-
Notifications
You must be signed in to change notification settings - Fork 11.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: Francisco Giordano <frangio.1@gmail.com>
- Loading branch information
Showing
5 changed files
with
2,364 additions
and
779 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,281 @@ | ||
// SPDX-License-Identifier: MIT | ||
|
||
pragma solidity ^0.6.0; | ||
pragma experimental ABIEncoderV2; | ||
|
||
import "./../math/SafeMath.sol"; | ||
import "./AccessControl.sol"; | ||
|
||
/** | ||
* @dev Contract module which acts as a timelocked controller. When set as the | ||
* owner of an `Ownable` smart contract, it enforces a timelock on all | ||
* `onlyOwner` maintenance operations. This gives time for users of the | ||
* controlled contract to exit before a potentially dangerous maintenance | ||
* operation is applied. | ||
* | ||
* By default, this contract is self administered, meaning administration tasks | ||
* have to go through the timelock process. The proposer (resp executor) role | ||
* is in charge of proposing (resp executing) operations. A common use case is | ||
* to position this {TimelockController} as the owner of a smart contract, with | ||
* a multisig or a DAO as the sole proposer. | ||
*/ | ||
contract TimelockController is AccessControl { | ||
|
||
bytes32 public constant TIMELOCK_ADMIN_ROLE = keccak256("TIMELOCK_ADMIN_ROLE"); | ||
bytes32 public constant PROPOSER_ROLE = keccak256("PROPOSER_ROLE"); | ||
bytes32 public constant EXECUTOR_ROLE = keccak256("EXECUTOR_ROLE"); | ||
uint256 internal constant _DONE_TIMESTAMP = uint256(1); | ||
|
||
mapping(bytes32 => uint256) private _timestamps; | ||
uint256 private _minDelay; | ||
|
||
/** | ||
* @dev Emitted when a call is scheduled as part of operation `id`. | ||
*/ | ||
event CallScheduled(bytes32 indexed id, uint256 indexed index, address target, uint256 value, bytes data, bytes32 predecessor, uint256 delay); | ||
|
||
/** | ||
* @dev Emitted when a call is performed as part of operation `id`. | ||
*/ | ||
event CallExecuted(bytes32 indexed id, uint256 indexed index, address target, uint256 value, bytes data); | ||
|
||
/** | ||
* @dev Emitted when operation `id` is cancelled. | ||
*/ | ||
event Cancelled(bytes32 indexed id); | ||
|
||
/** | ||
* @dev Emitted when the minimum delay for future operations is modified. | ||
*/ | ||
event MinDelayChange(uint256 oldDuration, uint256 newDuration); | ||
|
||
/** | ||
* @dev Initializes the contract with a given `minDelay`. | ||
*/ | ||
constructor(uint256 minDelay, address[] memory proposers, address[] memory executors) public { | ||
_setRoleAdmin(TIMELOCK_ADMIN_ROLE, TIMELOCK_ADMIN_ROLE); | ||
_setRoleAdmin(PROPOSER_ROLE, TIMELOCK_ADMIN_ROLE); | ||
_setRoleAdmin(EXECUTOR_ROLE, TIMELOCK_ADMIN_ROLE); | ||
|
||
// deployer + self administration | ||
_setupRole(TIMELOCK_ADMIN_ROLE, _msgSender()); | ||
_setupRole(TIMELOCK_ADMIN_ROLE, address(this)); | ||
|
||
// register proposers | ||
for (uint256 i = 0; i < proposers.length; ++i) { | ||
_setupRole(PROPOSER_ROLE, proposers[i]); | ||
} | ||
|
||
// register executors | ||
for (uint256 i = 0; i < executors.length; ++i) { | ||
_setupRole(EXECUTOR_ROLE, executors[i]); | ||
} | ||
|
||
_minDelay = minDelay; | ||
emit MinDelayChange(0, minDelay); | ||
} | ||
|
||
/** | ||
* @dev Modifier to make a function callable only by a certain role. In | ||
* addition to checking the sender's role, `address(0)` 's role is also | ||
* considered. Granting a role to `address(0)` is equivalent to enabling | ||
* this role for everyone. | ||
*/ | ||
modifier onlyRole(bytes32 role) { | ||
require(hasRole(role, _msgSender()) || hasRole(role, address(0)), "TimelockController: sender requires permission"); | ||
_; | ||
} | ||
|
||
/* | ||
* @dev Contract might receive/hold ETH as part of the maintenance process. | ||
*/ | ||
receive() external payable {} | ||
|
||
/** | ||
* @dev Returns whether an operation is pending or not. | ||
*/ | ||
function isOperationPending(bytes32 id) public view returns (bool pending) { | ||
return _timestamps[id] > _DONE_TIMESTAMP; | ||
} | ||
|
||
/** | ||
* @dev Returns whether an operation is ready or not. | ||
*/ | ||
function isOperationReady(bytes32 id) public view returns (bool ready) { | ||
// solhint-disable-next-line not-rely-on-time | ||
return _timestamps[id] > _DONE_TIMESTAMP && _timestamps[id] <= block.timestamp; | ||
} | ||
|
||
/** | ||
* @dev Returns whether an operation is done or not. | ||
*/ | ||
function isOperationDone(bytes32 id) public view returns (bool done) { | ||
return _timestamps[id] == _DONE_TIMESTAMP; | ||
} | ||
|
||
/** | ||
* @dev Returns the timestamp at with an operation becomes ready (0 for | ||
* unset operations, 1 for done operations). | ||
*/ | ||
function getTimestamp(bytes32 id) public view returns (uint256 timestamp) { | ||
return _timestamps[id]; | ||
} | ||
|
||
/** | ||
* @dev Returns the minimum delay for an operation to become valid. | ||
*/ | ||
function getMinDelay() public view returns (uint256 duration) { | ||
return _minDelay; | ||
} | ||
|
||
/** | ||
* @dev Returns the identifier of an operation containing a single | ||
* transaction. | ||
*/ | ||
function hashOperation(address target, uint256 value, bytes calldata data, bytes32 predecessor, bytes32 salt) public pure returns (bytes32 hash) { | ||
return keccak256(abi.encode(target, value, data, predecessor, salt)); | ||
} | ||
|
||
/** | ||
* @dev Returns the identifier of an operation containing a batch of | ||
* transactions. | ||
*/ | ||
function hashOperationBatch(address[] calldata targets, uint256[] calldata values, bytes[] calldata datas, bytes32 predecessor, bytes32 salt) public pure returns (bytes32 hash) { | ||
return keccak256(abi.encode(targets, values, datas, predecessor, salt)); | ||
} | ||
|
||
/** | ||
* @dev Schedule an operation containing a single transaction. | ||
* | ||
* Emits a {CallScheduled} event. | ||
* | ||
* Requirements: | ||
* | ||
* - the caller must have the 'proposer' role. | ||
*/ | ||
function schedule(address target, uint256 value, bytes calldata data, bytes32 predecessor, bytes32 salt, uint256 delay) public virtual onlyRole(PROPOSER_ROLE) { | ||
bytes32 id = hashOperation(target, value, data, predecessor, salt); | ||
_schedule(id, delay); | ||
emit CallScheduled(id, 0, target, value, data, predecessor, delay); | ||
} | ||
|
||
/** | ||
* @dev Schedule an operation containing a batch of transactions. | ||
* | ||
* Emits one {CallScheduled} event per transaction in the batch. | ||
* | ||
* Requirements: | ||
* | ||
* - the caller must have the 'proposer' role. | ||
*/ | ||
function scheduleBatch(address[] calldata targets, uint256[] calldata values, bytes[] calldata datas, bytes32 predecessor, bytes32 salt, uint256 delay) public virtual onlyRole(PROPOSER_ROLE) { | ||
require(targets.length == values.length, "TimelockController: length mismatch"); | ||
require(targets.length == datas.length, "TimelockController: length mismatch"); | ||
|
||
bytes32 id = hashOperationBatch(targets, values, datas, predecessor, salt); | ||
_schedule(id, delay); | ||
for (uint256 i = 0; i < targets.length; ++i) { | ||
emit CallScheduled(id, i, targets[i], values[i], datas[i], predecessor, delay); | ||
} | ||
} | ||
|
||
/** | ||
* @dev Schedule an operation that is to becomes valid after a given delay. | ||
*/ | ||
function _schedule(bytes32 id, uint256 delay) private { | ||
require(_timestamps[id] == 0, "TimelockController: operation already scheduled"); | ||
require(delay >= _minDelay, "TimelockController: insufficient delay"); | ||
// solhint-disable-next-line not-rely-on-time | ||
_timestamps[id] = SafeMath.add(block.timestamp, delay); | ||
} | ||
|
||
/** | ||
* @dev Cancel an operation. | ||
* | ||
* Requirements: | ||
* | ||
* - the caller must have the 'proposer' role. | ||
*/ | ||
function cancel(bytes32 id) public virtual onlyRole(PROPOSER_ROLE) { | ||
require(isOperationPending(id), "TimelockController: operation cannot be cancelled"); | ||
delete _timestamps[id]; | ||
|
||
emit Cancelled(id); | ||
} | ||
|
||
/** | ||
* @dev Execute an (ready) operation containing a single transaction. | ||
* | ||
* Emits a {CallExecuted} event. | ||
* | ||
* Requirements: | ||
* | ||
* - the caller must have the 'executor' role. | ||
*/ | ||
function execute(address target, uint256 value, bytes calldata data, bytes32 predecessor, bytes32 salt) public payable virtual onlyRole(EXECUTOR_ROLE) { | ||
bytes32 id = hashOperation(target, value, data, predecessor, salt); | ||
_beforeCall(predecessor); | ||
_call(id, 0, target, value, data); | ||
_afterCall(id); | ||
} | ||
|
||
/** | ||
* @dev Execute an (ready) operation containing a batch of transactions. | ||
* | ||
* Emits one {CallExecuted} event per transaction in the batch. | ||
* | ||
* Requirements: | ||
* | ||
* - the caller must have the 'executor' role. | ||
*/ | ||
function executeBatch(address[] calldata targets, uint256[] calldata values, bytes[] calldata datas, bytes32 predecessor, bytes32 salt) public payable virtual onlyRole(EXECUTOR_ROLE) { | ||
require(targets.length == values.length, "TimelockController: length mismatch"); | ||
require(targets.length == datas.length, "TimelockController: length mismatch"); | ||
|
||
bytes32 id = hashOperationBatch(targets, values, datas, predecessor, salt); | ||
_beforeCall(predecessor); | ||
for (uint256 i = 0; i < targets.length; ++i) { | ||
_call(id, i, targets[i], values[i], datas[i]); | ||
} | ||
_afterCall(id); | ||
} | ||
|
||
/** | ||
* @dev Checks before execution of an operation's calls. | ||
*/ | ||
function _beforeCall(bytes32 predecessor) private view { | ||
require(predecessor == bytes32(0) || isOperationDone(predecessor), "TimelockController: missing dependency"); | ||
} | ||
|
||
/** | ||
* @dev Checks after execution of an operation's calls. | ||
*/ | ||
function _afterCall(bytes32 id) private { | ||
require(isOperationReady(id), "TimelockController: operation is not ready"); | ||
_timestamps[id] = _DONE_TIMESTAMP; | ||
} | ||
|
||
/** | ||
* @dev Execute an operation's call. | ||
* | ||
* Emits a {CallExecuted} event. | ||
*/ | ||
function _call(bytes32 id, uint256 index, address target, uint256 value, bytes calldata data) private { | ||
// solhint-disable-next-line avoid-low-level-calls | ||
(bool success,) = target.call{value: value}(data); | ||
require(success, "TimelockController: underlying transaction reverted"); | ||
|
||
emit CallExecuted(id, index, target, value, data); | ||
} | ||
|
||
/** | ||
* @dev Changes the timelock duration for future operations. | ||
* | ||
* Emits a {MinDelayChange} event. | ||
*/ | ||
function updateDelay(uint256 newDelay) external virtual { | ||
require(msg.sender == address(this), "TimelockController: caller must be timelock"); | ||
emit MinDelayChange(_minDelay, newDelay); | ||
_minDelay = newDelay; | ||
} | ||
} |
Oops, something went wrong.