Library and command line tool for auditing smart contract permissions
Project description
Eth permissions audit library
This project defines a simple library for obtaining smart contract permissions and building a graph.
It's aimed at contracts using Openzeppelin's AccessControl module.
Installation
Simply install with pip
or your preferred package manager:
pip install eth-permissions
Usage as a library
We use eth-prototype's wrappers for accessing the blockchain information. The simplest way to use it is to export the following environment variables:
export DEFAULT_PROVIDER=w3
# You can use any json-rpc node supported by web3py.
export WEB3_PROVIDER_URI=https://polygon-mainnet.g.alchemy.com/v2/<YOUR KEY>
Use the chaindata
module to get the full permissions detail:
from eth_permissions.chaindata import EventStream
stream = EventStream("IAccessControl", "0x47E2aFB074487682Db5Db6c7e41B43f913026544")
stream.snapshot
# [
# {'role': Role('DEFAULT_ADMIN_ROLE'),
# 'members': ['0xCfcd29CD20B6c64A4C0EB56e29E5ce3CD69336D2']},
# {'role': Role('UNKNOWN ROLE: 0x2582...a559'),
# 'members': ['0x9dA2192C820C5cC37d26A3F97d7BcF1Bc04232A3']},
# ...
# {'role': Role('UNKNOWN ROLE: 0xf17c...fd8a'),
# 'members': ['0x76B349e14a5B5FAF8090313Aa393e1b37aC5E126']},
# ]
You can register your roles to get the actual names in the result. See main.py for an example of how to do that.
Usage as a command line tool
First set up some env vars:
# Env vars for eth-prototype
export DEFAULT_PROVIDER=w3
export WEB3_PROVIDER_URI=https://polygon-mainnet.g.alchemy.com/v2/<YOUR KEY>
# Values for ensuro v2 on mainnet as of dec 2023, change accordingly for other contracts
export KNOWN_ROLES=GUARDIAN_ROLE,LEVEL1_ROLE,LEVEL2_ROLE,LEVEL3_ROLE,RESOLVER_ROLE,POLICY_CREATOR_ROLE,PRICER_ROLE,...
export KNOWN_COMPONENTS=0xa65c9dE776d1f30c095EFF9C775E001a1d366df8,0x37fE456EFF897CB5dDF040A5e95f399EaBc162ca
export KNOWN_COMPONENT_NAMES="KoalaV2,Koala Partner B"
Then run eth-permissions
:
python -m eth_permissions --view --output test.png 0x47E2aFB074487682Db5Db6c7e41B43f913026544
This will create the file test.png
and open it with the default viewer. It will look like this:
Run python -m eth_permissions --help
to see all available flags and options.
App
Check app/Readme for a simple app that exposes this API over http for use on a frontend app.
TODO
- Add support for
Ownable
contracts - Address book
- Add multisig intelligence (detect when a role member is a multisig and obtain its members)
- Timelock detection
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for eth_permissions-0.2.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | cc75759248b69873c3a1b405adcf16e3c350419aa8ee5090e6c3ab77600e9bab |
|
MD5 | 043bd6f542ab1eebfd5c1828954150b0 |
|
BLAKE2b-256 | 57459c79251570ccc3e71d1a2b2b45384d81ad3139f5ac62d0f05b2dd0c475c9 |