Openzeppelin学习记录
Openzeppelin学习记录
OpenZeppelin的智能合约代码库是以太坊开发者的宝库,OpenZeppelin代码库包含了经过社区审查的ERC代币标准、安全协议以及很多的辅助工具库,这些代码可以帮助开发者专注业务逻辑的,而无需重新发明轮子。
基于OpenZeppelin开发合约,即可以提高代码的安全性,又可以提高开发效率。(这两段话抄的登链社区哈哈哈)
本文只记录学习过程中的的一些想法和问题,目前没有实操。
本人英文文档阅读能力有限,这也是第一次尝试阅读英文文档(之前都是看的中文版,但这次搜到的都太老了,solidity还在用0.4+的版本~),如有错误欢迎大家批评指正!
模块结构
从github上下下来原始合约,目录结构如图所示:
-contracts
-access//主要包含拥有者管理和角色管理
AccessControl.sol //角色管理,1对1
AccessControlEnumerable.sol //角色管理,1对多
Ownable.sol //拥有者管理
-finance
-governance
-interfaces
-metax
-mocks
-proxys
-security
-token
-utils
今天先写一下access部分的笔记
1. access
1.1 AccessControl.sol
该文件为角色管理合约:其中有两个关键角色:role和roleAdmin
合约中提供了几个函数来进行角色的转换,其中包括一些查询函数,此外还有角色转变函数,和角色改变时会触发的event.
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool){
};//(没太懂)
function grantRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)){
};
function revokeRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)){
};
function renounceRole(bytes32 role, address account) public virtual override{
};
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual{
};
其中,
admin:
grantRole
revokeRole
role:
renounonceRole
更改admin的函数(可见性是internal的,应该是在使用者自己的合约中调用)
_setRoleAdmin
具体文件如下(害怕出错,英文注释没有动,添加了一些自己理解的中文注释)
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../utils/Context.sol";
import "../utils/Strings.sol";
import "../utils/introspection/ERC165.sol";
/**
* @dev External interface of AccessControl declared to support ERC165 detection.
*/
interface IAccessControl {
function hasRole(bytes32 role, address account) external view returns (bool);
function getRoleAdmin(bytes32 role) external view returns (bytes32);
function grantRole(bytes32 role, address account) external;
function revokeRole(bytes32 role, address account) external;
function renounceRole(bytes32 role, address account) external;
}
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it.
*/
abstract contract AccessControl is Context, IAccessControl, ERC165 {
struct RoleData {
mapping(address => bool) members;
bytes32 adminRole;
}
mapping(bytes32