Merge pull request #77 from PracticalParticle/work

Work

Author: JaCoderX

contracts/core/access/RuntimeRBAC.sol

@@ -44,11 +44,8 @@ abstract contract RuntimeRBAC is BaseStateMachine, IRuntimeRBAC {
         uint256 timeLockPeriodSec,
         address eventForwarder
     ) public virtual onlyInitializing {
-        // Initialize base state machine (only if not already initialized)
-        if (!_secureState.initialized) {
-            _initializeBaseStateMachine(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
-        }
-        
+        _initializeBaseStateMachine(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
+
         // Load RuntimeRBAC-specific definitions
         IDefinition.RolePermission memory permissions = RuntimeRBACDefinitions.getRolePermissions();
         _loadDefinitions(
@@ -117,68 +114,95 @@ abstract contract RuntimeRBAC is BaseStateMachine, IRuntimeRBAC {
             IRuntimeRBAC.RoleConfigAction calldata action = actions[i];
 
             if (action.actionType == IRuntimeRBAC.RoleConfigActionType.CREATE_ROLE) {
-                // Decode CREATE_ROLE action data
-                // Format: (string roleName, uint256 maxWallets)
-                (
-                    string memory roleName,
-                    uint256 maxWallets
-                ) = abi.decode(action.data, (string, uint256));
-
-                // Create the role in the secure state with isProtected = false
-                bytes32 roleHash = _createRole(roleName, maxWallets, false);
-
-                _logComponentEvent(_encodeRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType.CREATE_ROLE, roleHash, bytes4(0)));
+                _executeCreateRole(action.data);
             } else if (action.actionType == IRuntimeRBAC.RoleConfigActionType.REMOVE_ROLE) {
-                // Decode REMOVE_ROLE action data
-                // Format: (bytes32 roleHash)
-                (bytes32 roleHash) = abi.decode(action.data, (bytes32));
-                _removeRole(roleHash);
-
-                _logComponentEvent(_encodeRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType.REMOVE_ROLE, roleHash, bytes4(0)));
+                _executeRemoveRole(action.data);
             } else if (action.actionType == IRuntimeRBAC.RoleConfigActionType.ADD_WALLET) {
-                // Decode ADD_WALLET action data
-                // Format: (bytes32 roleHash, address wallet)
-                (bytes32 roleHash, address wallet) = abi.decode(action.data, (bytes32, address));
-                _requireRoleNotProtected(roleHash);
-                _assignWallet(roleHash, wallet);
-
-                _logComponentEvent(_encodeRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType.ADD_WALLET, roleHash, bytes4(0)));
+                _executeAddWallet(action.data);
             } else if (action.actionType == IRuntimeRBAC.RoleConfigActionType.REVOKE_WALLET) {
-                // Decode REVOKE_WALLET action data
-                // Format: (bytes32 roleHash, address wallet)
-                (bytes32 roleHash, address wallet) = abi.decode(action.data, (bytes32, address));
-                _requireRoleNotProtected(roleHash);
-                _revokeWallet(roleHash, wallet);
-
-                _logComponentEvent(_encodeRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType.REVOKE_WALLET, roleHash, bytes4(0)));
+                _executeRevokeWallet(action.data);
             } else if (action.actionType == IRuntimeRBAC.RoleConfigActionType.ADD_FUNCTION_TO_ROLE) {
-                // Decode ADD_FUNCTION_TO_ROLE action data
-                // Format: (bytes32 roleHash, FunctionPermission functionPermission)
-                (
-                    bytes32 roleHash,
-                    EngineBlox.FunctionPermission memory functionPermission
-                ) = abi.decode(action.data, (bytes32, EngineBlox.FunctionPermission));
-
-                _addFunctionToRole(roleHash, functionPermission);
-
-                _logComponentEvent(_encodeRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType.ADD_FUNCTION_TO_ROLE, roleHash, functionPermission.functionSelector));
+                _executeAddFunctionToRole(action.data);
             } else if (action.actionType == IRuntimeRBAC.RoleConfigActionType.REMOVE_FUNCTION_FROM_ROLE) {
-                // Decode REMOVE_FUNCTION_FROM_ROLE action data
-                // Format: (bytes32 roleHash, bytes4 functionSelector)
-                (bytes32 roleHash, bytes4 functionSelector) = abi.decode(action.data, (bytes32, bytes4));
-                _removeFunctionFromRole(roleHash, functionSelector);
-
-                _logComponentEvent(_encodeRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType.REMOVE_FUNCTION_FROM_ROLE, roleHash, functionSelector));
+                _executeRemoveFunctionFromRole(action.data);
             } else {
                 revert SharedValidation.NotSupported();
             }
         }
     }
 
     /**
-     * @dev Encodes RBAC config event payload for ComponentEvent. Decode as (RoleConfigActionType, bytes32 roleHash, bytes4 functionSelector).
+     * @dev Executes CREATE_ROLE: creates a new non-protected role
+     * @param data ABI-encoded (string roleName, uint256 maxWallets)
+     */
+    function _executeCreateRole(bytes calldata data) internal {
+        (string memory roleName, uint256 maxWallets) = abi.decode(data, (string, uint256));
+        bytes32 roleHash = _createRole(roleName, maxWallets, false);
+        _logRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType.CREATE_ROLE, roleHash, bytes4(0));
+    }
+
+    /**
+     * @dev Executes REMOVE_ROLE: removes a role by hash
+     * @param data ABI-encoded (bytes32 roleHash)
+     */
+    function _executeRemoveRole(bytes calldata data) internal {
+        (bytes32 roleHash) = abi.decode(data, (bytes32));
+        _removeRole(roleHash);
+        _logRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType.REMOVE_ROLE, roleHash, bytes4(0));
+    }
+
+    /**
+     * @dev Executes ADD_WALLET: assigns a wallet to a role (role must not be protected)
+     * @param data ABI-encoded (bytes32 roleHash, address wallet)
+     */
+    function _executeAddWallet(bytes calldata data) internal {
+        (bytes32 roleHash, address wallet) = abi.decode(data, (bytes32, address));
+        _requireRoleNotProtected(roleHash);
+        _assignWallet(roleHash, wallet);
+        _logRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType.ADD_WALLET, roleHash, bytes4(0));
+    }
+
+    /**
+     * @dev Executes REVOKE_WALLET: revokes a wallet from a role (role must not be protected)
+     * @param data ABI-encoded (bytes32 roleHash, address wallet)
+     */
+    function _executeRevokeWallet(bytes calldata data) internal {
+        (bytes32 roleHash, address wallet) = abi.decode(data, (bytes32, address));
+        _requireRoleNotProtected(roleHash);
+        _revokeWallet(roleHash, wallet);
+        _logRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType.REVOKE_WALLET, roleHash, bytes4(0));
+    }
+
+    /**
+     * @dev Executes ADD_FUNCTION_TO_ROLE: adds a function permission to a role
+     * @param data ABI-encoded (bytes32 roleHash, FunctionPermission functionPermission)
+     */
+    function _executeAddFunctionToRole(bytes calldata data) internal {
+        (
+            bytes32 roleHash,
+            EngineBlox.FunctionPermission memory functionPermission
+        ) = abi.decode(data, (bytes32, EngineBlox.FunctionPermission));
+        _addFunctionToRole(roleHash, functionPermission);
+        _logRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType.ADD_FUNCTION_TO_ROLE, roleHash, functionPermission.functionSelector);
+    }
+
+    /**
+     * @dev Executes REMOVE_FUNCTION_FROM_ROLE: removes a function permission from a role
+     * @param data ABI-encoded (bytes32 roleHash, bytes4 functionSelector)
+     */
+    function _executeRemoveFunctionFromRole(bytes calldata data) internal {
+        (bytes32 roleHash, bytes4 functionSelector) = abi.decode(data, (bytes32, bytes4));
+        _removeFunctionFromRole(roleHash, functionSelector);
+        _logRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType.REMOVE_FUNCTION_FROM_ROLE, roleHash, functionSelector);
+    }
+
+    /**
+     * @dev Encodes and logs a role config event via ComponentEvent. Payload decodes as (RoleConfigActionType, bytes32 roleHash, bytes4 functionSelector).
+     * @param action The role config action type
+     * @param roleHash The role hash
+     * @param selector The function selector (or zero for N/A)
      */
-    function _encodeRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType action, bytes32 roleHash, bytes4 selector) internal pure returns (bytes memory) {
-        return abi.encode(action, roleHash, selector);
+    function _logRoleConfigEvent(IRuntimeRBAC.RoleConfigActionType action, bytes32 roleHash, bytes4 selector) internal {
+        _logComponentEvent(abi.encode(action, roleHash, selector));
     }
 }

contracts/core/base/BaseStateMachine.sol

@@ -65,12 +65,15 @@ abstract contract BaseStateMachine is Initializable, ERC165Upgradeable, Reentran
         uint256 timeLockPeriodSec,
         address eventForwarder
     ) internal onlyInitializing {
-        __ERC165_init();
-        __ReentrancyGuard_init();
-        
-        _secureState.initialize(initialOwner, broadcaster, recovery, timeLockPeriodSec);
+        // Skip if already initialized (e.g. when multiple components call from Account.initialize)
+        if (!_secureState.initialized) {
+            __ERC165_init();
+            __ReentrancyGuard_init();
+
+            _secureState.initialize(initialOwner, broadcaster, recovery, timeLockPeriodSec);
 
-        _secureState.setEventForwarder(eventForwarder);
+            _secureState.setEventForwarder(eventForwarder);
+        }
     }
 
     // ============ SYSTEM ROLE QUERY FUNCTIONS ============
@@ -294,7 +297,6 @@ abstract contract BaseStateMachine is Initializable, ERC165Upgradeable, Reentran
      */
     function _setHook(bytes4 functionSelector, address hook) internal {
         EngineBlox.addTargetToFunctionHooks(_getSecureState(), functionSelector, hook);
-        _logComponentEvent(abi.encode(functionSelector, hook));
     }
 
     /**
@@ -305,7 +307,6 @@ abstract contract BaseStateMachine is Initializable, ERC165Upgradeable, Reentran
      */
     function _clearHook(bytes4 functionSelector, address hook) internal {
         EngineBlox.removeTargetFromFunctionHooks(_getSecureState(), functionSelector, hook);
-        _logComponentEvent(abi.encode(functionSelector, hook));
     }
 
     /**

contracts/core/execution/GuardController.sol

@@ -72,11 +72,8 @@ abstract contract GuardController is BaseStateMachine {
         uint256 timeLockPeriodSec,
         address eventForwarder
     ) public virtual onlyInitializing {
-        // Initialize base state machine (only if not already initialized)
-        if (!_secureState.initialized) {
-            _initializeBaseStateMachine(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
-        }
-        
+        _initializeBaseStateMachine(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
+
         // Load GuardController-specific definitions
         IDefinition.RolePermission memory guardControllerPermissions = GuardControllerDefinitions.getRolePermissions();
         _loadDefinitions(
@@ -341,56 +338,76 @@ abstract contract GuardController is BaseStateMachine {
             IGuardController.GuardConfigAction calldata action = actions[i];
 
             if (action.actionType == IGuardController.GuardConfigActionType.ADD_TARGET_TO_WHITELIST) {
-                // Decode ADD_TARGET_TO_WHITELIST action data
-                // Format: (bytes4 functionSelector, address target)
-                (bytes4 functionSelector, address target) = abi.decode(action.data, (bytes4, address));
-
-                _addTargetToFunctionWhitelist(functionSelector, target);
-
-                _logComponentEvent(_encodeGuardConfigEvent(IGuardController.GuardConfigActionType.ADD_TARGET_TO_WHITELIST, functionSelector, target));
+                _executeAddTargetToWhitelist(action.data);
             } else if (action.actionType == IGuardController.GuardConfigActionType.REMOVE_TARGET_FROM_WHITELIST) {
-                // Decode REMOVE_TARGET_FROM_WHITELIST action data
-                // Format: (bytes4 functionSelector, address target)
-                (bytes4 functionSelector, address target) = abi.decode(action.data, (bytes4, address));
-
-                _removeTargetFromFunctionWhitelist(functionSelector, target);
-
-                _logComponentEvent(_encodeGuardConfigEvent(IGuardController.GuardConfigActionType.REMOVE_TARGET_FROM_WHITELIST, functionSelector, target));
+                _executeRemoveTargetFromWhitelist(action.data);
             } else if (action.actionType == IGuardController.GuardConfigActionType.REGISTER_FUNCTION) {
-                // Decode REGISTER_FUNCTION action data
-                // Format: (string functionSignature, string operationName, TxAction[] supportedActions)
-                (
-                    string memory functionSignature,
-                    string memory operationName,
-                    EngineBlox.TxAction[] memory supportedActions
-                ) = abi.decode(action.data, (string, string, EngineBlox.TxAction[]));
-
-                bytes4 functionSelector = _registerFunction(functionSignature, operationName, supportedActions);
-
-                _logComponentEvent(_encodeGuardConfigEvent(IGuardController.GuardConfigActionType.REGISTER_FUNCTION, functionSelector, address(0)));
+                _executeRegisterFunction(action.data);
             } else if (action.actionType == IGuardController.GuardConfigActionType.UNREGISTER_FUNCTION) {
-                // Decode UNREGISTER_FUNCTION action data
-                // Format: (bytes4 functionSelector, bool safeRemoval)
-                (bytes4 functionSelector, bool safeRemoval) = abi.decode(action.data, (bytes4, bool));
-
-                _unregisterFunction(functionSelector, safeRemoval);
-
-                _logComponentEvent(_encodeGuardConfigEvent(IGuardController.GuardConfigActionType.UNREGISTER_FUNCTION, functionSelector, address(0)));
+                _executeUnregisterFunction(action.data);
             } else {
                 revert SharedValidation.NotSupported();
             }
         }
     }
 
     /**
-     * @dev Encodes guard config event payload for ComponentEvent. Decode as (GuardConfigActionType, bytes4 functionSelector, address target).
+     * @dev Executes ADD_TARGET_TO_WHITELIST: adds a target address to a function's call whitelist
+     * @param data ABI-encoded (bytes4 functionSelector, address target)
+     */
+    function _executeAddTargetToWhitelist(bytes calldata data) internal {
+        (bytes4 functionSelector, address target) = abi.decode(data, (bytes4, address));
+        _addTargetToFunctionWhitelist(functionSelector, target);
+        _logGuardConfigEvent(IGuardController.GuardConfigActionType.ADD_TARGET_TO_WHITELIST, functionSelector, target);
+    }
+
+    /**
+     * @dev Executes REMOVE_TARGET_FROM_WHITELIST: removes a target address from a function's call whitelist
+     * @param data ABI-encoded (bytes4 functionSelector, address target)
+     */
+    function _executeRemoveTargetFromWhitelist(bytes calldata data) internal {
+        (bytes4 functionSelector, address target) = abi.decode(data, (bytes4, address));
+        _removeTargetFromFunctionWhitelist(functionSelector, target);
+        _logGuardConfigEvent(IGuardController.GuardConfigActionType.REMOVE_TARGET_FROM_WHITELIST, functionSelector, target);
+    }
+
+    /**
+     * @dev Executes REGISTER_FUNCTION: registers a new function schema with signature, operation name, and supported actions
+     * @param data ABI-encoded (string functionSignature, string operationName, TxAction[] supportedActions)
+     */
+    function _executeRegisterFunction(bytes calldata data) internal {
+        (
+            string memory functionSignature,
+            string memory operationName,
+            EngineBlox.TxAction[] memory supportedActions
+        ) = abi.decode(data, (string, string, EngineBlox.TxAction[]));
+
+        bytes4 functionSelector = _registerFunction(functionSignature, operationName, supportedActions);
+        _logGuardConfigEvent(IGuardController.GuardConfigActionType.REGISTER_FUNCTION, functionSelector, address(0));
+    }
+
+    /**
+     * @dev Executes UNREGISTER_FUNCTION: unregisters a function schema by selector
+     * @param data ABI-encoded (bytes4 functionSelector, bool safeRemoval)
+     */
+    function _executeUnregisterFunction(bytes calldata data) internal {
+        (bytes4 functionSelector, bool safeRemoval) = abi.decode(data, (bytes4, bool));
+        _unregisterFunction(functionSelector, safeRemoval);
+        _logGuardConfigEvent(IGuardController.GuardConfigActionType.UNREGISTER_FUNCTION, functionSelector, address(0));
+    }
+
+    /**
+     * @dev Encodes and logs a guard config event via ComponentEvent. Payload decodes as (GuardConfigActionType, bytes4 functionSelector, address target).
+     * @param actionType The guard config action type
+     * @param functionSelector The function selector (or zero for N/A)
+     * @param target The target address (or zero for N/A)
      */
-    function _encodeGuardConfigEvent(
+    function _logGuardConfigEvent(
         IGuardController.GuardConfigActionType actionType,
         bytes4 functionSelector,
         address target
-    ) internal pure returns (bytes memory) {
-        return abi.encode(actionType, functionSelector, target);
+    ) internal {
+        _logComponentEvent(abi.encode(actionType, functionSelector, target));
     }
 
     // ============ INTERNAL FUNCTION SCHEMA HELPERS ============