Subnet creation permissioning (#795)

Co-authored-by: raulk <[email protected]>

contracts/scripts/deploy-registry.template.ts

@@ -1,4 +1,8 @@
-import { deployContractWithDeployer, getTransactionFees } from './util'
+import {
+    deployContractWithDeployer,
+    getTransactionFees,
+    subnetCreationPrivileges,
+} from './util'
 import { ethers } from 'hardhat'
 
 const { getSelectors, FacetCutAction } = require('./js/diamond.js')
@@ -13,6 +17,17 @@ export async function deploy() {
         } and balance: ${balance.toString()}`,
     )
 
+    const mode = subnetCreationPrivileges()
+    console.log(
+        `
+            ***************************************************************
+            **                                                           **
+            **  Subnet creation privileges: ${mode}                      **
+            **                                                           **
+            ***************************************************************
+        `,
+    )
+
     const gatewayAddress = GATEWAY.Gateway
     const txArgs = await getTransactionFees()
 
@@ -76,6 +91,7 @@ export async function deploy() {
         subnetActorRewarderSelectors: rewarderSelectors,
         subnetActorCheckpointerSelectors: checkpointerSelectors,
         subnetActorPauserSelectors: pauserSelectors,
+        creationPrivileges: Number(mode),
     }
 
     const facetCuts = [] //TODO

contracts/scripts/util.ts

@@ -36,6 +36,11 @@ export const ZERO_ADDRESS = '0x0000000000000000000000000000000000000000'
 
 const isolatedPort = 18678
 
+export enum SubnetCreationPrivileges {
+    Unrestricted = 0,
+    Owner = 1,
+}
+
 export async function deployContractWithDeployer(
     deployer: SignerWithAddress,
     contractName: string,
@@ -49,6 +54,13 @@ export async function deployContractWithDeployer(
     return contractFactory.deploy(...args)
 }
 
+export function subnetCreationPrivileges(): SubnetCreationPrivileges {
+    const value = process.env.REGISTRY_CREATION_PRIVILEGES || 'unrestricted'
+    return value === 'owner'
+        ? SubnetCreationPrivileges.Owner
+        : SubnetCreationPrivileges.Unrestricted
+}
+
 export async function getTransactionFees() {
     const feeData = await ethers.provider.getFeeData()
 

contracts/src/SubnetRegistryDiamond.sol

@@ -8,6 +8,7 @@ import {IERC165} from "./interfaces/IERC165.sol";
 import {SubnetRegistryActorStorage} from "./lib/LibSubnetRegistryStorage.sol";
 import {GatewayCannotBeZero, FacetCannotBeZero} from "./errors/IPCErrors.sol";
 import {LibDiamond} from "./lib/LibDiamond.sol";
+import {SubnetCreationPrivileges} from "./structs/Subnet.sol";
 
 error FunctionNotFound(bytes4 _functionSelector);
 
@@ -26,6 +27,7 @@ contract SubnetRegistryDiamond {
         bytes4[] subnetActorRewarderSelectors;
         bytes4[] subnetActorCheckpointerSelectors;
         bytes4[] subnetActorPauserSelectors;
+        SubnetCreationPrivileges creationPrivileges;
     }
 
     constructor(IDiamond.FacetCut[] memory _diamondCut, ConstructorParams memory params) {
@@ -69,6 +71,8 @@ contract SubnetRegistryDiamond {
         s.subnetActorRewarderSelectors = params.subnetActorRewarderSelectors;
         s.subnetActorCheckpointerSelectors = params.subnetActorCheckpointerSelectors;
         s.subnetActorPauserSelectors = params.subnetActorPauserSelectors;
+
+        s.creationPrivileges = params.creationPrivileges;
     }
 
     function _fallback() internal {

contracts/src/lib/LibSubnetRegistryStorage.sol

@@ -1,6 +1,8 @@
 // SPDX-License-Identifier: MIT OR Apache-2.0
 pragma solidity ^0.8.23;
 
+import {SubnetCreationPrivileges} from "../structs/Subnet.sol";
+
 struct SubnetRegistryActorStorage {
     // solhint-disable-next-line var-name-mixedcase
     address GATEWAY;
@@ -33,4 +35,6 @@ struct SubnetRegistryActorStorage {
     /// subnet for each user.
     /// owner => nonce
     mapping(address => uint64) userNonces;
+    /// @notice The subnet creation privileges.
+    SubnetCreationPrivileges creationPrivileges;
 }

contracts/src/structs/Subnet.sol

@@ -104,6 +104,14 @@ enum PermissionMode {
     Static
 }
 
+/// @notice Determines the permission mode for who can create subet
+enum SubnetCreationPrivileges {
+    /// No permission check at all, any address can create
+    Unrestricted,
+    /// Only the owner can create subnet
+    Owner
+}
+
 /// @notice Keeping track of the list of validators.
 /// @dev There are two types of validators:
 ///     - Active

contracts/src/subnetregistry/RegisterSubnetFacet.sol

@@ -8,6 +8,9 @@ import {SubnetRegistryActorStorage} from "../lib/LibSubnetRegistryStorage.sol";
 import {ReentrancyGuard} from "../lib/LibReentrancyGuard.sol";
 import {WrongGateway} from "../errors/IPCErrors.sol";
 
+import {SubnetCreationPrivileges} from "../structs/Subnet.sol";
+import {LibDiamond} from "../lib/LibDiamond.sol";
+
 contract RegisterSubnetFacet is ReentrancyGuard {
     SubnetRegistryActorStorage internal s;
 
@@ -23,6 +26,8 @@ contract RegisterSubnetFacet is ReentrancyGuard {
             revert WrongGateway();
         }
 
+        ensurePrivileges();
+
         IDiamond.FacetCut[] memory diamondCut = new IDiamond.FacetCut[](5);
 
         // set the diamond cut for subnet getter
@@ -68,4 +73,11 @@ contract RegisterSubnetFacet is ReentrancyGuard {
 
         return subnetAddr;
     }
+
+    function ensurePrivileges() internal view {
+        if (s.creationPrivileges == SubnetCreationPrivileges.Unrestricted) {
+            return;
+        }
+        LibDiamond.enforceIsContractOwner();
+    }
 }

contracts/test/integration/SubnetRegistry.t.sol

@@ -18,7 +18,7 @@ import {SubnetActorPauseFacet} from "../../src/subnet/SubnetActorPauseFacet.sol"
 import {SubnetActorCheckpointingFacet} from "../../src/subnet/SubnetActorCheckpointingFacet.sol";
 import {SubnetActorRewardFacet} from "../../src/subnet/SubnetActorRewardFacet.sol";
 import {SubnetActorDiamond} from "../../src/SubnetActorDiamond.sol";
-import {SubnetID, PermissionMode} from "../../src/structs/Subnet.sol";
+import {SubnetID, PermissionMode, SubnetCreationPrivileges} from "../../src/structs/Subnet.sol";
 import {SubnetRegistryDiamond} from "../../src/SubnetRegistryDiamond.sol";
 
 import {RegisterSubnetFacet} from "../../src/subnetregistry/RegisterSubnetFacet.sol";
@@ -37,7 +37,7 @@ contract SubnetRegistryTest is Test, TestRegistry, IntegrationTestBase {
 
     bytes4[] empty;
 
-    function setUp() public virtual override {
+    function defaultParams() internal returns (SubnetRegistryDiamond.ConstructorParams memory params) {
         bytes4[] memory mockedSelectors = new bytes4[](1);
         mockedSelectors[0] = 0x6cb2ecee;
 
@@ -53,7 +53,6 @@ contract SubnetRegistryTest is Test, TestRegistry, IntegrationTestBase {
         bytes4[] memory mockedSelectors5 = new bytes4[](1);
         mockedSelectors5[0] = 0x233f74ea;
 
-        SubnetRegistryDiamond.ConstructorParams memory params;
         params.gateway = DEFAULT_IPC_GATEWAY_ADDR;
 
         params.getterFacet = address(new SubnetActorGetterFacet());
@@ -68,13 +67,35 @@ contract SubnetRegistryTest is Test, TestRegistry, IntegrationTestBase {
         params.subnetActorCheckpointerSelectors = mockedSelectors4;
         params.subnetActorPauserSelectors = mockedSelectors5;
 
+        params.creationPrivileges = SubnetCreationPrivileges.Unrestricted;
+
+        return params;
+    }
+
+    function setUp() public virtual override {
+        SubnetRegistryDiamond.ConstructorParams memory params = defaultParams();
+
         registryDiamond = createSubnetRegistry(params);
         registryLouper = registryDiamond.diamondLouper();
         registryCutter = registryDiamond.diamondCutter();
         registrySubnetFacet = registryDiamond.register();
         registrySubnetGetterFacet = registryDiamond.getter();
     }
 
+    function test_Registry_NoPermission() public {
+        SubnetRegistryDiamond.ConstructorParams memory p = defaultParams();
+        p.creationPrivileges = SubnetCreationPrivileges.Owner;
+
+        SubnetRegistryDiamond s = createSubnetRegistry(p);
+
+        SubnetActorDiamond.ConstructorParams memory params = defaultSubnetActorParamsWith(DEFAULT_IPC_GATEWAY_ADDR);
+        params.permissionMode = PermissionMode.Collateral;
+
+        vm.prank(address(1));
+        vm.expectRevert(LibDiamond.NotOwner.selector);
+        s.register().newSubnetActor(params);
+    }
+
     function test_Registry_FacetFunctionSelectors() public view {
         IDiamondLoupe.Facet[] memory facets;
         uint256 facetsLength = facets.length;

fendermint/vm/actor_interface/src/ipc.rs

@@ -449,6 +449,7 @@ pub mod registry {
         pub subnet_rewarder_selectors: Vec<FunctionSelector>,
         pub subnet_pauser_selectors: Vec<FunctionSelector>,
         pub subnet_checkpointer_selectors: Vec<FunctionSelector>,
+        pub creation_privileges: u8, // 0 = Unrestricted, 1 = Owner.
     }
 }
 

fendermint/vm/interpreter/src/fvm/genesis.rs

@@ -352,6 +352,7 @@ where
                     subnet_rewarder_selectors: rewarder_facet.function_selectors,
                     subnet_checkpointer_selectors: checkpointer_facet.function_selectors,
                     subnet_pauser_selectors: pauser_facet.function_selectors,
+                    creation_privileges: 0,
                 };
 
                 deployer.deploy_contract(