feat(host-contracts): cleanup ACL (#1036)

* feat(host-contracts): cleanup ACL

* chore(host-contracts): updated tests and selectors

* chore(coprocessor): removed deprecated events

chore(coprocessor): fix typo

* chore(host-contracts): update readme

Author: jatZama

coprocessor/fhevm-engine/host-listener/src/database/tfhe_event_propagate.rs

@@ -551,12 +551,6 @@ impl Database {
             AclContractEvents::Initialized(initialized) => {
                 warn!(event = ?initialized, "unhandled Acl::Initialized event");
             }
-            AclContractEvents::NewDelegation(new_delegation) => {
-                warn!(
-                    event = ?new_delegation,
-                    "unhandled Acl::NewDelegation event"
-                );
-            }
             AclContractEvents::OwnershipTransferStarted(
                 ownership_transfer_started,
             ) => {
@@ -571,12 +565,6 @@ impl Database {
                     "unhandled Acl::OwnershipTransferred event"
                 );
             }
-            AclContractEvents::RevokedDelegation(revoked_delegation) => {
-                warn!(
-                    event = ?revoked_delegation,
-                    "unhandled Acl::RevokedDelegation event"
-                );
-            }
             AclContractEvents::Upgraded(upgraded) => {
                 warn!(
                     event = ?upgraded,
@@ -595,12 +583,6 @@ impl Database {
                     "unhandled Acl::Unpaused event"
                 );
             }
-            AclContractEvents::UpdatePauser(update_pauser) => {
-                warn!(
-                    event = ?update_pauser,
-                    "unhandled Acl::UpdatePauser event"
-                );
-            }
         }
         self.tick.update();
         Ok(())
@@ -785,13 +767,10 @@ pub fn acl_result_handles(event: &Log<AclContractEvents>) -> Vec<Handle> {
             allowed_for_decryption.handlesList.clone()
         }
         AclContractEvents::Initialized(_)
-        | AclContractEvents::NewDelegation(_)
         | AclContractEvents::OwnershipTransferStarted(_)
         | AclContractEvents::OwnershipTransferred(_)
-        | AclContractEvents::RevokedDelegation(_)
         | AclContractEvents::Upgraded(_)
         | AclContractEvents::Paused(_)
-        | AclContractEvents::Unpaused(_)
-        | AclContractEvents::UpdatePauser(_) => vec![],
+        | AclContractEvents::Unpaused(_) => vec![],
     }
 }

host-contracts/README.md

@@ -1,3 +1,3 @@
 ## Introduction
 
-This node package contains all the Solidity core contracts needed to deploy an FHEVM instance.
+This node package contains the core Solidity host contracts needed to deploy an FHEVM instance on a host EVM blockchain.

host-contracts/contracts/ACL.sol

@@ -17,28 +17,9 @@ import {ACLEvents} from "./ACLEvents.sol";
  * secure while still being usable within authorized contexts.
  */
 contract ACL is UUPSUpgradeableEmptyProxy, Ownable2StepUpgradeable, PausableUpgradeable, ACLEvents {
-    /// @notice Returned if the delegatee contract is already delegatee for sender & delegator addresses.
-    /// @param delegatee delegatee address.
-    /// @param contractAddress contract address.
-    error AlreadyDelegated(address delegatee, address contractAddress);
-
-    /// @notice Returned if the sender is the delegatee address.
-    error SenderCannotBeContractAddress(address contractAddress);
-
-    /// @notice Returned if the contractAddresses array is empty.
-    error ContractAddressesIsEmpty();
-
-    /// @notice Maximum length of contractAddresses array exceeded.
-    error ContractAddressesMaxLengthExceeded();
-
     /// @notice Returned if the handlesList array is empty.
     error HandlesListIsEmpty();
 
-    /// @notice Returned if the the delegatee contract is not already delegatee for sender & delegator addresses.
-    /// @param delegatee delegatee address.
-    /// @param contractAddress contract address.
-    error NotDelegatedYet(address delegatee, address contractAddress);
-
     /// @notice Returned if the sender address is not allowed to pause the contract.
     error NotPauser(address sender);
 
@@ -50,7 +31,6 @@ contract ACL is UUPSUpgradeableEmptyProxy, Ownable2StepUpgradeable, PausableUpgr
     struct ACLStorage {
         mapping(bytes32 handle => mapping(address account => bool isAllowed)) persistedAllowedPairs;
         mapping(bytes32 handle => bool isAllowedForDecryption) allowedForDecryption;
-        mapping(address account => mapping(address delegatee => mapping(address contractAddress => bool isDelegate))) delegates;
     }
 
     /// @notice Name of the contract.
@@ -71,9 +51,6 @@ contract ACL is UUPSUpgradeableEmptyProxy, Ownable2StepUpgradeable, PausableUpgr
     /// @notice PauserSet contract.
     IPauserSet private constant PAUSER_SET = IPauserSet(pauserSetAdd);
 
-    /// @notice maximum length of contractAddresses array during delegation.
-    uint256 private constant MAX_NUM_CONTRACT_ADDRESSES = 10;
-
     /// Constant used for making sure the version number used in the `reinitializer` modifier is
     /// identical between `initializeFromEmptyProxy` and the `reinitializeVX` method
     uint64 private constant REINITIALIZER_VERSION = 2;
@@ -162,59 +139,6 @@ contract ACL is UUPSUpgradeableEmptyProxy, Ownable2StepUpgradeable, PausableUpgr
         }
     }
 
-    /**
-     * @notice Delegates the access of handles in the context of account abstraction for issuing
-     * reencryption requests from a smart contract account.
-     * @param delegatee Delegatee address.
-     * @param contractAddresses Contract addresses.
-     */
-    function delegateAccount(address delegatee, address[] memory contractAddresses) public virtual whenNotPaused {
-        uint256 lengthContractAddresses = contractAddresses.length;
-        if (lengthContractAddresses == 0) {
-            revert ContractAddressesIsEmpty();
-        }
-        if (lengthContractAddresses > MAX_NUM_CONTRACT_ADDRESSES) {
-            revert ContractAddressesMaxLengthExceeded();
-        }
-
-        ACLStorage storage $ = _getACLStorage();
-        for (uint256 k = 0; k < lengthContractAddresses; k++) {
-            if (contractAddresses[k] == msg.sender) {
-                revert SenderCannotBeContractAddress(contractAddresses[k]);
-            }
-            if ($.delegates[msg.sender][delegatee][contractAddresses[k]]) {
-                revert AlreadyDelegated(delegatee, contractAddresses[k]);
-            }
-            $.delegates[msg.sender][delegatee][contractAddresses[k]] = true;
-        }
-
-        emit NewDelegation(msg.sender, delegatee, contractAddresses);
-    }
-
-    /**
-     * @notice Revokes delegated access of handles in the context of account abstraction for issuing
-     * reencryption requests from a smart contract account.
-     * @param delegatee Delegatee address.
-     * @param contractAddresses Contract addresses.
-     */
-    function revokeDelegation(address delegatee, address[] memory contractAddresses) public virtual whenNotPaused {
-        uint256 lengthContractAddresses = contractAddresses.length;
-        if (lengthContractAddresses == 0) {
-            revert ContractAddressesIsEmpty();
-        }
-
-        ACLStorage storage $ = _getACLStorage();
-
-        for (uint256 k = 0; k < lengthContractAddresses; k++) {
-            if (!$.delegates[msg.sender][delegatee][contractAddresses[k]]) {
-                revert NotDelegatedYet(delegatee, contractAddresses[k]);
-            }
-            $.delegates[msg.sender][delegatee][contractAddresses[k]] = false;
-        }
-
-        emit RevokedDelegation(msg.sender, delegatee, contractAddresses);
-    }
-
     /**
      * @dev Triggers stopped state.
      * Only a pauser address can pause.
@@ -236,27 +160,6 @@ contract ACL is UUPSUpgradeableEmptyProxy, Ownable2StepUpgradeable, PausableUpgr
         _unpause();
     }
 
-    /**
-     * @notice Returns whether the delegatee is allowed to access the handle.
-     * @param delegatee Delegatee address.
-     * @param handle Handle.
-     * @param contractAddress Contract address.
-     * @param account Address of the account.
-     * @return isAllowed Whether the handle can be accessed.
-     */
-    function allowedOnBehalf(
-        address delegatee,
-        bytes32 handle,
-        address contractAddress,
-        address account
-    ) public view virtual returns (bool) {
-        ACLStorage storage $ = _getACLStorage();
-        return
-            $.persistedAllowedPairs[handle][account] &&
-            $.persistedAllowedPairs[handle][contractAddress] &&
-            $.delegates[account][delegatee][contractAddress];
-    }
-
     /**
      * @notice Checks whether the account is allowed to use the handle in the
      * same transaction (transient).

host-contracts/contracts/ACLEvents.sol

@@ -12,20 +12,4 @@ contract ACLEvents {
     /// @param caller       account calling the allowForDecryption function.
     /// @param handlesList  List of handles allowed for decryption.
     event AllowedForDecryption(address indexed caller, bytes32[] handlesList);
-
-    /// @notice                 Emitted when a new delegatee address is added.
-    /// @param caller           caller address
-    /// @param delegatee        Delegatee address.
-    /// @param contractAddresses  Contract addresses.
-    event NewDelegation(address indexed caller, address indexed delegatee, address[] contractAddresses);
-
-    /// @notice                 Emitted when a delegatee address is revoked.
-    /// @param caller           caller address
-    /// @param delegatee        Delegatee address.
-    /// @param contractAddresses  Contract addresses.
-    event RevokedDelegation(address indexed caller, address indexed delegatee, address[] contractAddresses);
-
-    /// @notice Emitted when the pauser address is updated.
-    /// @param newPauser New pauser address.
-    event UpdatePauser(address indexed newPauser);
 }