Other Authorizers
Last updated
Last updated
Cobo Safe
is embedded with multiple types of built-in Authorizers
.
FuncAuthorizer
is a simple Authorizer
that is used to validate the address and the function of a smart contract call.
Assume that an Owner
wants to authorize a Delegate
to transfer USDT
via Ethereum. This can be achieved through the following configuration of FuncAuthorizer
:
Validate that the USDT
contract address is 0xdAC17F958D2ee523a2206206994597C13D831ec7.
Validate that the transaction will invoke the transfer(address,uint256)
function. Note that this function must follow the .
Call addContractFuncs()
or addContractFuncsSig()
of FuncAuthorizer
to add the above address and function.
Please note that FuncAuthorizer
only validates the address and the function of a smart contract call. It does not validate the parameters that are passed in when the contract is called. For example, FuncAuthorizer
cannot be used to configure the receipt or the USDT transaction amount. You will need to manually write an ACL instead to implement access controls at the granular level.
TransferAuthorizer
allows you to validate the token type
and receipt
of a transaction using the addTokenReceivers
function. The Delegate
can transfer the authorized type
of tokens directly to the receipt
.
Note that for ERC-20 tokens, the token type
will be the token address. For native tokens, the token type
will be 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE
.
ArgusRootAuthorizer
is the default type of Authorizer
on Cobo Argus. ArgusRootAuthorizer
is not used for validation purposes. Instead, it is used to maintain a set of Sub-Authorizers
.
ArgusRootAuthorizer
is also designed in the (RBAC) framework. You can use ArgusRootAuthorizer
to configure one or multiple Sub-Authorizers
for each Role
.
When a transaction is sent to ArgusRootAuthorizer
:
ArgusRootAuthorizer
will query the Delegate
of the transaction and identify the Role
assigned to the Delegate
with the help of a Role Manager
.
ArgusRootAuthorizer
will query the Sub-Authorizers
associated with each Role
.
ArgusRootAuthorizer
will call the Sub-Authorizers
associated with each Role
. If the transaction passes validation from any of these Sub-Authorizers
, it will be approved. If the transaction fails validation from all of these Sub-Authorizers
, it will be rejected.
If a Sub-Authorizer
contains both preExecCheck
and postExecCheck
, a transaction will be approved only if it passes validation from both functions.
You can add additional data, referred to as hint
, during a smart contract call in order to accelerate the validation process and save on gas fees.
The hint
field can be passed in in a CallData
struct as follows when a transaction is sent to an Authorizer
:
With ArgusRootAuthorizer
, for instance, multiple Roles
can be assigned to a Delegate
and each Role
can be associated with multiple Authorizers
. A transaction will be approved if it successfully passes validation from any of these Authorizers
. In this case, Role
and Authorizer
can be used as hint
to determine the specific Authorizer
whose validation the transaction will pass:
Execute the execTransaction()
function by making an eth_call
call without setting the hint
field. The hint
field returned in TransactionResult
will be the hint
of this transaction.
Pass in this hint
to CallData
.
Decode hint
in ArgusRootAuthorizer
to query the Role
and Authorizer
.
Use Role Manager
to validate whether the Role
obtained in step 3 corresponds to the Delegate
of this transaction.
Validate whether the Authorizer
obtained in step 3 has been registered in ArgusRootAuthorizer
.
The hint
is considered invalid if either step 4 or step 5 fails. The transaction will be directly rejected.
The hint
is considered valid if both step 4 and step 5 succeed. You can use the Authorizer
specified in the hint
to validate the transaction.