Access Control from a Specific Contract

In the contract functions, access control on the addresses that can call is important.

If you only accept instructions from specific addresses, it may be implemented as follows.

contract SomeContract is VersionContract {

    address owner = msg.sender;
    mapping(address => bool) allowAddresses;

    function SomeContract(ContractNameService _cns) VersionContract(_cns, "SomeContract") {}

    modifier onlyOwner() {
        if (owner != msg.sender) throw;
        _;
    }
    modifier onlyAllowAddress() {
        if (!allowAddresses[msg.sender]) throw;
        _;
    }
    function someMethod(bytes _sign, uint _timestamp, uint _p1, bytes32 _p2) onlyAllowAddress {
        // do something
    }

    function addAllowAddress(address _addr) onlyOwner {
        allowAddresses[_addr] = true;
    }
}

However, with the above method, it is required to manage the list of allowed caller address (allowAddresses).

Basically it would be called from a VersionLogic subclass when called from a contract created with basic contract configuration.

Contracts called from VersionLogic subclass's must be in a format that can be handled even if the version is upgraded and the address changes.

To that end, we have implemented ContractNameService#isVersionLogic.

By changing the authentication of the caller's address as follows, calling from the target contract is permitted even if the version goes up.

contract SomeContract is VersionContract {

    address owner = msg.sender;
    mapping(address => mapping(bytes32 => bool)) allowCnsContract;

    function SomeContract(ContractNameService _cns) VersionContract(_cns, "SomeContract") {}

    modifier onlyOwner() {
        if (owner != msg.sender) throw;
        _;
    }
    modifier onlyAllowCnsContract() {
        VersionLogic logic = VersionLogic(msg.sender);
        if (!allowCnsContract[logic.getCns()][logic.getContractName()]) throw;
        if (!logic.getCns().isVersionLogic(_sender, logic.getContractName())) throw;
        _;
    }
    function someMethod(bytes _sign, uint _timestamp, uint _p1, bytes32 _p2) onlyAllowCnsContract {
        // do something
    }

    function addCnsContract(address _cns, bytes32 _contractName) onlyOwner {
        allowAddresses[addr] = true;
    }
}

Actually, the following is required.

  • Implement each field separately to the logic by implementing it in a Field contract.
  • For each ID make the permitted CNS address + Contract configurable.

For details on how to implement based on these conditions, refer to the following contract implementation.

results matching ""

    No results matching ""