search

kkrt-labs / kakarot

Kakarot is a zkEVM written in Cairo, leveraging the STARK proof system.
https://kakarot.org
MIT License
1k stars 310 forks source link

feat: implement the security council multisig [11] #1536

Open ClementWalter opened 1 month ago

ClementWalter commented 1 month ago

Why

See conception document: security-council-multisig-and-guardians.pdf

We need to write a contract able to manage different thresholds for different functions.

Note: this contracts will have signers that can be Argent or Braavos multisigs, this is somehow a merged multisig contract.

What

// Constants
const pause_threshold = 50% 
const emergency_execution_threshold = 75%
const unpause = 66%
const revoke_guardian = 66% 
const cancel_proposal_threshold = 50%

// Storage
struct Storage {
  protocol_handler: ContractAddress,
  operator_proposals: ContractAddress
  members: Vec<ContractAddress>,
  call_hash_by_member: Map<(felft,u32), Map<ContractAddress, felt252>>
};

// External function
fn emergency_execution(valid_until: u64, call: Call);
fn transfer_ownership(valid_until: u64, new_owner: ContractAddress);
fn hard_pause(valid_until: u64);
fn unpause(valid_until: u64);
fn cancel_proposal(valid_until: u64, proposal_id: felt252);

fn change_operator(valid_until: u64, new_operator: ContractAddres);
fn change_security_council(valid_until: u64, new_security_council: ContractAddres);
fn change_gas_price_admin(valid_until: u64, new_gas_admin: ContractAddres);
fn add_guardian(valid_until: u64, guardian_to_add: ContractAddres);
fn remove_guardian(valid_until: u64, guardian_to_remove: ContractAddres);

in body, functions should look like:

   if tx.timestamp > valid_until
        panic!()
   }
   assert tx.sender in members;
   // some other logic

   // compute call hash
   let hash = poseidon(selector, args)
   assert has not in call_hash_by_members
   call_hash_by_members.push(hash, tx.sender)

Issues

### Tasks
- [ ] feat: security concil scaffolding + constructor + storage no function [1]
- [ ] feat: security concil pause / unpause [2]
- [ ] feat: security concil add & remove guardian [2]
- [ ] emergency_execution [1]
- [ ] transfer_ownership [1]
- [ ] change_operator [1]
- [ ] change_security_council [1]
- [ ] change_gas_price_admin [1]
- [ ] cancel_proposal [1]
obatirou commented 1 month ago

Added the cancel_proposal function + operator_proposal: ContractAddress to the requirements: it is need as the operator will execute the proposals from a TimelockController in which the SC multisig will have the CANCELLER role