Access Control

Global Access Control (GAC.sol)

Access control information is stored in a single Global Access Control contract on each chain. The GAC contract is ownable and the owner of the contract is also the global owner for the deployment on each chain.

This globalowner can perform privileged operations such as updating the list of bridge sender adapters on the source chain for example. On the destination chain, a global owner can perform operations such as updating the list of bridge receiver adapters in the MultiBridgeMessageReceiver contract or changing the quorum threshold.

There are two types of GAC contracts:

  1. MessageSenderGAC: Manages access control information on the source chain

  2. MessageReceiverGAC: Manages access control information on the destination chain

Note: In the case of Uniswap, to ensure that only the Uniswap DAO can control key protocol parameters, the global owner of all components that require privileged control on the source chain will be the Uniswap V2 Timelock contract. Similarly, the global owner on destination chains would be the corresponding Uniswap Governance Timelock contract.

MultiBridgeMessageSender

/// @dev Global Access Controller (GAC) contract
MessageSenderGAC public immutable senderGAC;

Access control for MultiBridgeMessageSender is managed through a Global Access Control contract, MessageSenderGAC, which maintains an authorised caller address and a global owner address.

Caller

MultiBridgeMessageSender is intended for one caller. In the case of Uniswap governance, the only caller allowed is the Uniswap timelock contract on Ethereum. Address: 0x1a9C8182C09F50C8318d769245beA52c32BE35BC

Only the caller is allowed to call any function within the MultiMessageSender contract.

Owner

The global owner of the MultiBridgeMessageSender contract and all adapters on the source chain is the Uniswap V2 Timelock contract. This ensures that only the Uniswap DAO can control parameters relating to the source deployment.

MultiBridgeMessageReceiver

MultiMessageReceiver has two access control elements:

Owner

The global owner of the MultiBridgeMessageReceiver is the Uniswap Governance Timelock contract on the destination chain. This ensures that only the Uniswap DAO can control parameters relating to the remote deployment.

Receiver Adapters

Message delivery to the MultiBridgeMessageReceiver can only be performed by a list of approved bridge receiver adapters. The list is controlled by the global owner.

    /// @notice Checks whether the caller is an approved bridge receiver adapter
    modifier onlyReceiverAdapter() {
        if (!isTrustedExecutor(msg.sender)) {
            revert Error.INVALID_RECEIVER_ADAPTER();
        }
        _;
    }
PreviousMessage Receiver AdaptersNextGovernance Timelock

Last updated