Context and Motivation
Currently, the TradeFlow-Core administrative functions likely rely on a simple single-administrator/owner pattern. However, for an institutional-grade RWA (Real World Asset) and factoring protocol, relying on a single key represents a critical single point of failure and a significant security risk. We need to implement a decentralized, Role-Based Access Control (RBAC) system.
Different operational roles—such as upgrading contracts, altering fee structures, whitelisting KYC'd addresses, and triggering emergency pauses—must be separated and assignable to different multi-sig wallets or administrative entities.
Technical Specification
The contributor must design an RBAC module in Rust for the Soroban smart contracts.
- Define Roles: Implement a robust way to identify roles (e.g., using
BytesN<32> hashes for roles like DEFAULT_ADMIN_ROLE, FEE_MANAGER_ROLE, PAUSER_ROLE, KYC_MANAGER_ROLE).
- Storage: Utilize Soroban's
Instance storage to map (Address, Role) => bool.
- Modifiers/Auth: Create reusable authorization logic (
fn require_role(env: &Env, role: BytesN<32>, account: Address)) that calls account.require_auth().
- Admin Functions: Implement external functions to
grant_role, revoke_role, and renounce_role. Only accounts holding the DEFAULT_ADMIN_ROLE should be able to grant or revoke other roles.
Acceptance Criteria
Context and Motivation
Currently, the
TradeFlow-Coreadministrative functions likely rely on a simple single-administrator/owner pattern. However, for an institutional-grade RWA (Real World Asset) and factoring protocol, relying on a single key represents a critical single point of failure and a significant security risk. We need to implement a decentralized, Role-Based Access Control (RBAC) system.Different operational roles—such as upgrading contracts, altering fee structures, whitelisting KYC'd addresses, and triggering emergency pauses—must be separated and assignable to different multi-sig wallets or administrative entities.
Technical Specification
The contributor must design an RBAC module in Rust for the Soroban smart contracts.
BytesN<32>hashes for roles likeDEFAULT_ADMIN_ROLE,FEE_MANAGER_ROLE,PAUSER_ROLE,KYC_MANAGER_ROLE).Instancestorage to map(Address, Role) => bool.fn require_role(env: &Env, role: BytesN<32>, account: Address)) that callsaccount.require_auth().grant_role,revoke_role, andrenounce_role. Only accounts holding theDEFAULT_ADMIN_ROLEshould be able to grant or revoke other roles.Acceptance Criteria
src/test.rsdemonstrating role granting, revoking, and unauthorized access rejections.extend_ttl) is properly managed for role mappings.