ValidatorManager is PoA when deployed on its own #711
Conversation
cam-schultz
requested review from
iansuvak,
richardpringle,
geoff-vball,
bernard-avalabs and
michaelkaplan13
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -53,12 +53,11 @@ | |||
| * | |||
| * @custom:security-contact https://github.com/ava-labs/icm-contracts/blob/main/SECURITY.md | |||
| */ | |||
| contract ValidatorManager is Initializable, ContextUpgradeable, ACP99Manager { | |||
| contract ValidatorManager is Initializable, OwnableUpgradeable, ACP99Manager { | |||
Check notice
Code scanning / Semgrep OSS
Semgrep Finding: solidity.best-practice.use-ownable2step.use-ownable2step Note
There was a problem hiding this comment.
I really like this simplification -- even if the majority of the deletion delta is from the .sol and bindings, I think it also makes it simpler to explain and being able to verbally distinguish between "staking manager" and "validator manager' without the "validator manager" term being overloaded.
There was a problem hiding this comment.
I really like this simplification -- even if the majority of the deletion delta is from the .sol and bindings, I think it also makes it simpler to explain and being able to verbally distinguish between "staking manager" and "validator manager' without the "validator manager" term being overloaded.
To solidify that, I renamed |
There was a problem hiding this comment.
This is actually a comment in my draft that I can drop now from the main separation PR. I was happy to wait until the big one is merged to suggest it but I agree that now is as good a time as any!
It's also more accurate since it no longer handles validator state updates just stake related ones.
cam-schultz
merged commit 1a13fa0
into
acp-99-reference-impl-multi-contract
Why this should be merged
To implement a multi contract validator manager,
ValidatorManagerfunctions that modify validator state are restricted to the "specialization" contract (e.g.PoSValidatorManager) via anonlyAdminmodifier. This is identical to how OpenZeppelinOwnablecontracts work, which is the only meaningful logic contained inPoAValidatorManager. Given these similarities, folding the PoA use case intoValidatorManagerdirectly is the simpler approach.One consequence of this design is that in the PoA case, only the admin may deliver ICM messages to complete validator registration or removal. This can of course be worked around, but I'm not convinced this is a use case worth supporting, since permissionless interaction with a PoA contract is antithetical.
How this works
Removes
PoAValidatorManagerand modifiesValidatorManagerto implementOwnableUpgradeable.How this was tested
Updated e2e subnet conversion flow to support `
ValidatorManager(i.e. PoA)ValidatorManager's ownerHow is this documented
Updated README and class diagrams