Skip to main content

Description

PermissionedProxy is a minimal access-control contract. It defines a single admin, an operator allowlist, and a selector allowlist controlling which functions can be forwarded via proxy(). Meant to be inherited by other contracts.

Variables

admin
  • Description - The admin with ability to perform any action, including transferring admin ownership, managing operators, and managing the selector allowlist.
  • Type - address
  • Visibility - internal
  • Used By
    • onlyAdmin
  • Updated By
pendingAdmin
operators
  • Description - A mapping of addresses to operator status. Each address in the mapping that maps to true is enabled as an operator.
  • Type - mapping(address => bool)
  • Visibility - internal (no public getter)
  • Used By
    • onlyOperator
  • Updated By
permissionedCalls
  • Description - A mapping of function selectors to true/false values. If the mapping of a function selector is true, then the proxied call is allowed for that function. Selectors must be explicitly enabled before they can be forwarded via proxy().
  • Type - mapping(bytes4 => bool)
  • Visibility - internal
  • Used By
  • Updated By

Modifiers

onlyAdmin
  • Description - Restricts function execution to the admin address.
  • Reverts
    • With "PD" if msg.sender != admin.
onlyOperator
  • Description - Restricts function execution to addresses with operators[msg.sender] == true.
  • Reverts
    • With "PD" if operators[msg.sender] != true.

Functions

Admin Actions

transferAdminOwnerShip(address _newAdmin)
  • Description - Sets the pending admin to a new address. First step of a two-step admin transfer process. The pending admin must then call acceptAdminOwnership() to complete the transfer.
    • @param _newAdmin - The address to set as the pending admin.
  • Visibility Specifier - external
  • State Mutability Specifier - nonpayable
  • Access Control - onlyAdmin
  • Emits - none
  • Reverts - none
acceptAdminOwnership()
  • Description - Completes the two-step admin transfer. Can only be called by the current pendingAdmin. Sets admin to the caller and clears pendingAdmin.
  • Visibility Specifier - external
  • State Mutability Specifier - nonpayable
  • Reverts
    • With "PD" if msg.sender != pendingAdmin.
  • Emits
setOperator(address _operator, bool value)
  • Description - Adds or removes an address from the operator allowlist.
    • @param _operator - Address to update.
    • @param value - true to enable as an operator, false to disable as an operator.
  • Visibility Specifier - external
  • State Mutability Specifier - nonpayable
  • Access Control - onlyAdmin
  • Reverts
    • With "zero" if _operator == address(0).
  • Emits
setPermissionedCall(bytes4 sig, bool value)
  • Description - Marks a function selector as allowed (true) or disallowed (false) for proxy() forwarding.
    • @param sig - The function selector to modify.
    • @param value - true to allow proxied calls for this selector, false to disallow.
  • Visibility Specifier - external
  • State Mutability Specifier - nonpayable
  • Access Control - onlyAdmin
  • Emits

Operator Actions

proxy(address vault, bytes data)
  • Description - Forwards a call to the vault with the passed data. The function selector must be explicitly enabled in the permissionedCalls allowlist. ETH is also forwarded.
    • @param vault - The address of the vault contract to call.
    • @param data - ABI-encoded calldata indicating the selector of the function to call on the vault.
  • Visibility Specifier - external
  • State Mutability Specifier - payable
  • Access Control - onlyOperator
  • Reverts
    • With "SEL" if data.length < 4.
    • With "PD" if the selector is not enabled in the allowlist.
    • With "failed" if the forwarded call returns success == false.
  • Emits - none

Events

  • AdminUpdated(address indexed admin) - emitted when the admin address is updated via acceptAdminOwnership().
  • OperatorUpdated(address indexed operator) - emitted when an operator address is added or removed.
  • AddedPermissionedCall(bytes4 indexed sig) - emitted when a function selector’s allowlist status is updated.