Remove Global Permission in IP Access Control #57

jdubpark · 2024-04-11T07:51:49Z

The old IP ACL system required each IP Account to allow module-to-module (M2M) calls, such as the Licensing Module calling the Royalty Module. To remove this ACL friction, global permission was introduced where the first mapping ipAccount was set to address(0) by the protocol governance to indicate a wildcard.

However, using the IP-specific ACL system for M2M interactions introduces potential security risks as well as unintended side consequences of using a wildcard. Hence, we should remove the global permission.

Then, to facilitate the core M2M interactions, which are known in advance, we should use custom, per-module modifiers to gate calls to functions. While this fulfills the requirement handled by the global permission, it can be structurally improved with a dedicated ACL for M2M calls (at the expensive of slightly higher gas cost).

The text was updated successfully, but these errors were encountered:

LeoHChen · 2024-04-14T16:42:25Z

Fixed in #89

jdubpark added enhancement New feature or request IP-ACL IP-specific Access Control system labels Apr 11, 2024

jdubpark assigned kingster-will Apr 11, 2024

jdubpark added this to the v1 code freeze milestone Apr 11, 2024

jdubpark added the high priority label Apr 12, 2024

LeoHChen closed this as completed Apr 14, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove Global Permission in IP Access Control #57

Remove Global Permission in IP Access Control #57

jdubpark commented Apr 11, 2024

LeoHChen commented Apr 14, 2024

Remove Global Permission in IP Access Control #57

Remove Global Permission in IP Access Control #57

Comments

jdubpark commented Apr 11, 2024

LeoHChen commented Apr 14, 2024