forked from GalloDaSballo/badger-vaults-mix-v1.5
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy path6_production_roles_check.py
156 lines (123 loc) · 5.2 KB
/
6_production_roles_check.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
from brownie import network, BadgerRegistry, Controller, interface, web3
from config import REGISTRY
from helpers.constants import AddressZero
from rich.console import Console
from tabulate import tabulate
console = Console()
DEFAULT_ADMIN_ROLE = (
"0x0000000000000000000000000000000000000000000000000000000000000000"
)
tableHead = ["Role", "MemberCount", "Address"]
def main():
"""
Checks that the proxyAdmin of all conracts added to the BadgerRegistry match
the proxyAdminTimelock address on the same registry. How to run:
1. Add all keys to check paired to the key of the expected DEFAULT_ADMIN_ROLE to the
'keysWithAdmins' array.
2. Add an array with all the expected roles belonging to each one of the keyed contracts
added on the previous step to the 'roles' array. The index of the key must match the index
of its roles array.
3. Additionally, the script will check that the controller's governance and strategist match
the Badger's production configuration addresses.
4. Run the script and analyze the printed results.
"""
console.print("You are using the", network.show_active(), "network")
# Get production registry
registry = BadgerRegistry.at(REGISTRY)
# NOTE: Add keys to check paired to the key of their expected DEFAULT_ADMIN_ROLE:
keysWithAdmins = [
["badgerTree", "governance"],
["BadgerRewardsManager", "governance"],
["rewardsLogger", "governance"],
["keeper", "devGovernance"],
]
# NOTE: Add all the roles related to the keys to check from the previous array. Indexes must match!
roles = [
[
"DEFAULT_ADMIN_ROLE",
"ROOT_PROPOSER_ROLE",
"ROOT_VALIDATOR_ROLE",
"PAUSER_ROLE",
"UNPAUSER_ROLE",
],
["DEFAULT_ADMIN_ROLE", "SWAPPER_ROLE", "DISTRIBUTOR_ROLE"],
["DEFAULT_ADMIN_ROLE", "MANAGER_ROLE"],
["DEFAULT_ADMIN_ROLE", "EARNER_ROLE", "HARVESTER_ROLE", "TENDER_ROLE"],
]
assert len(keysWithAdmins) == len(roles)
check_roles(registry, keysWithAdmins, roles)
check_controller_roles(registry)
def check_roles(registry, keysWithAdmins, roles):
for key in keysWithAdmins:
console.print("[blue]Checking roles for[/blue]", key[0])
# Get contract address
contract = registry.get(key[0])
admin = registry.get(key[1])
if contract == AddressZero:
console.print("[red]Key not found on registry![/red]")
continue
tableData = []
accessControl = interface.IAccessControl(contract)
keyRoles = roles[keysWithAdmins.index(key)]
hashes = get_roles_hashes(keyRoles)
for role in keyRoles:
roleHash = hashes[keyRoles.index(role)]
roleMemberCount = accessControl.getRoleMemberCount(roleHash)
if roleMemberCount == 0:
tableData.append([role, "-", "No Addresses found for this role"])
else:
for memberNumber in range(roleMemberCount):
memberAddress = accessControl.getRoleMember(roleHash, memberNumber)
if role == "DEFAULT_ADMIN_ROLE":
if memberAddress == admin:
console.print(
"[green]DEFAULT_ADMIN_ROLE matches[/green]",
key[1],
admin,
)
else:
console.print(
"[red]DEFAULT_ADMIN_ROLE doesn't match[/red]",
key[1],
admin,
)
tableData.append([role, memberNumber, memberAddress])
print(tabulate(tableData, tableHead, tablefmt="grid"))
def check_controller_roles(registry):
console.print("[blue]Checking roles for Controller...[/blue]")
controllerAddress = registry.get("controller")
governance = registry.get("governance")
governanceTimelock = registry.get("governanceTimelock")
assert controllerAddress != AddressZero
assert governance != AddressZero
assert governanceTimelock != AddressZero
controller = Controller.at(controllerAddress)
# Check governance
if controller.governance() == governanceTimelock:
console.print(
"[green]controller.governance() matches governanceTimelock -[/green]",
governanceTimelock,
)
else:
console.print(
"[red]controller.governance() doesn't match governanceTimelock -[/red]",
controller.governance(),
)
# Check strategist
if controller.strategist() == governance:
console.print(
"[green]controller.strategist() matches governance -[/green]", governance
)
else:
console.print(
"[red]controller.strategist() doesn't match governance -[/red]",
controller.strategist(),
)
def get_roles_hashes(roles):
hashes = []
for role in roles:
if role == "DEFAULT_ADMIN_ROLE":
hashes.append(DEFAULT_ADMIN_ROLE)
else:
hashes.append(web3.keccak(text=role).hex())
return hashes