Merge pull request #19 from automata-network/DEV-3733

preston4896 · web-flow · commit b4002d0ba000 · 2025-02-28T10:50:58.000+08:00
[TOB] DEV-3733: ID-3
diff --git a/script/automata/ConfigAutomataDao.s.sol b/script/automata/ConfigAutomataDao.s.sol
@@ -23,11 +23,11 @@ contract ConfigAutomataDao is Script {
     address enclaveIdentityHelper = vm.envAddress("ENCLAVE_IDENTITY_HELPER");
     address fmspcTcbHelper = vm.envAddress("FMSPC_TCB_HELPER");
 
-    function updateStorageDao() public {
+    function grantDao(address dao) public {
         vm.broadcast(privateKey);
 
         AutomataDaoStorage pccsStorage = AutomataDaoStorage(pccsStorageAddr);
-        pccsStorage.updateDao(pcsDaoAddr, pckDaoAddr, fmspcTcbDaoAddr, enclaveIdDaoAddr);
+        pccsStorage.grantDao(dao);
     }
 
     function revokeDao(address dao) public {
diff --git a/script/automata/DeployAutomataDao.s.sol b/script/automata/DeployAutomataDao.s.sol
@@ -53,7 +53,11 @@ contract DeployAutomataDao is P256Configuration {
             new AutomataFmspcTcbDao(address(pccsStorage), simulateVerify(), address(pcsDao), fmspcTcbHelper, x509);
         console.log("AutomataFmspcTcbDao deployed at: ", address(fmspcTcbDao));
 
-        pccsStorage.updateDao(address(pcsDao), address(pckDao), address(fmspcTcbDao), address(enclaveIdDao));
+        // grants the DAOs permission to write to storage
+        pccsStorage.grantDao(address(pcsDao));
+        pccsStorage.grantDao(address(pckDao));
+        pccsStorage.grantDao(address(enclaveIdDao));
+        pccsStorage.grantDao(address(fmspcTcbDao));
     }
 
     function deployStorage() public broadcastKey(privateKey) {
diff --git a/src/automata_pccs/shared/AutomataDaoStorage.sol b/src/automata_pccs/shared/AutomataDaoStorage.sol
@@ -17,6 +17,9 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus
     mapping(address => bool) _authorized_readers;
     mapping(bytes32 attId => bytes collateral) _db;
 
+    event SetAuthorizedWriter(address caller, bool authorized);
+    event SetAuthorizedReader(address caller, bool authorized);
+
     modifier onlyDao(address dao) {
         require(_authorized_writers[dao], "FORBIDDEN");
         _;
@@ -26,15 +29,15 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus
         _initializeOwner(msg.sender);
 
         // adding address(0) as an authorized_reader to allow eth_call
-        _authorized_readers[address(0)] = true;
+        _setAuthorizedReader(address(0), true);
     }
 
     function isAuthorizedCaller(address caller) external view returns (bool) {
         return _authorized_readers[caller];
     }
 
     function setCallerAuthorization(address caller, bool authorized) external onlyOwner {
-        _authorized_readers[caller] = authorized;
+        _setAuthorizedReader(caller, authorized);
     }
 
     function pauseCallerRestriction() external onlyOwner whenNotPaused {
@@ -45,15 +48,12 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus
         _unpause();
     }
 
-    function updateDao(address _pcsDao, address _pckDao, address _fmspcTcbDao, address _enclaveIdDao)
-        external
-        onlyOwner
-    {
-        _updateDao(_pcsDao, _pckDao, _fmspcTcbDao, _enclaveIdDao);
+    function grantDao(address granted) external onlyOwner {
+        _setAuthorizedWriter(granted, true);
     }
 
     function revokeDao(address revoked) external onlyOwner {
-        _authorized_writers[revoked] = false;
+        _setAuthorizedWriter(revoked, false);
     }
 
     function collateralPointer(bytes32 key) external pure override returns (bytes32 collateralAttId) {
@@ -93,13 +93,6 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus
         }
     }
 
-    function _updateDao(address _pcsDao, address _pckDao, address _fmspcTcbDao, address _enclaveIdDao) private {
-        _authorized_writers[_pcsDao] = true;
-        _authorized_writers[_pckDao] = true;
-        _authorized_writers[_fmspcTcbDao] = true;
-        _authorized_writers[_enclaveIdDao] = true;
-    }
-
     /// Attestation ID Computation
     bytes4 constant DATA_ATTESTATION_MAGIC = 0x54a09e9a;
     bytes4 constant HASH_ATTESTATION_MAGIC = 0x628ab4d2;
@@ -109,6 +102,16 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus
         attestationId = keccak256(abi.encodePacked(magic, key));
     }
 
+    function _setAuthorizedWriter(address caller, bool authorized) private {
+        _authorized_writers[caller] = authorized;
+        emit SetAuthorizedWriter(caller, authorized);
+    }
+
+    function _setAuthorizedReader(address caller, bool authorized) private {
+        _authorized_readers[caller] = authorized;
+        emit SetAuthorizedReader(caller, authorized);
+    }
+
     /// TCB Management
     using EnumerableSet for EnumerableSet.Bytes32Set;
 
diff --git a/test/TestSetupBase.t.sol b/test/TestSetupBase.t.sol
@@ -66,7 +66,11 @@ abstract contract TestSetupBase is Test {
         pck =
             new AutomataPckDao(address(pccsStorage), P256_VERIFIER, address(pcs), address(x509Lib), address(x509CrlLib));
 
-        pccsStorage.updateDao(address(pcs), address(pck), address(fmspcTcbDao), address(enclaveIdDao));
+        // grants dao permissions to write to the storage
+        pccsStorage.grantDao(address(pcs));
+        pccsStorage.grantDao(address(pck));
+        pccsStorage.grantDao(address(fmspcTcbDao));
+        pccsStorage.grantDao(address(enclaveIdDao));
 
         // grants admin address permission to read collaterals
         pccsStorage.setCallerAuthorization(admin, true);
diff --git a/test/tcb/TCBMockTest.t.sol b/test/tcb/TCBMockTest.t.sol
@@ -20,7 +20,7 @@ contract TcbMockTest is PCSSetupBase, TCBConstants {
         );
 
         vm.prank(admin);
-        pccsStorage.updateDao(address(pcs), address(pck), address(tcb), address(enclaveIdDao));
+        pccsStorage.grantDao(address(tcb));
     }
 
     function testMockFmspcTcbTdxV3() public {

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ contract TcbMockTest is PCSSetupBase, TCBConstants {`
`20`	`20`	`);`
`21`	`21`
`22`	`22`	`vm.prank(admin);`
`23`		`- pccsStorage.updateDao(address(pcs), address(pck), address(tcb), address(enclaveIdDao));`
	`23`	`+ pccsStorage.grantDao(address(tcb));`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`function testMockFmspcTcbTdxV3() public {`