feat: make FWSS permissionless by removing provider approval checks (#302)

Author: pali101

service_contracts/abi/FilecoinWarmStorageService.abi.json

@@ -2078,22 +2078,6 @@
       }
     ]
   },
-  {
-    "type": "error",
-    "name": "ProviderNotApproved",
-    "inputs": [
-      {
-        "name": "provider",
-        "type": "address",
-        "internalType": "address"
-      },
-      {
-        "name": "providerId",
-        "type": "uint256",
-        "internalType": "uint256"
-      }
-    ]
-  },
   {
     "type": "error",
     "name": "ProviderNotInApprovedList",

service_contracts/src/Errors.sol

@@ -222,11 +222,6 @@ library Errors {
     /// @param provider The provider address
     error ProviderNotRegistered(address provider);
 
-    /// @notice Provider is not approved for service
-    /// @param provider The provider address
-    /// @param providerId The provider ID from registry
-    error ProviderNotApproved(address provider, uint256 providerId);
-
     /// @notice Provider is already approved
     /// @param providerId The provider ID that is already approved
     error ProviderAlreadyApproved(uint256 providerId);

service_contracts/src/FilecoinWarmStorageService.sol

@@ -513,9 +513,6 @@ contract FilecoinWarmStorageService is
 
         require(providerId != 0, Errors.ProviderNotRegistered(serviceProvider));
 
-        // Check if provider is approved
-        require(approvedProviders[providerId], Errors.ProviderNotApproved(serviceProvider, providerId));
-
         address payee = serviceProviderRegistry.getProviderPayee(providerId);
 
         require(
@@ -948,15 +945,12 @@ contract FilecoinWarmStorageService is
         );
         require(newServiceProvider != address(0), Errors.ZeroAddress(Errors.AddressField.ServiceProvider));
 
-        // Verify new service provider is registered and approved
+        // Verify new service provider is registered
         uint256 newProviderId = serviceProviderRegistry.getProviderIdByAddress(newServiceProvider);
 
         // Check if provider is registered
         require(newProviderId != 0, Errors.ProviderNotRegistered(newServiceProvider));
 
-        // Check if provider is approved
-        require(approvedProviders[newProviderId], Errors.ProviderNotApproved(newServiceProvider, newProviderId));
-
         // Update the data set service provider
         info.serviceProvider = newServiceProvider;
 

service_contracts/test/FilecoinWarmStorageServiceOwner.t.sol

@@ -259,21 +259,20 @@ contract FilecoinWarmStorageServiceOwnerTest is MockFVMTest {
         console.log("Correctly reverted for unregistered provider");
     }
 
-    function testStorageProviderChangedRevertsForUnapprovedProvider() public {
-        console.log("=== Test: storageProviderChanged reverts for unapproved provider ===");
+    function testStorageProviderChangedSucceedsForAnyRegisteredProvider() public {
+        console.log("=== Test: storageProviderChanged succeeds for any registered provider ===");
 
         uint256 dataSetId = createDataSet(provider1, client);
 
-        uint256 unauthorizedProviderId = providerRegistry.getProviderIdByAddress(unauthorizedProvider);
-
-        // Try to change to unapproved provider
+        // Change to shouldn't require provider be approved
         vm.prank(address(pdpVerifier));
-        vm.expectRevert(
-            abi.encodeWithSelector(Errors.ProviderNotApproved.selector, unauthorizedProvider, unauthorizedProviderId)
-        );
         serviceContract.storageProviderChanged(dataSetId, provider1, unauthorizedProvider, new bytes(0));
 
-        console.log("Correctly reverted for unapproved provider");
+        // Verify the service provider was changed
+        FilecoinWarmStorageService.DataSetInfoView memory info = viewContract.getDataSet(dataSetId);
+        assertEq(info.serviceProvider, unauthorizedProvider, "Service provider should be updated");
+
+        console.log("Successfully changed to registered provider (approval not required)");
     }
 
     function testStorageProviderChangedRevertsForWrongOldOwner() public {

service_contracts/test/ProviderValidation.t.sol

@@ -109,6 +109,8 @@ contract ProviderValidationTest is MockFVMTest {
     }
 
     function testProviderRegisteredButNotApproved() public {
+        // NOTE: This operation is expected to pass.
+        // Approval is not required to perform onboarding actions.
         // Register provider1 in serviceProviderRegistry
         vm.prank(provider1);
         serviceProviderRegistry.registerProvider{value: 5 ether}(
@@ -133,7 +135,21 @@ contract ProviderValidationTest is MockFVMTest {
             new string[](0)
         );
 
-        // Try to create dataset without approval
+        // Setup payment approvals for client
+        vm.startPrank(client);
+        payments.setOperatorApproval(
+            usdfc,
+            address(warmStorage),
+            true,
+            1000 * 10 ** 6, // rate allowance
+            1000 * 10 ** 6, // lockup allowance
+            365 days // max lockup period
+        );
+        usdfc.approve(address(payments), 100 * 10 ** 6);
+        payments.deposit(usdfc, client, 100 * 10 ** 6);
+        vm.stopPrank();
+
+        // Create dataset without approval should now succeed
         string[] memory metadataKeys = new string[](0);
         string[] memory metadataValues = new string[](0);
         bytes memory extraData = abi.encode(client, 0, metadataKeys, metadataValues, FAKE_SIGNATURE);
@@ -142,8 +158,11 @@ contract ProviderValidationTest is MockFVMTest {
         vm.mockCall(address(0x01), bytes(hex""), abi.encode(client));
 
         vm.prank(provider1);
-        vm.expectRevert(abi.encodeWithSelector(Errors.ProviderNotApproved.selector, provider1, 1));
-        pdpVerifier.createDataSet(PDPListener(address(warmStorage)), extraData);
+        // Dataset creation shouldn't require provider be approved
+        uint256 dataSetId = pdpVerifier.createDataSet(PDPListener(address(warmStorage)), extraData);
+
+        // Verify the dataset was created
+        assertTrue(dataSetId > 0, "Dataset should be created");
     }
 
     function testProviderApprovedCanCreateDataset() public {