Skip to content

feat(auth): Implement Role-Based Access Control (RBAC) for Protocol Administration #170

Description

@grantfox-oss

Context and Motivation

Currently, the TradeFlow-Core administrative functions likely rely on a simple single-administrator/owner pattern. However, for an institutional-grade RWA (Real World Asset) and factoring protocol, relying on a single key represents a critical single point of failure and a significant security risk. We need to implement a decentralized, Role-Based Access Control (RBAC) system.

Different operational roles—such as upgrading contracts, altering fee structures, whitelisting KYC'd addresses, and triggering emergency pauses—must be separated and assignable to different multi-sig wallets or administrative entities.

Technical Specification

The contributor must design an RBAC module in Rust for the Soroban smart contracts.

  1. Define Roles: Implement a robust way to identify roles (e.g., using BytesN<32> hashes for roles like DEFAULT_ADMIN_ROLE, FEE_MANAGER_ROLE, PAUSER_ROLE, KYC_MANAGER_ROLE).
  2. Storage: Utilize Soroban's Instance storage to map (Address, Role) => bool.
  3. Modifiers/Auth: Create reusable authorization logic (fn require_role(env: &Env, role: BytesN<32>, account: Address)) that calls account.require_auth().
  4. Admin Functions: Implement external functions to grant_role, revoke_role, and renounce_role. Only accounts holding the DEFAULT_ADMIN_ROLE should be able to grant or revoke other roles.

Acceptance Criteria

  • RBAC logic is encapsulated in a reusable module or trait.
  • Critical state-mutating functions (like fee adjustment or pausing) are protected by specific role checks rather than a global admin check.
  • Comprehensive unit tests in src/test.rs demonstrating role granting, revoking, and unauthorized access rejections.
  • Storage lifecycle (extend_ttl) is properly managed for role mappings.

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions