Add separate minter account to improve security

.env.org

@@ -1,4 +1,6 @@
-PRIVATE_KEY=
+DEPLOYER_KEY=
 ETHERSCAN_API_KEY=
 INFURA_API_KEY=
-ADMIN_SCW=
+ADMIN_SCW=
+MINTER=
+MINTER_SCW=

README.md

@@ -65,9 +65,10 @@ npm run test -- --grep "AnytypeRegistrarControllerPrivate"
 1. Define a **.env** file with 3 variables:
 
 ```
-PRIVATE_KEY=XXX
 DEPLOYER_KEY=XXX
 INFURA_API_KEY=YYY
+ADMIN_SCW=ZZZ
+MINTER_SCW=KKK
 ```
 
 2. (optional) Remove **deployments/sepolia** folder to reset all migrations:

contracts/anytype/AnytypeRegistrarControllerPrivate.sol

@@ -57,7 +57,8 @@ contract AnytypeRegistrarControllerPrivate is
     ReverseRegistrar public immutable reverseRegistrar;
     INameWrapper public immutable nameWrapper;
 
-    address public immutable additionalOwner;
+    address public minterAccount;
+    address public minterAccount2;
 
     mapping(bytes32 => uint256) public commitments;
 
@@ -68,11 +69,18 @@ contract AnytypeRegistrarControllerPrivate is
         uint256 expires
     );
     event NameRenewed(string name, bytes32 indexed label, uint256 expires);
+    event MintersChanged(
+        address oldMinter,
+        address newMinter,
+        address newMinter2
+    );
 
     function _checkOwner() internal view virtual override {
         require(
-            owner() == _msgSender() || additionalOwner == _msgSender(),
-            "Ownable: caller is not the owner1 or owner2"
+            owner() == _msgSender() ||
+                minterAccount == _msgSender() ||
+                minterAccount2 == _msgSender(),
+            "Ownable: caller is not the owner1 or minter or minter2"
         );
     }
 
@@ -83,7 +91,8 @@ contract AnytypeRegistrarControllerPrivate is
         ReverseRegistrar _reverseRegistrar,
         INameWrapper _nameWrapper,
         ENS _ens,
-        address _additionalOwner
+        address _minterAccount,
+        address _minter2Account
     ) ReverseClaimer(_ens, msg.sender) {
         if (_maxCommitmentAge <= _minCommitmentAge) {
             revert MaxCommitmentAgeTooLow();
@@ -98,7 +107,21 @@ contract AnytypeRegistrarControllerPrivate is
         maxCommitmentAge = _maxCommitmentAge;
         reverseRegistrar = _reverseRegistrar;
         nameWrapper = _nameWrapper;
-        additionalOwner = _additionalOwner;
+        minterAccount = _minterAccount;
+        minterAccount2 = _minter2Account;
+    }
+
+    function changeMinters(address newMinter, address newMinter2) external {
+        // this should not be called by minter
+        // if minter gets hacked -> admin can change the minter
+        require(owner() == _msgSender(), "Ownable: caller is not the owner");
+        require(newMinter != address(0), "Invalid minter address");
+        require(newMinter2 != address(0), "Invalid minter2 address");
+
+        emit MintersChanged(minterAccount, newMinter, newMinter2);
+
+        minterAccount = newMinter;
+        minterAccount2 = newMinter2;
     }
 
     function valid(string memory name) public pure returns (bool) {

contracts/anytype/ERC20NameToken.sol

@@ -16,12 +16,36 @@ import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
  *   User can use this token to buy/renew a name for 1 year
  */
 contract ERC20NameToken is Ownable, ERC20 {
-    constructor() ERC20("AnyNameToken", "ANT") {}
+    address public minterAccount;
+
+    event MinterChanged(address indexed oldMinter, address indexed newMinter);
+
+    constructor(address _minterAccount) ERC20("AnyNameToken", "ANT") {
+        minterAccount = _minterAccount;
+    }
+
+    function _checkOwner() internal view virtual override {
+        require(
+            owner() == _msgSender() || minterAccount == _msgSender(),
+            "Ownable: caller is not the owner1 or owner2"
+        );
+    }
 
     function decimals() public view virtual override returns (uint8) {
         return 6;
     }
 
+    function changeMinter(address newMinter) external {
+        // this should not be called by minter
+        // if minter gets hacked -> admin can change the minter
+        require(owner() == _msgSender(), "Ownable: caller is not the owner");
+        require(newMinter != address(0), "Invalid minter address");
+
+        emit MinterChanged(minterAccount, newMinter);
+
+        minterAccount = newMinter;
+    }
+
     function mint(address user_, uint amount_) public onlyOwner {
         _mint(user_, amount_);
     }

contracts/wrapper/README.md

@@ -426,7 +426,6 @@ cp .env.org .env
 ### Set credentials
 
 ```
-PRIVATE_KEY=
 ETHERSCAN_API_KEY=
 INFURA_API_KEY=
 ```

deploy/anytype/02_deploy_price_oracle.ts

@@ -6,7 +6,7 @@ const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
   const { deploy } = deployments
   const { deployer } = await getNamedAccounts()
 
-  const defaultPrice = 10 * 100 // 10 USD
+  const defaultPrice = 75 * 100 // 75 USD
   await deploy('AnytypePriceOracle', {
     from: deployer,
     args: [

deploy/anytype/03_deploy_controller_private.ts

@@ -25,16 +25,12 @@ const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
   const reverseRegistrar = await ethers.getContract('ReverseRegistrar', owner)
   const nameWrapper = await ethers.getContract('AnytypeNameWrapper', owner)
 
-  // this is usually the admin's SCW (AccountAbstraction)
-  // so we can control this either directly from admin or from admin's SCW (AccountAbstraction)
-  const additionalOwner = process.env.ADMIN_SCW
-  if (!additionalOwner || additionalOwner === '') {
-    throw new Error('ADMIN_SCW is not set')
+  const minter = process.env.MINTER
+  const minterScw = process.env.MINTER_SCW
+  if (!minterScw || minterScw === '') {
+    throw new Error('MINTER_SCW is not set')
   }
-  console.log(
-    'WARNING: private controller additional owner is set to',
-    additionalOwner,
-  )
+  console.log('WARNING: private controller minter is set to', minterScw)
 
   const deployArgs = {
     from: deployer,
@@ -46,7 +42,8 @@ const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
       reverseRegistrar.address,
       nameWrapper.address,
       registry.address,
-      additionalOwner,
+      minter,
+      minterScw,
     ],
     log: true,
   }

deploy/anytype/06_name_token.ts

@@ -50,10 +50,15 @@ const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
   }
   */
 
+  const minterScw = process.env.MINTER_SCW
+  if (!minterScw || minterScw === '') {
+    throw new Error('MINTER_SCW is not set')
+  }
+
   // 2 - deploy NameToken
   await deploy('ERC20NameToken', {
     from: deployer,
-    args: [],
+    args: [minterScw],
     log: true,
   })
 

deploy/anytype/07_getter.ts

@@ -21,7 +21,7 @@ const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
 
   // 2.2 - transfer ownership of the token to the admin's SmartContractWallet
   // TODO: hardcode!!!
-  // 0x61d1eeE7FBF652482DEa98A1Df591C626bA09a60 -> 0x045F756F248799F4413a026100Ae49e5E7F2031E
+  // 0xb87bbe9f9a0866b942b6587d74b06ed98dc1efb9 -> 0x60d728bC91EB32B1B20d0249bF1D000b34975fa3
   const currentOwner = await nameToken.owner()
   console.log('NameToken current owner: ', currentOwner)
 
@@ -43,11 +43,23 @@ const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
   } else {
     console.log('NameToken is already a payment option')
   }
+
+  // 2.4 - check minter acccount of PrivateController
+  const cp = await ethers.getContract(
+    'AnytypeRegistrarControllerPrivate',
+    deployer,
+  )
+  const minter = await cp.minterAccount()
+  console.log('PrivateController minter: ', minter)
 }
 
 func.id = 'anytype-name-token2'
 func.tags = ['anytype', 'GETTER']
 
-func.dependencies = ['AnytypeRegistrarController', 'ERC20NameToken']
+func.dependencies = [
+  'AnytypeRegistrarController',
+  'AnytypeRegistrarControllerPrivate',
+  'ERC20NameToken',
+]
 
 export default func

deployments/sepolia/.migrations.json

@@ -1,4 +1,4 @@
 {
-  "ens": 1708438515,
-  "root": 1708438573
+  "ens": 1712526625,
+  "root": 1712526686
 }

deployments/sepolia/AnytypeNameWrapper.json

@@ -1,5 +1,5 @@
 {
-  "address": "0x5fd7999d7d84b871F91662Cb6390f6162918515A",
+  "address": "0x1840D5416B9a60CA44e79Ff67E8771a1644Fd428",
   "abi": [
     {
       "inputs": [
@@ -1455,69 +1455,69 @@
       "type": "function"
     }
   ],
-  "transactionHash": "0x72ca7beec34f5ba3574023ef83c966fce1c2b1f93ec438de467480be550fe6e2",
+  "transactionHash": "0xd9ac436dded67250ee03115bb4422bde18fe08b738bca9c1eab0eab5920ff881",
   "receipt": {
     "to": null,
-    "from": "0x61d1eeE7FBF652482DEa98A1Df591C626bA09a60",
-    "contractAddress": "0x5fd7999d7d84b871F91662Cb6390f6162918515A",
-    "transactionIndex": 82,
+    "from": "0xB87bBe9F9a0866B942B6587D74B06Ed98dC1EFB9",
+    "contractAddress": "0x1840D5416B9a60CA44e79Ff67E8771a1644Fd428",
+    "transactionIndex": 64,
     "gasUsed": "5504399",
-    "logsBloom": "0x00000000000000000000000000000000000000000040000000800000000000002000000000100002080000000000000000000000000010001000000000011000000000002008000000000000008000200001000000000018000000000000000000000000020000000000000000000800004000400000000000000000000000400000000000000000000000040000000000000000000000200000000000000000000000000000000000400010000000800000000000000000008000040000000000000000000000000000000000005000000000000000000000000000000020000000000000000000000000000000001000000000003000000000000000000000",
-    "blockHash": "0x1acb37714279c32126fc491c8b1c543db6ef664d301f54af41790995a53baa4f",
-    "transactionHash": "0x72ca7beec34f5ba3574023ef83c966fce1c2b1f93ec438de467480be550fe6e2",
+    "logsBloom": "0x00002000000000020000000000000000000000000000000000800000000000000001000000001000000000000000000000000000100010000000040000080000000000000000000000000000008000400001000000000000000000000000010000000000820000080000400000000800000000000000000000800000000000400000000024000000000000000000000000000000000000200000000000000000000000002000400000000010000000000080000000004000008000040000000000000000000000000000000000005000000000000000400000000000000020000000000000004000000000000000000000000000001000000000000000000000",
+    "blockHash": "0x0e3580ccc629f3950db865d3ea11cccf2f65b6fee99a602797c616e089d757f8",
+    "transactionHash": "0xd9ac436dded67250ee03115bb4422bde18fe08b738bca9c1eab0eab5920ff881",
     "logs": [
       {
-        "transactionIndex": 82,
-        "blockNumber": 5327834,
-        "transactionHash": "0x72ca7beec34f5ba3574023ef83c966fce1c2b1f93ec438de467480be550fe6e2",
-        "address": "0x5fd7999d7d84b871F91662Cb6390f6162918515A",
+        "transactionIndex": 64,
+        "blockNumber": 5650136,
+        "transactionHash": "0xd9ac436dded67250ee03115bb4422bde18fe08b738bca9c1eab0eab5920ff881",
+        "address": "0x1840D5416B9a60CA44e79Ff67E8771a1644Fd428",
         "topics": [
           "0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0",
           "0x0000000000000000000000000000000000000000000000000000000000000000",
-          "0x00000000000000000000000061d1eee7fbf652482dea98a1df591c626ba09a60"
+          "0x000000000000000000000000b87bbe9f9a0866b942b6587d74b06ed98dc1efb9"
         ],
         "data": "0x",
-        "logIndex": 110,
-        "blockHash": "0x1acb37714279c32126fc491c8b1c543db6ef664d301f54af41790995a53baa4f"
+        "logIndex": 103,
+        "blockHash": "0x0e3580ccc629f3950db865d3ea11cccf2f65b6fee99a602797c616e089d757f8"
       },
       {
-        "transactionIndex": 82,
-        "blockNumber": 5327834,
-        "transactionHash": "0x72ca7beec34f5ba3574023ef83c966fce1c2b1f93ec438de467480be550fe6e2",
-        "address": "0x4C5597d48A5E8b0bb81Ed7146017179428C027E6",
+        "transactionIndex": 64,
+        "blockNumber": 5650136,
+        "transactionHash": "0xd9ac436dded67250ee03115bb4422bde18fe08b738bca9c1eab0eab5920ff881",
+        "address": "0xa1DAFa05DCd37D89A987AfffAa6D73e6EF04094e",
         "topics": [
           "0x6ada868dd3058cf77a48a74489fd7963688e5464b2b0fa957ace976243270e92",
-          "0x0000000000000000000000005fd7999d7d84b871f91662cb6390f6162918515a",
-          "0x5a42b4159e54c4e06d5079a1b36a0cb715adf612d218e5060fbcb69b0e14178b"
+          "0x0000000000000000000000001840d5416b9a60ca44e79ff67e8771a1644fd428",
+          "0xcd5e7ba94f351d06b98ca1df5d6712597307c653d22cba296cac37b6e8dac7c4"
         ],
         "data": "0x",
-        "logIndex": 111,
-        "blockHash": "0x1acb37714279c32126fc491c8b1c543db6ef664d301f54af41790995a53baa4f"
+        "logIndex": 104,
+        "blockHash": "0x0e3580ccc629f3950db865d3ea11cccf2f65b6fee99a602797c616e089d757f8"
       },
       {
-        "transactionIndex": 82,
-        "blockNumber": 5327834,
-        "transactionHash": "0x72ca7beec34f5ba3574023ef83c966fce1c2b1f93ec438de467480be550fe6e2",
-        "address": "0x3c2E173A65BC3ecaFDa38802eF2D6E137a5D91be",
+        "transactionIndex": 64,
+        "blockNumber": 5650136,
+        "transactionHash": "0xd9ac436dded67250ee03115bb4422bde18fe08b738bca9c1eab0eab5920ff881",
+        "address": "0x7e69Bb2E7933B5C8250965d0bF36B955a16a03Ab",
         "topics": [
           "0xce0457fe73731f824cc272376169235128c118b49d344817417c6d108d155e82",
           "0x91d1777781884d03a6757a803996e38de2a42967fb37eeaca72729271025a9e2",
-          "0x640caf46e2b570fe849d32f28cb40a9c893a8c2e2d17c7998773220eec0bdc53"
+          "0xadf4ac815a64d5cf114ead13efeed039c14a76bebc4988d3a57c15b7f6aa4cf7"
         ],
-        "data": "0x00000000000000000000000061d1eee7fbf652482dea98a1df591c626ba09a60",
-        "logIndex": 112,
-        "blockHash": "0x1acb37714279c32126fc491c8b1c543db6ef664d301f54af41790995a53baa4f"
+        "data": "0x000000000000000000000000b87bbe9f9a0866b942b6587d74b06ed98dc1efb9",
+        "logIndex": 105,
+        "blockHash": "0x0e3580ccc629f3950db865d3ea11cccf2f65b6fee99a602797c616e089d757f8"
       }
     ],
-    "blockNumber": 5327834,
-    "cumulativeGasUsed": "12278177",
+    "blockNumber": 5650136,
+    "cumulativeGasUsed": "14190397",
     "status": 1,
     "byzantium": true
   },
   "args": [
-    "0x3c2E173A65BC3ecaFDa38802eF2D6E137a5D91be",
-    "0x42dEa7D082F38018bB3FAb9E4F9D822654f03b32",
-    "0xba6647fA7569ba5466E955bE3FFd1e476F16719A"
+    "0x7e69Bb2E7933B5C8250965d0bF36B955a16a03Ab",
+    "0xeFb15Cc3A6D496F54dcD112B29adF9fD0E03d2d4",
+    "0x2a1351f38E5842F57835326137C07b6DecEAc8d9"
   ],
   "numDeployments": 1,
   "solcInputHash": "cd6bf429cc4eb451b6820c60152496f5",

deployments/sepolia/AnytypePriceOracle.json

@@ -1,5 +1,5 @@
 {
-  "address": "0x9EfcBF46938c3a1B27608A2C599706093F9814dD",
+  "address": "0x690c620CB6E0B0c9a33A22077abF17E28F504e34",
   "abi": [
     {
       "inputs": [
@@ -146,29 +146,29 @@
       "type": "function"
     }
   ],
-  "transactionHash": "0xf74e23a9ccdb2b6b6ce7ba5aab8ad4d4b6df3d4de5aa97d2c6466aea85788c5e",
+  "transactionHash": "0x85be5289ea1efaf383bc48461fda232efc29793428805859489d17efe72cbd62",
   "receipt": {
     "to": null,
-    "from": "0x61d1eeE7FBF652482DEa98A1Df591C626bA09a60",
-    "contractAddress": "0x9EfcBF46938c3a1B27608A2C599706093F9814dD",
-    "transactionIndex": 74,
+    "from": "0xB87bBe9F9a0866B942B6587D74B06Ed98dC1EFB9",
+    "contractAddress": "0x690c620CB6E0B0c9a33A22077abF17E28F504e34",
+    "transactionIndex": 53,
     "gasUsed": "431683",
     "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
-    "blockHash": "0x9797343c53b3a1293c95bf35f2e439a7bf21702428588a08f2176bf46968b68b",
-    "transactionHash": "0xf74e23a9ccdb2b6b6ce7ba5aab8ad4d4b6df3d4de5aa97d2c6466aea85788c5e",
+    "blockHash": "0x987bdfaa6d2c010c482ee1583b8695aea552d8cb93702e146fd0f6336909f80a",
+    "transactionHash": "0x85be5289ea1efaf383bc48461fda232efc29793428805859489d17efe72cbd62",
     "logs": [],
-    "blockNumber": 5327839,
-    "cumulativeGasUsed": "14698477",
+    "blockNumber": 5650141,
+    "cumulativeGasUsed": "7884350",
     "status": 1,
     "byzantium": true
   },
   "args": [
     [
-      1000,
-      1000,
-      1000,
-      1000,
-      1000
+      7500,
+      7500,
+      7500,
+      7500,
+      7500
     ]
   ],
   "numDeployments": 1,