mirror of
https://github.com/Instadapp/aave-protocol-v2.git
synced 2024-07-29 21:47:30 +00:00
feat: added check on the permission admin validity on the borrow/deposit/liquidate actions
This commit is contained in:
The3D
parent
6d30477950
commit
24570c90c9
|
|
@ -72,4 +72,11 @@ interface IPermissionManager {
|
||||||
* @return the address of the permissionAdmin of the user
|
* @return the address of the permissionAdmin of the user
|
||||||
**/
|
**/
|
||||||
function getUserPermissionAdmin(address user) external view returns (address);
|
function getUserPermissionAdmin(address user) external view returns (address);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @dev Used to query if the permission admin of a certain user is valid,
|
||||||
|
* @param user The address of the user
|
||||||
|
* @return true if the permission admin of a certain user is valid, false otherwise
|
||||||
|
**/
|
||||||
|
function isUserPermissionAdminValid(address user) external view returns (bool);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,10 @@ contract PermissionedWETHGateway is WETHGateway {
|
||||||
) public payable override {
|
) public payable override {
|
||||||
ILendingPool pool = ILendingPool(lendingPool);
|
ILendingPool pool = ILendingPool(lendingPool);
|
||||||
|
|
||||||
require(_isInRole(msg.sender, DataTypes.Roles.DEPOSITOR, pool), Errors.USER_UNAUTHORIZED);
|
require(
|
||||||
|
_isInRoleAndValidPermissionAdmin(msg.sender, DataTypes.Roles.DEPOSITOR, pool),
|
||||||
|
Errors.PLP_USER_UNAUTHORIZED
|
||||||
|
);
|
||||||
|
|
||||||
super.depositETH(lendingPool, onBehalfOf, referralCode);
|
super.depositETH(lendingPool, onBehalfOf, referralCode);
|
||||||
}
|
}
|
||||||
|
|
@ -57,21 +60,31 @@ contract PermissionedWETHGateway is WETHGateway {
|
||||||
) public payable override {
|
) public payable override {
|
||||||
ILendingPool pool = ILendingPool(lendingPool);
|
ILendingPool pool = ILendingPool(lendingPool);
|
||||||
|
|
||||||
require(_isInRole(msg.sender, DataTypes.Roles.BORROWER, pool), Errors.USER_UNAUTHORIZED);
|
require(_isInRole(msg.sender, DataTypes.Roles.BORROWER, pool), Errors.PLP_USER_UNAUTHORIZED);
|
||||||
super.repayETH(lendingPool, amount, rateMode, onBehalfOf);
|
super.repayETH(lendingPool, amount, rateMode, onBehalfOf);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function _getPermissionManager(ILendingPool pool) internal view returns (IPermissionManager) {
|
||||||
function _isInRole(address user, DataTypes.Roles role, ILendingPool pool)
|
|
||||||
internal
|
|
||||||
view
|
|
||||||
returns (bool)
|
|
||||||
{
|
|
||||||
ILendingPoolAddressesProvider provider =
|
ILendingPoolAddressesProvider provider =
|
||||||
ILendingPoolAddressesProvider(pool.getAddressesProvider());
|
ILendingPoolAddressesProvider(pool.getAddressesProvider());
|
||||||
IPermissionManager manager =
|
return IPermissionManager(provider.getAddress(keccak256('PERMISSION_MANAGER')));
|
||||||
IPermissionManager(provider.getAddress(keccak256('PERMISSION_MANAGER')));
|
}
|
||||||
|
|
||||||
|
function _isInRole(
|
||||||
|
address user,
|
||||||
|
DataTypes.Roles role,
|
||||||
|
ILendingPool pool
|
||||||
|
) internal view returns (bool) {
|
||||||
|
IPermissionManager manager = _getPermissionManager(pool);
|
||||||
return manager.isInRole(user, uint256(role));
|
return manager.isInRole(user, uint256(role));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function _isInRoleAndValidPermissionAdmin(
|
||||||
|
address user,
|
||||||
|
DataTypes.Roles role,
|
||||||
|
ILendingPool pool
|
||||||
|
) internal view returns (bool) {
|
||||||
|
IPermissionManager manager = _getPermissionManager(pool);
|
||||||
|
return manager.isInRole(user, uint256(role)) && manager.isUserPermissionAdminValid(user);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -175,4 +175,9 @@ contract PermissionManager is IPermissionManager, Ownable {
|
||||||
function getUserPermissionAdmin(address user) external view override returns (address) {
|
function getUserPermissionAdmin(address user) external view override returns (address) {
|
||||||
return _users[user].permissionAdmin;
|
return _users[user].permissionAdmin;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
///@inheritdoc IPermissionManager
|
||||||
|
function isUserPermissionAdminValid(address user) external view override returns (bool) {
|
||||||
|
return _permissionsAdmins[_users[user].permissionAdmin] > 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -20,29 +20,34 @@ contract PermissionedLendingPool is LendingPool {
|
||||||
require(
|
require(
|
||||||
_isInRole(user, DataTypes.Roles.DEPOSITOR) &&
|
_isInRole(user, DataTypes.Roles.DEPOSITOR) &&
|
||||||
((user == msg.sender) || _isInRole(msg.sender, DataTypes.Roles.DEPOSITOR)),
|
((user == msg.sender) || _isInRole(msg.sender, DataTypes.Roles.DEPOSITOR)),
|
||||||
Errors.DEPOSITOR_UNAUTHORIZED
|
Errors.PLP_DEPOSITOR_UNAUTHORIZED
|
||||||
);
|
);
|
||||||
_;
|
_;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
modifier onlyValidPermissionAdmin(address user) {
|
||||||
|
require(_permissionAdminValid(user), Errors.PLP_INVALID_PERMISSION_ADMIN);
|
||||||
|
_;
|
||||||
|
}
|
||||||
|
|
||||||
modifier onlyBorrowers(address user) {
|
modifier onlyBorrowers(address user) {
|
||||||
require(
|
require(
|
||||||
_isInRole(user, DataTypes.Roles.BORROWER) &&
|
_isInRole(user, DataTypes.Roles.BORROWER) &&
|
||||||
((user == msg.sender) || _isInRole(msg.sender, DataTypes.Roles.BORROWER)),
|
((user == msg.sender) || _isInRole(msg.sender, DataTypes.Roles.BORROWER)),
|
||||||
Errors.BORROWER_UNAUTHORIZED
|
Errors.PLP_BORROWER_UNAUTHORIZED
|
||||||
);
|
);
|
||||||
_;
|
_;
|
||||||
}
|
}
|
||||||
|
|
||||||
modifier onlyLiquidators {
|
modifier onlyLiquidators {
|
||||||
require(_isInRole(msg.sender, DataTypes.Roles.LIQUIDATOR), Errors.LIQUIDATOR_UNAUTHORIZED);
|
require(_isInRole(msg.sender, DataTypes.Roles.LIQUIDATOR), Errors.PLP_LIQUIDATOR_UNAUTHORIZED);
|
||||||
_;
|
_;
|
||||||
}
|
}
|
||||||
|
|
||||||
modifier onlyStableRateManagers {
|
modifier onlyStableRateManagers {
|
||||||
require(
|
require(
|
||||||
_isInRole(msg.sender, DataTypes.Roles.STABLE_RATE_MANAGER),
|
_isInRole(msg.sender, DataTypes.Roles.STABLE_RATE_MANAGER),
|
||||||
Errors.CALLER_NOT_STABLE_RATE_MANAGER
|
Errors.PLP_CALLER_NOT_STABLE_RATE_MANAGER
|
||||||
);
|
);
|
||||||
_;
|
_;
|
||||||
}
|
}
|
||||||
|
|
@ -63,7 +68,7 @@ contract PermissionedLendingPool is LendingPool {
|
||||||
uint256 amount,
|
uint256 amount,
|
||||||
address onBehalfOf,
|
address onBehalfOf,
|
||||||
uint16 referralCode
|
uint16 referralCode
|
||||||
) public virtual override onlyDepositors(onBehalfOf) {
|
) public virtual override onlyDepositors(onBehalfOf) onlyValidPermissionAdmin(onBehalfOf) {
|
||||||
super.deposit(asset, amount, onBehalfOf, referralCode);
|
super.deposit(asset, amount, onBehalfOf, referralCode);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -107,7 +112,7 @@ contract PermissionedLendingPool is LendingPool {
|
||||||
uint256 interestRateMode,
|
uint256 interestRateMode,
|
||||||
uint16 referralCode,
|
uint16 referralCode,
|
||||||
address onBehalfOf
|
address onBehalfOf
|
||||||
) public virtual override onlyBorrowers(onBehalfOf) {
|
) public virtual override onlyBorrowers(onBehalfOf) onlyValidPermissionAdmin(onBehalfOf) {
|
||||||
super.borrow(asset, amount, interestRateMode, referralCode, onBehalfOf);
|
super.borrow(asset, amount, interestRateMode, referralCode, onBehalfOf);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -142,6 +147,7 @@ contract PermissionedLendingPool is LendingPool {
|
||||||
virtual
|
virtual
|
||||||
override
|
override
|
||||||
onlyBorrowers(msg.sender)
|
onlyBorrowers(msg.sender)
|
||||||
|
onlyValidPermissionAdmin(msg.sender)
|
||||||
{
|
{
|
||||||
super.swapBorrowRateMode(asset, rateMode);
|
super.swapBorrowRateMode(asset, rateMode);
|
||||||
}
|
}
|
||||||
|
|
@ -174,6 +180,7 @@ contract PermissionedLendingPool is LendingPool {
|
||||||
virtual
|
virtual
|
||||||
override
|
override
|
||||||
onlyDepositors(msg.sender)
|
onlyDepositors(msg.sender)
|
||||||
|
onlyValidPermissionAdmin(msg.sender)
|
||||||
{
|
{
|
||||||
super.setUserUseReserveAsCollateral(asset, useAsCollateral);
|
super.setUserUseReserveAsCollateral(asset, useAsCollateral);
|
||||||
}
|
}
|
||||||
|
|
@ -195,7 +202,7 @@ contract PermissionedLendingPool is LendingPool {
|
||||||
address user,
|
address user,
|
||||||
uint256 debtToCover,
|
uint256 debtToCover,
|
||||||
bool receiveAToken
|
bool receiveAToken
|
||||||
) public virtual override onlyLiquidators {
|
) public virtual override onlyLiquidators onlyValidPermissionAdmin(msg.sender) {
|
||||||
super.liquidationCall(collateralAsset, debtAsset, user, debtToCover, receiveAToken);
|
super.liquidationCall(collateralAsset, debtAsset, user, debtToCover, receiveAToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -228,9 +235,11 @@ contract PermissionedLendingPool is LendingPool {
|
||||||
//validating modes
|
//validating modes
|
||||||
for (uint256 i = 0; i < modes.length; i++) {
|
for (uint256 i = 0; i < modes.length; i++) {
|
||||||
if (modes[i] == uint256(DataTypes.InterestRateMode.NONE)) {
|
if (modes[i] == uint256(DataTypes.InterestRateMode.NONE)) {
|
||||||
require(_isInRole(msg.sender, DataTypes.Roles.BORROWER), Errors.BORROWER_UNAUTHORIZED);
|
require(_isInRole(msg.sender, DataTypes.Roles.BORROWER), Errors.PLP_BORROWER_UNAUTHORIZED);
|
||||||
|
require(_permissionAdminValid(msg.sender), Errors.PLP_INVALID_PERMISSION_ADMIN);
|
||||||
} else {
|
} else {
|
||||||
require(_isInRole(onBehalfOf, DataTypes.Roles.BORROWER), Errors.BORROWER_UNAUTHORIZED);
|
require(_isInRole(onBehalfOf, DataTypes.Roles.BORROWER), Errors.PLP_BORROWER_UNAUTHORIZED);
|
||||||
|
require(_permissionAdminValid(onBehalfOf), Errors.PLP_INVALID_PERMISSION_ADMIN);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
super.flashLoan(receiverAddress, assets, amounts, modes, onBehalfOf, params, referralCode);
|
super.flashLoan(receiverAddress, assets, amounts, modes, onBehalfOf, params, referralCode);
|
||||||
|
|
@ -267,4 +276,10 @@ contract PermissionedLendingPool is LendingPool {
|
||||||
uint256(role)
|
uint256(role)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function _permissionAdminValid(address user) internal view returns (bool) {
|
||||||
|
return
|
||||||
|
IPermissionManager(_addressesProvider.getAddress(PERMISSION_MANAGER))
|
||||||
|
.isUserPermissionAdminValid(user);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -103,11 +103,12 @@ library Errors {
|
||||||
string public constant LP_NOT_CONTRACT = '78';
|
string public constant LP_NOT_CONTRACT = '78';
|
||||||
string public constant SDT_STABLE_DEBT_OVERFLOW = '79';
|
string public constant SDT_STABLE_DEBT_OVERFLOW = '79';
|
||||||
string public constant SDT_BURN_EXCEEDS_BALANCE = '80';
|
string public constant SDT_BURN_EXCEEDS_BALANCE = '80';
|
||||||
string public constant DEPOSITOR_UNAUTHORIZED = '81';
|
string public constant PLP_DEPOSITOR_UNAUTHORIZED = '81';
|
||||||
string public constant BORROWER_UNAUTHORIZED = '82';
|
string public constant PLP_BORROWER_UNAUTHORIZED = '82';
|
||||||
string public constant LIQUIDATOR_UNAUTHORIZED = '83';
|
string public constant PLP_LIQUIDATOR_UNAUTHORIZED = '83';
|
||||||
string public constant CALLER_NOT_STABLE_RATE_MANAGER = '84';
|
string public constant PLP_CALLER_NOT_STABLE_RATE_MANAGER = '84';
|
||||||
string public constant USER_UNAUTHORIZED = '85';
|
string public constant PLP_USER_UNAUTHORIZED = '85';
|
||||||
|
string public constant PLP_INVALID_PERMISSION_ADMIN = '86';
|
||||||
|
|
||||||
enum CollateralManagerErrors {
|
enum CollateralManagerErrors {
|
||||||
NO_ERROR,
|
NO_ERROR,
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ abstract contract PermissionedDebtTokenBase is DebtTokenBase
|
||||||
|
|
||||||
require(
|
require(
|
||||||
permissionManager.isInRole(_msgSender(), uint256(DataTypes.Roles.BORROWER)),
|
permissionManager.isInRole(_msgSender(), uint256(DataTypes.Roles.BORROWER)),
|
||||||
Errors.BORROWER_UNAUTHORIZED
|
Errors.PLP_BORROWER_UNAUTHORIZED
|
||||||
);
|
);
|
||||||
_;
|
_;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user