::module_signer();
-        module_store::add_to_allowlist(&system_account, publisher);
+        module_store::add_to_allowlist(&system_account, package_id);
     }
 
-    /// Remove `publisher` from publishing allowlist.
-    public entry fun remove_from_publishing_allowlist(account: &signer, publisher: address) {
-        ensure_sequencer(account);
+    /// Remove `package_id` from publishing allowlist.
+    public entry fun remove_from_publishing_allowlist(account: &signer, package_id: address) {
+        ensure_admin(account);
         let system_account = signer::module_signer();
-        module_store::remove_from_allowlist(&system_account, publisher);
+        module_store::remove_from_allowlist(&system_account, package_id);
     }
     /****** End of API for update module publishing allowlist. ******/
 
@@ -78,7 +92,7 @@ module rooch_framework::onchain_config {
 
     /// Enable or disable features. You can find all feature flags in moveos_std::features.
     public entry fun change_feature_flags(account: &signer, enable: vector, disable: vector) {
-        ensure_sequencer(account);
+        ensure_admin(account);
         let system_account = signer::module_signer();
         features::change_feature_flags(&system_account, enable, disable);
     }
diff --git a/frameworks/rooch-framework/sources/upgrade.move b/frameworks/rooch-framework/sources/upgrade.move
index b32f51ea47..a49b9214a8 100644
--- a/frameworks/rooch-framework/sources/upgrade.move
+++ b/frameworks/rooch-framework/sources/upgrade.move
@@ -5,24 +5,19 @@ module rooch_framework::upgrade {
 
     use moveos_std::gas_schedule::update_gas_schedule;
     use moveos_std::signer::module_signer;
-    use moveos_std::signer;
     use moveos_std::account::create_signer_for_system;
     use rooch_framework::onchain_config;
 
     friend rooch_framework::genesis;
 
-    const ErrorNotSequencer: u64 = 1;
-
     const MoveosStdAccount: address = @0x2;
 
-
     /// Event for framework upgrades
     struct GasUpgradeEvent has drop, store, copy {
     }
 
     entry fun upgrade_gas_schedule(account: &signer, gas_schedule_config: vector) {
-        let sender_address = signer::address_of(account);
-        assert!(sender_address == onchain_config::sequencer(), ErrorNotSequencer);
+        onchain_config::ensure_admin(account);
 
         let system = module_signer();
         let moveos_std_signer = create_signer_for_system(&system, MoveosStdAccount);