fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
83 lines
2.8 KiB
Bash
Executable File
83 lines
2.8 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Access control audit and improvements
|
|
# Usage: ./access-control-audit.sh
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
SOURCE_PROJECT="/home/intlc/projects/smom-dbis-138"
|
|
|
|
source "$SOURCE_PROJECT/.env" 2>/dev/null || true
|
|
|
|
RPC_URL="${RPC_URL_138:-http://192.168.11.250:8545}"
|
|
WETH9_BRIDGE="${CCIPWETH9_BRIDGE_CHAIN138:-0x89dd12025bfCD38A168455A44B400e913ED33BE2}"
|
|
WETH10_BRIDGE="${CCIPWETH10_BRIDGE_CHAIN138:-0xe0E93247376aa097dB308B92e6Ba36bA015535D0}"
|
|
|
|
echo "=== Access Control Audit ==="
|
|
echo ""
|
|
|
|
# Check admin roles
|
|
check_admin_roles() {
|
|
echo "## Admin Roles"
|
|
echo ""
|
|
|
|
# Get admin addresses (if contract has owner() function)
|
|
WETH9_ADMIN=$(cast call "$WETH9_BRIDGE" "owner()" --rpc-url "$RPC_URL" 2>/dev/null || echo "N/A")
|
|
WETH10_ADMIN=$(cast call "$WETH10_BRIDGE" "owner()" --rpc-url "$RPC_URL" 2>/dev/null || echo "N/A")
|
|
|
|
echo "WETH9 Bridge Admin: $WETH9_ADMIN"
|
|
echo "WETH10 Bridge Admin: $WETH10_ADMIN"
|
|
echo ""
|
|
|
|
# Recommendations
|
|
echo "## Recommendations"
|
|
echo ""
|
|
echo "1. ✅ Use multi-sig wallet for admin operations"
|
|
echo "2. ✅ Implement role-based access control"
|
|
echo "3. ✅ Regular review of admin addresses"
|
|
echo "4. ✅ Use hardware wallets for key management"
|
|
echo "5. ✅ Implement rate limiting on bridge operations"
|
|
echo ""
|
|
}
|
|
|
|
# Check pause functionality
|
|
check_pause_functionality() {
|
|
echo "## Pause Functionality"
|
|
echo ""
|
|
|
|
WETH9_PAUSED=$(cast call "$WETH9_BRIDGE" "paused()" --rpc-url "$RPC_URL" 2>/dev/null || echo "N/A")
|
|
WETH10_PAUSED=$(cast call "$WETH10_BRIDGE" "paused()" --rpc-url "$RPC_URL" 2>/dev/null || echo "N/A")
|
|
|
|
echo "WETH9 Bridge Paused: $WETH9_PAUSED"
|
|
echo "WETH10 Bridge Paused: $WETH10_PAUSED"
|
|
echo ""
|
|
|
|
echo "## Emergency Procedures"
|
|
echo ""
|
|
echo "To pause bridge:"
|
|
echo " cast send $WETH9_BRIDGE 'pause()' --rpc-url $RPC_URL --private-key \$PRIVATE_KEY"
|
|
echo ""
|
|
echo "To unpause bridge:"
|
|
echo " cast send $WETH9_BRIDGE 'unpause()' --rpc-url $RPC_URL --private-key \$PRIVATE_KEY"
|
|
echo ""
|
|
}
|
|
|
|
# Security recommendations
|
|
security_recommendations() {
|
|
echo "## Security Recommendations"
|
|
echo ""
|
|
echo "1. **Multi-Signature Wallet**: Upgrade admin to multi-sig for critical operations"
|
|
echo "2. **Role-Based Access**: Implement granular role-based access control"
|
|
echo "3. **Key Management**: Use hardware wallets or secure key management systems"
|
|
echo "4. **Rate Limiting**: Implement rate limiting on bridge operations"
|
|
echo "5. **Monitoring**: Set up alerts for admin operations"
|
|
echo "6. **Audit Trail**: Maintain comprehensive audit logs"
|
|
echo "7. **Regular Reviews**: Conduct regular access control reviews"
|
|
echo ""
|
|
}
|
|
|
|
check_admin_roles
|
|
check_pause_functionality
|
|
security_recommendations
|
|
|