Permissioning Smart Contracts
Audit
Version 1 of these contracts was audited by a third party. Read the report here
Production use
Please contact us if you have questions. Additionally we would love to hear from you if you are considering using this implementation of onchain permissioning in a production environment.
License
The contents of this repository are Apache 2.0 licensed. Important: The dependency chain for this Dapp includes web3js which is LGPL licensed.
Using
You probably got here from Besu. The Besu documentation describes how to use the contracts for onchain permissioning with Besu.
We recommend you use the latest released version of this project.
Development
Note: The build process for the Dapp is currently not supported on Windows. Please use the provided distribution available at the projects release page if on Windows.
Initialize dependencies
Run yarn install
to initialize project dependencies. This step is only required when setting up the project
for the first time.
Linting
Linting is set up for contracts using solium
, and for source files using prettier
. To run linting over your code execute yarn run lint
.
Testing
yarn test
Permissioning Management Dapp
The Dapp will facilitate managing permissioning rules and maintaining the list of admin accounts that can edit rules.
Note: if you want to run against Besu, follow the Besu docs.
ONLY use these instructions if you are doing development work on the Dapp itself, in which case connecting to a development server (Ganache) will enable faster development.
This is the easiest way to get started for development with the permissioning Dapp:
Compile and migrate the contracts (Development mode)
- Delete your environment variables named
NODE_INGRESS_CONTRACT_ADDRESS
,ACCOUNT_INGRESS_CONTRACT_ADDRESS
,ACCOUNT_STORAGE_CONTRACT_ADDRESS
,NODE_STORAGE_CONTRACT_ADDRESS
ANDCHAIN_ID
- you might need to restart your terminal session to have your changes applied. If you are using a.env
file, you can comment out the variables. - Start a terminal session and start a Truffle Ganache node running
truffle develop
. This will start a Ganache node and create a Truffle console session. - In the truffle console, run all migrations from scratch with
migrate --reset
. Keep this terminal session open to maintain your Ganache node running.
Start the development server
- Run
yarn run build
to build the Dapp. - Run
yarn run start
to start the web server that is serving our Dapp. - In your browser, connect MetaMask to the Ganache network (the default endpoint is
http://127.0.0.1:9545/
) - When you start Ganache, it gives you a list of accounts and private keys. Import the first one in MetaMask to impersonate the first admin of the system.
- Navigate to
http://localhost:3000
to access the Permissioning Dapp. - All changes made to the smart contracts or to the Dapp code are automatically refreshed on the website. There is no need to restart the web server after making changes.
Snapshots
Snapshots are compared as part of the test suite, to check any changes made to the Dapp are sensible. If you change the Dapp, you also need to update the snapshots.
yarn jest -u
- or if using npm:
npm run test:app -- -u
Build the permissioning Dapp for deployment
- Compile and migrate the contracts
- Run
yarn run build
will assemble index.html and all other files inbuild/
- You can use your preferred web server technology to serve the contents of
build/
as static files. - You will need to set up MetaMask as for the development server
Deployment
Deploying the contracts
- The Besu documentation describes how to use the contracts for onchain permissioning with Besu, including setting environment variables.
- The following additional environment variables are optional and can be used to prevent redeployment of rules contracts. If set to true, that contract will not be redeployed and current list data will be preserved. If absent or not set to
true
, the specified contract will be redeployed. This allows you, for instance, to retain the Admin contract while redeploying NodeRules and AccountRules, or any other combination.
RETAIN_ADMIN_CONTRACT=true
RETAIN_NODE_RULES_CONTRACT=true
RETAIN_ACCOUNT_RULES_CONTRACT=true
- The following additional environment variables are optional and can be used to permit accounts and nodes during initial contract deployment
-
INITIAL_ADMIN_ACCOUNTS
: The admin account addresses. Comma-separated multiple addresses can be specified -
INITIAL_ALLOWLISTED_ACCOUNTS
: The permitted account addresses. Comma-separated multiple addresses can be specified -
INITIAL_ALLOWLISTED_NODES
: The enode URLs of permitted nodes. Comma-separated multiple nodes can be specified
- If this is the first time setting up the project, run
yarn install
to initialize project dependencies, otherwise skip this step - With these environment variables provided run
truffle migrate --reset
to deploy the contracts
Deploying the Dapp
- Obtain the most recent release (tarball or zip) from the projects release page
- Unpack the distribution into a folder that will be available to your webserver
- Add to the root of that folder a file
config.json
with the following contents
Note: The networkID
is defined as the chainID
in the genesis file.
{
"accountIngressAddress": "<Address of the account ingress contract>",
"nodeIngressAddress": "<Address of the node ingress contract>",
"networkId": "<ID of your ethereum network>"
}
- Use a webserver of your choice to host the contents of the folder as static files directing root requests to
index.html