Project description

Eth permissions audit library

This project defines a simple library for obtaining smart contract permissions and building a graph.

It's aimed at contracts using Openzeppelin's AccessControl module.

Installation

Simply install with pip or your preferred package manager:

pip install eth-permissions

Usage as a library

We use eth-prototype's wrappers for accessing the blockchain information. The simplest way to use it is to export the following environment variables:

export DEFAULT_PROVIDER=w3

# You can use any json-rpc node supported by web3py.
export WEB3_PROVIDER_URI=https://polygon-mainnet.g.alchemy.com/v2/<YOUR KEY>

Use the chaindata module to get the full permissions detail:

from eth_permissions.chaindata import EventStream

stream = EventStream("IAccessControl", "0x47E2aFB074487682Db5Db6c7e41B43f913026544")

stream.snapshot

# [
#  {'role': Role('DEFAULT_ADMIN_ROLE'),
#   'members': ['0xCfcd29CD20B6c64A4C0EB56e29E5ce3CD69336D2']},
#  {'role': Role('UNKNOWN ROLE: 0x2582...a559'),
#   'members': ['0x9dA2192C820C5cC37d26A3F97d7BcF1Bc04232A3']},
#  ...
#  {'role': Role('UNKNOWN ROLE: 0xf17c...fd8a'),
#   'members': ['0x76B349e14a5B5FAF8090313Aa393e1b37aC5E126']},
# ]

You can register your roles to get the actual names in the result. See main.py for an example of how to do that.

Usage as a command line tool

First set up some env vars:

# Env vars for eth-prototype
export DEFAULT_PROVIDER=w3
export WEB3_PROVIDER_URI=https://polygon-mainnet.g.alchemy.com/v2/<YOUR KEY>

# Values for ensuro v2 on mainnet as of dec 2023, change accordingly for other contracts
export KNOWN_ROLES=GUARDIAN_ROLE,LEVEL1_ROLE,LEVEL2_ROLE,LEVEL3_ROLE,RESOLVER_ROLE,POLICY_CREATOR_ROLE,PRICER_ROLE,...
export KNOWN_COMPONENTS=0xa65c9dE776d1f30c095EFF9C775E001a1d366df8,0x37fE456EFF897CB5dDF040A5e95f399EaBc162ca
export KNOWN_COMPONENT_NAMES="KoalaV2,Koala Partner B"

Then run eth-permissions:

python -m eth_permissions --view --output test.png 0x47E2aFB074487682Db5Db6c7e41B43f913026544

This will create the file test.png and open it with the default viewer. It will look like this:

Run python -m eth_permissions --help to see all available flags and options.

App

Check app/Readme for a simple app that exposes this API over http for use on a frontend app.

TODO

Add support for Ownable contracts
Address book
Add multisig intelligence (detect when a role member is a multisig and obtain its members)
Timelock detection

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.2.3

Dec 26, 2022

0.2.2

Dec 6, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

eth-permissions-0.2.3.tar.gz (115.7 kB view hashes)

Uploaded Dec 26, 2022 Source

Built Distribution

eth_permissions-0.2.3-py3-none-any.whl (9.2 kB view hashes)

Uploaded Dec 26, 2022 Python 3

Hashes for eth-permissions-0.2.3.tar.gz

Hashes for eth-permissions-0.2.3.tar.gz
Algorithm	Hash digest
SHA256	`64cc39a33e324fed41173c007a45b16ecda72b5ad30d0e147ed29c9f2c8190a2`
MD5	`40bfc204714fec536264ef524304e9d2`
BLAKE2b-256	`21403acf7c05823ef6b40c668ae168ebe56b7e178d5195218ee9eee989400924`

Hashes for eth_permissions-0.2.3-py3-none-any.whl

Hashes for eth_permissions-0.2.3-py3-none-any.whl
Algorithm	Hash digest
SHA256	`cc75759248b69873c3a1b405adcf16e3c350419aa8ee5090e6c3ab77600e9bab`
MD5	`043bd6f542ab1eebfd5c1828954150b0`
BLAKE2b-256	`57459c79251570ccc3e71d1a2b2b45384d81ad3139f5ac62d0f05b2dd0c475c9`