Multi-bridge Message Aggregation
  • 😇Start here
    • Multi-bridge Message Aggregation
    • Life-cycle of a Transaction
    • Getting Started
    • Links
    • Glossary
  • 🪨Core Contracts
    • Message Structure
    • Multi-bridge Message Sender
    • Multi-bridge Message Receiver
  • 🥅Bridge Adapters
    • What are adapters?
    • Message Sender Adapters
    • Message Receiver Adapters
  • 🔐Security
    • Access Control
    • Governance Timelock
    • Emergency Response
Powered by GitBook
On this page
  • Global Access Control (GAC.sol)
  • MultiBridgeMessageSender
  • MultiBridgeMessageReceiver
  1. Security

Access Control

PreviousMessage Receiver AdaptersNextGovernance Timelock

Last updated 1 year ago

Global Access Control (GAC.sol)

Access control information is stored in a single Global Access Control contract on each chain. The GAC contract is ownable and the owner of the contract is also the global owner for the deployment on each chain.

This globalowner can perform privileged operations such as updating the list of bridge sender adapters on the source chain for example. On the destination chain, a global owner can perform operations such as updating the list of bridge receiver adapters in the MultiBridgeMessageReceiver contract or changing the quorum threshold.

There are two types of GAC contracts:

  1. MessageSenderGAC: Manages access control information on the source chain

  2. MessageReceiverGAC: Manages access control information on the destination chain

Note: In the case of Uniswap, to ensure that only the Uniswap DAO can control key protocol parameters, the global owner of all components that require privileged control on the source chain will be the . Similarly, the global owner on destination chains would be the corresponding .

MultiBridgeMessageSender

/// @dev Global Access Controller (GAC) contract
MessageSenderGAC public immutable senderGAC;

Access control for MultiBridgeMessageSender is managed through a Global Access Control contract, MessageSenderGAC, which maintains an authorised caller address and a global owner address.

Caller

MultiBridgeMessageSender is intended for one caller. In the case of Uniswap governance, the only caller allowed is the Uniswap timelock contract on Ethereum. Address:

Only the caller is allowed to call any function within the MultiMessageSender contract.

Owner

The global owner of the MultiBridgeMessageSender contract and all adapters on the source chain is the . This ensures that only the Uniswap DAO can control parameters relating to the source deployment.

MultiBridgeMessageReceiver

MultiMessageReceiver has two access control elements:

Owner

Receiver Adapters

Message delivery to the MultiBridgeMessageReceiver can only be performed by a list of approved bridge receiver adapters. The list is controlled by the global owner.

    /// @notice Checks whether the caller is an approved bridge receiver adapter
    modifier onlyReceiverAdapter() {
        if (!isTrustedExecutor(msg.sender)) {
            revert Error.INVALID_RECEIVER_ADAPTER();
        }
        _;
    }

The global owner of the MultiBridgeMessageReceiver is the on the destination chain. This ensures that only the Uniswap DAO can control parameters relating to the remote deployment.

🔐
Uniswap V2 Timelock contract
Uniswap Governance Timelock contract
0x1a9C8182C09F50C8318d769245beA52c32BE35BC
Uniswap V2 Timelock contract
Uniswap Governance Timelock contract