search

transmute-industries / transmute-mercury

React Redux Firebase Ethereum Seed dApp
https://transmute.industries
MIT License
6 stars 1 forks source link

Caller is not authorized to write factory events #7

Open OR13 opened 7 years ago

OR13 commented 7 years ago

Warning! Error encountered during contract execution [Bad instruction]

https://ropsten.etherscan.io/tx/0x9ebd3743cfd2c3c3b1795b3d2585d92165734f7aa1b046aa8816e289a0269a36

Note that the same contract succeeds with testrpc.

OR13 commented 7 years ago

Manager pattern fails on ropsten, but succeeds on testrpc.

This factory: https://github.com/transmute-industries/transmute-mercury/blob/corp/contracts/TransmuteFramework/TransmuteFramework/EventStoreFactory.sol

Creates this event store: https://github.com/transmute-industries/transmute-mercury/blob/corp/contracts/TransmuteFramework/TransmuteFramework/EventStore.sol

It succeeds with a transaction, on testrpc.

It fails with a Bad Instruction on ropsten:

Warning! Error encountered during contract execution [Bad instruction]

https://ropsten.etherscan.io/tx/0xd79eaa0f7efc4fcac2b7cb4553f072fded7f203e19f78bfde6150621e618b081

The specific call which fails is:

https://github.com/transmute-industries/transmute-mercury/blob/corp/src/store/ethereum/mercury/middleware.js#L28

Any explanation of error would be greatly appreciated.

OR13 commented 7 years ago

i believe this is caused by the authorized modifier.

OR13 commented 7 years ago

This issue was caused by onlyAuthorized modifier. truffle migrates the contracts to ropsten with sigmate wallet. so that address is the only one authorized to write events.

when metamask address calls createEventStore, it fails to write the factory event store created event, because metamask address is not authorized yet.

This highlights an interesting flaw when using isAuthorized on factory event store, because a caller will never be authorized, unless they first request authorization and are granted.

however, only the sigmate wallet can grant an access request.... so that is a problem.

seems like really, the factory writeEvents have different permissions requirements than a single eventstore.

the factory should basically let any address create event stores and thus, must let any address write events.

we could remove event sourcing from the factory, that might be the cheapest solution.

if we dont remove event sourcing from the factory, we will need to add an admin address to the factory before it is deployed (possibly hard coded...) then that address can use DAC to grant and revoke access to the factory.

OR13 commented 7 years ago

For a demo, i believe using unauthorized events in the factory would be less friction.

For other contracts, I believe some form of DAC on factory would be wise.

OR13 commented 7 years ago

This PR removes the auth check on master, until we resolve this properly, this ticket should remain open. https://github.com/transmute-industries/transmute-mercury/pull/8/

OR13 commented 7 years ago

Once the framework supports ACL Based EventStores, this can be resolved.