search

me-foundation / magicdrop

MagicDrop is a collection of EVM minting protocols that enable the multi stage minting, per stage WL management, per stage supply limit, and crossmint support.
MIT License
54 stars 37 forks source link

Add authorizedMint and whitelist Reservoir Relay EOA #146

Closed channing-magiceden closed 1 month ago

channing-magiceden commented 1 month ago
tenthirtyone commented 1 month ago

If that EOA is compromised or the relationship with the EOA changes I'm not seeing any protections that can ever remove it. I think the _authorizedMinters mapping needs add/remove methods and a process for managing access to those functions.

What is the motivation for setting the EoA as a constant if it can be passed as a constructor param?

channing-magiceden commented 1 month ago

If that EOA is compromised or the relationship with the EOA changes I'm not seeing any protections that can ever remove it. I think the _authorizedMinters mapping needs add/remove methods and a process for managing access to those functions.

What is the motivation for setting the EoA as a constant if it can be passed as a constructor param?

Good suggestion. My initial intention is to make Reservior Relay fixed so it cannot be modified. But after some thoughts I think it's better to make the list mutable (by owner only).

tenthirtyone commented 1 month ago

Should work.

In the future what do you think about something like AuthorizedMinter.sol and inherit/extend but it's not necessary in this PR, I think.

channing-magiceden commented 1 month ago

Should work.

In the future what do you think about something like AuthorizedMinter.sol and inherit/extend but it's not necessary in this PR, I think.

I think we could switch to use OZ's Access Control / Role to consolidate owner and authorizer.

nothing0012 commented 1 month ago

worth refactoring later, but yeah, lgtm for now, that we delay the introduction of another Roles dependency