# CCIP Access Control Documentation **Date**: 2025-01-12 **Network**: ChainID 138 --- ## Overview This document describes the access control mechanisms for all CCIP contracts and components. --- ## Contract Ownership and Admin ### CCIP Router **Address**: `0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e` **Access Control**: - **Owner/Admin**: Unknown (requires deployment transaction or contract storage query) - **Public Functions**: `ccipSend()`, `getFee()`, `getOnRamp()` - **Admin Functions**: Configuration changes (if any) **Verification**: ```bash # Try to get owner (if function exists) cast call 0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e "owner()" --rpc-url # Check deployment transaction for owner # (requires transaction hash) ``` ### CCIP Sender **Address**: `0x105F8A15b819948a89153505762444Ee9f324684` **Access Control**: - **Owner/Admin**: Unknown - **Public Functions**: Message sending functions - **Admin Functions**: Configuration changes (if any) ### CCIPWETH9Bridge **Address**: `0x89dd12025bfCD38A168455A44B400e913ED33BE2` **Access Control**: - **Owner/Admin**: Unknown - **Public Functions**: `sendCrossChain()`, `destinations()` - **Admin Functions**: `addDestination()`, `removeDestination()` (if exists) **Verification**: ```bash # Try to get owner cast call 0x89dd12025bfCD38A168455A44B400e913ED33BE2 "owner()" --rpc-url ``` ### CCIPWETH10Bridge **Address**: `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` **Access Control**: - **Owner/Admin**: Unknown - **Public Functions**: `sendCrossChain()`, `destinations()` - **Admin Functions**: `addDestination()`, `removeDestination()` (if exists) --- ## Function Access Levels ### Public Functions (Anyone Can Call) #### Bridge Contracts **`sendCrossChain(uint64, address, uint256)`** - **Access**: Public - **Requirements**: - User must have approved bridge to spend tokens - User must have sufficient balance - Destination must be configured - Bridge must have sufficient LINK for fees **`destinations(uint64)`** - **Access**: Public (view function) - **Returns**: Bridge address for destination chain #### Router **`ccipSend(...)`** - **Access**: Public - **Requirements**: Valid message, sufficient fees **`getFee(uint64, bytes)`** - **Access**: Public (view function) - **Returns**: Fee amount ### Admin Functions (Owner/Admin Only) #### Bridge Contracts **`addDestination(uint64, address)`** - **Access**: Owner/Admin only - **Purpose**: Add destination chain to routing table - **Security**: Critical - only owner should call **`removeDestination(uint64)`** (if exists) - **Access**: Owner/Admin only - **Purpose**: Remove destination chain from routing table --- ## Access Control Patterns ### Ownable Pattern Many contracts use OpenZeppelin's `Ownable` pattern: - Single owner address - `owner()` function returns owner - `onlyOwner` modifier for admin functions - `transferOwnership()` to change owner ### Role-Based Access Control (RBAC) Some contracts may use role-based access: - Multiple roles (admin, operator, etc.) - `hasRole()` function to check roles - `grantRole()` and `revokeRole()` functions ### Multi-Sig Pattern For critical operations, multi-sig wallets may be used: - Multiple owners required - Threshold for operations - Enhanced security --- ## Security Considerations ### Owner Address Security 1. **Private Key Protection**: Owner private key must be secured 2. **Multi-Sig**: Consider using multi-sig for owner 3. **Timelock**: Consider timelock for critical operations 4. **Monitoring**: Monitor owner changes ### Function Access Security 1. **Input Validation**: All functions should validate inputs 2. **Reentrancy Protection**: Use reentrancy guards 3. **Access Modifiers**: Properly use access modifiers 4. **Event Logging**: Log all admin operations --- ## Retrieving Owner Addresses ### Method 1: Contract Function If contract implements `owner()`: ```bash cast call "owner()" --rpc-url ``` ### Method 2: Deployment Transaction 1. Find deployment transaction hash 2. Decode transaction 3. Extract owner from constructor parameters ### Method 3: Contract Storage 1. Find owner storage slot 2. Read storage value 3. Convert to address ### Method 4: Contract Verification 1. Verify contract on Blockscout 2. Check verified source code 3. Identify owner from code --- ## Monitoring Access Control ### Recommended Monitoring 1. **Owner Changes**: Alert on ownership transfers 2. **Admin Operations**: Log all admin function calls 3. **Access Attempts**: Monitor failed access attempts 4. **Configuration Changes**: Track all configuration changes ### Monitoring Script Create script to monitor access control: ```bash # Monitor owner changes # Monitor admin function calls # Alert on suspicious activity ``` --- ## Best Practices 1. **Document Owners**: Document all contract owners 2. **Secure Keys**: Use hardware wallets or secure key management 3. **Multi-Sig**: Use multi-sig for critical contracts 4. **Timelock**: Use timelock for important changes 5. **Monitoring**: Monitor all access control changes 6. **Regular Audits**: Regularly audit access control --- ## Related Documentation - [CCIP Security Best Practices](./CCIP_SECURITY_BEST_PRACTICES.md) (Task 128) - [CCIP Configuration Status](./CCIP_CONFIGURATION_STATUS.md) - [Complete Task Catalog](./CCIP_COMPLETE_TASK_CATALOG.md) --- **Last Updated**: 2025-01-12