consistent behavior for granting and revoking dao write permission to storage

preston4896 · preston4896 · commit c4732ca930bc · 2025-01-22T13:04:16.000+08:00
diff --git a/script/automata/ConfigAutomataDao.s.sol b/script/automata/ConfigAutomataDao.s.sol
@@ -23,11 +23,11 @@ contract ConfigAutomataDao is Script {
     address enclaveIdentityHelper = vm.envAddress("ENCLAVE_IDENTITY_HELPER");
     address fmspcTcbHelper = vm.envAddress("FMSPC_TCB_HELPER");
 
-    function updateStorageDao() public {
+    function grantDao(address dao) public {
         vm.broadcast(privateKey);
 
         AutomataDaoStorage pccsStorage = AutomataDaoStorage(pccsStorageAddr);
-        pccsStorage.updateDao(pcsDaoAddr, pckDaoAddr, fmspcTcbDaoAddr, enclaveIdDaoAddr);
+        pccsStorage.grantDao(dao);
     }
 
     function revokeDao(address dao) public {
diff --git a/script/automata/DeployAutomataDao.s.sol b/script/automata/DeployAutomataDao.s.sol
@@ -53,7 +53,11 @@ contract DeployAutomataDao is P256Configuration {
             new AutomataFmspcTcbDao(address(pccsStorage), simulateVerify(), address(pcsDao), fmspcTcbHelper, x509);
         console.log("AutomataFmspcTcbDao deployed at: ", address(fmspcTcbDao));
 
-        pccsStorage.updateDao(address(pcsDao), address(pckDao), address(fmspcTcbDao), address(enclaveIdDao));
+        // grants the DAOs permission to write to storage
+        pccsStorage.grantDao(address(pcsDao));
+        pccsStorage.grantDao(address(pckDao));
+        pccsStorage.grantDao(address(enclaveIdDao));
+        pccsStorage.grantDao(address(fmspcTcbDao));
     }
 
     function deployStorage() public broadcastKey(privateKey) {
diff --git a/src/automata_pccs/shared/AutomataDaoStorage.sol b/src/automata_pccs/shared/AutomataDaoStorage.sol
@@ -45,11 +45,8 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus
         _unpause();
     }
 
-    function updateDao(address _pcsDao, address _pckDao, address _fmspcTcbDao, address _enclaveIdDao)
-        external
-        onlyOwner
-    {
-        _updateDao(_pcsDao, _pckDao, _fmspcTcbDao, _enclaveIdDao);
+    function grantDao(address granted) external onlyOwner {
+        _authorized_writers[granted] = true;
     }
 
     function revokeDao(address revoked) external onlyOwner {
@@ -93,13 +90,6 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus
         }
     }
 
-    function _updateDao(address _pcsDao, address _pckDao, address _fmspcTcbDao, address _enclaveIdDao) private {
-        _authorized_writers[_pcsDao] = true;
-        _authorized_writers[_pckDao] = true;
-        _authorized_writers[_fmspcTcbDao] = true;
-        _authorized_writers[_enclaveIdDao] = true;
-    }
-
     /// Attestation ID Computation
     bytes4 constant DATA_ATTESTATION_MAGIC = 0x54a09e9a;
     bytes4 constant HASH_ATTESTATION_MAGIC = 0x628ab4d2;
diff --git a/test/TestSetupBase.t.sol b/test/TestSetupBase.t.sol
@@ -66,7 +66,11 @@ abstract contract TestSetupBase is Test {
         pck =
             new AutomataPckDao(address(pccsStorage), P256_VERIFIER, address(pcs), address(x509Lib), address(x509CrlLib));
 
-        pccsStorage.updateDao(address(pcs), address(pck), address(fmspcTcbDao), address(enclaveIdDao));
+        // grants dao permissions to write to the storage
+        pccsStorage.grantDao(address(pcs));
+        pccsStorage.grantDao(address(pck));
+        pccsStorage.grantDao(address(fmspcTcbDao));
+        pccsStorage.grantDao(address(enclaveIdDao));
 
         // grants admin address permission to read collaterals
         pccsStorage.setCallerAuthorization(admin, true);
diff --git a/test/tcb/TCBMockTest.t.sol b/test/tcb/TCBMockTest.t.sol
@@ -20,7 +20,7 @@ contract TcbMockTest is PCSSetupBase, TCBConstants {
         );
 
         vm.prank(admin);
-        pccsStorage.updateDao(address(pcs), address(pck), address(tcb), address(enclaveIdDao));
+        pccsStorage.grantDao(address(tcb));
     }
 
     function testMockFmspcTcbTdxV3() public {

Original file line number	Diff line number	Diff line change
`@@ -45,11 +45,8 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus`
`45`	`45`	`_unpause();`
`46`	`46`	`}`
`47`	`47`
`48`		`- function updateDao(address _pcsDao, address _pckDao, address _fmspcTcbDao, address _enclaveIdDao)`
`49`		`- external`
`50`		`- onlyOwner`
`51`		`- {`
`52`		`- _updateDao(_pcsDao, _pckDao, _fmspcTcbDao, _enclaveIdDao);`
	`48`	`+ function grantDao(address granted) external onlyOwner {`
	`49`	`+ _authorized_writers[granted] = true;`
`53`	`50`	`}`
`54`	`51`
`55`	`52`	`function revokeDao(address revoked) external onlyOwner {`
`@@ -93,13 +90,6 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus`
`93`	`90`	`}`
`94`	`91`	`}`
`95`	`92`
`96`		`- function _updateDao(address _pcsDao, address _pckDao, address _fmspcTcbDao, address _enclaveIdDao) private {`
`97`		`- _authorized_writers[_pcsDao] = true;`
`98`		`- _authorized_writers[_pckDao] = true;`
`99`		`- _authorized_writers[_fmspcTcbDao] = true;`
`100`		`- _authorized_writers[_enclaveIdDao] = true;`
`101`		`- }`
`102`		`-`
`103`	`93`	`/// Attestation ID Computation`
`104`	`94`	`bytes4 constant DATA_ATTESTATION_MAGIC = 0x54a09e9a;`
`105`	`95`	`bytes4 constant HASH_ATTESTATION_MAGIC = 0x628ab4d2;`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ contract TcbMockTest is PCSSetupBase, TCBConstants {`
`20`	`20`	`);`
`21`	`21`
`22`	`22`	`vm.prank(admin);`
`23`		`- pccsStorage.updateDao(address(pcs), address(pck), address(tcb), address(enclaveIdDao));`
	`23`	`+ pccsStorage.grantDao(address(tcb));`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`function testMockFmspcTcbTdxV3() public {`