Introduce ACL to IP Graph Precompile

kingster-will commented 4 months ago

Description and context

We propose to introduce an Access Control List (ACL) mechanism to the IP Graph precompile contracts to enhance security and control over write operations. This ACL will ensure that only addresses/accounts that are whitelisted can access and execute write functions, such as addParents(). The primary goal is to restrict state-changing operations to valid contracts, like the "LicensingModule", thereby preventing unauthorized modifications to the IP Graph.

Details

Currently, the IP Graph precompile contracts do not have an explicit access control mechanism for write operations. This lack of access control could potentially expose the system to unauthorized state changes, leading to security vulnerabilities. By implementing an ACL, we can ensure that only whitelisted addresses, which are recognized and authorized by the system, can perform write operations.

Key Features to Implement:

Whitelist Management: Functions to add and remove addresses from the whitelist. These functions should be accessible only by the contract owner or designated administrators.
Access Control Checks: Modify existing write functions (e.g., addParents()) to include checks that ensure the caller's address is in the whitelist before executing any state-changing logic.
Event Logging: Emit events for critical actions, including adding or removing addresses from the whitelist, to ensure transparency and facilitate monitoring.

Acceptance Criteria

An ACL mechanism is implemented and integrated with the IP Graph precompile contracts.
Only addresses/accounts in the whitelist can execute write functions in the precompile contracts.
Functions to manage the whitelist (add/remove addresses) are implemented and secured.
All modifications and access attempts are logged through events for auditability.
The system maintains full functionality with the added ACL, without introducing regressions or performance issues.

Ramarti commented 2 months ago

Great writeup. We could implement this in 2 phases, the first one a simple hard coded maping to remove the vector, then we can make it more flexible to not require hard forks. It could be tied to Module Registry, but not to all modules. There could be an extra property 'writesIPGraph' that the precompile checks.

jdubpark commented 2 months ago

Shouldn't this be in the geth repo, not here in protocol core, as it requires changes in the precompile?

storyprotocol / protocol-core-v1