Permission Serialization/Deserialization (#394)

* First sketch of the new Serialization architecture

* Patch EqualToAvatar conditions

* Extract permission validation and writing into an external library bundle

* Make the unpackers single loop, remove double pass

* Optimize unpacker gas usage by reducing array accesses

* Isolate Function loading from contract storage in new lib

* Refactor: explicitly separate function storage and loading

* fix avatar storage slot offset when patching

* Consolidate three packer libraries into unified FunctionPacker

* Reorganize permission storage into serialize/deserialize structure and consolidate unpacker files

* rename permission-storage to scoped-function and consolidate supporting files

* Remove PermissionLoader abstraction layer

* remove uncessary constant from ImmutableStorage

* improve scopeconfig comment

* Clean up Deserializer and remove unused constants from Unpacker

* Optimize unpacker by inlining node memory loads

---------

Co-authored-by: Cristóvão <cristovaoth@users.noreply.github.com>

Author: cristovaoth

packages/evm/contracts/AllowanceTracker.sol

@@ -7,8 +7,6 @@ import "./_Core.sol";
  * @title AllowanceTracker - a component of the Zodiac Roles Mod that is
  * responsible for loading and calculating allowance balances. Persists
  * consumptions back to storage.
- * @author Cristóvão Honorato - <cristovao.honorato@gnosis.io>
- * @author Jan-Felix Schwarz  - <jan-felix.schwarz@gnosis.io>
  */
 abstract contract AllowanceTracker is Core {
     event ConsumeAllowance(

packages/evm/contracts/PermissionBuilder.sol

@@ -2,16 +2,20 @@
 pragma solidity >=0.8.17 <0.9.0;
 
 import "./_Core.sol";
-import "./Integrity.sol";
 
-import "./packers/BufferPacker.sol";
-
-/**
- * @title PermissionBuilder - a component of the Zodiac Roles Mod that is
- * responsible for constructing, managing, granting, and revoking all types
- * of permission data.
- * @author Cristóvão Honorato - <cristovao.honorato@gnosis.io>
- * @author Jan-Felix Schwarz  - <jan-felix.schwarz@gnosis.io>
+import "./scoped-function/serialize/Serializer.sol";
+import "./scoped-function/ScopeConfig.sol";
+
+/*
+ * The Permission Model Hierarchy
+ *
+ * Role → Target (address)
+ *        ├─ ALLOWED     ──→ No rules, blanket approval (just a flag)
+ *        ├─ DISALLOWED  ──→ No rules, blanket denial (just a flag)
+ *        └─ SCOPED      ──→ Per-function rules (THIS is permission-storage)
+ *                           ├─ function1 → [conditions...]
+ *                           ├─ function2 → [conditions...]
+ *                           └─ function3 → [conditions...]
  */
 abstract contract PermissionBuilder is Core {
     event AllowTarget(
@@ -105,8 +109,8 @@ abstract contract PermissionBuilder is Core {
         bytes4 selector,
         ExecutionOptions options
     ) external onlyOwner {
-        roles[roleKey].scopeConfig[_key(targetAddress, selector)] = BufferPacker
-            .packHeaderAsWildcarded(options);
+        roles[roleKey].scopeConfig[_key(targetAddress, selector)] = ScopeConfig
+            .packAsWildcarded(options);
 
         emit AllowFunction(roleKey, targetAddress, selector, options);
     }
@@ -137,14 +141,8 @@ abstract contract PermissionBuilder is Core {
         ConditionFlat[] memory conditions,
         ExecutionOptions options
     ) external onlyOwner {
-        Integrity.enforce(conditions);
-
-        _store(
-            roles[roleKey],
-            _key(targetAddress, selector),
-            conditions,
-            options
-        );
+        roles[roleKey].scopeConfig[_key(targetAddress, selector)] = Serializer
+            .store(conditions, options);
 
         emit ScopeFunction(
             roleKey,

packages/evm/contracts/PermissionChecker.sol

@@ -6,14 +6,15 @@ import "./_Periphery.sol";
 import "./AbiDecoder.sol";
 import "./Consumptions.sol";
 
-import "./packers/BufferPacker.sol";
+import "./scoped-function/deserialize/Deserializer.sol";
+import "./scoped-function/ScopeConfig.sol";
 
 /**
  * @title PermissionChecker - a component of Zodiac Roles Mod responsible
  * for enforcing and authorizing actions performed on behalf of a role.
  *
- * @author Cristóvão Honorato - <cristovao.honorato@gnosis.io>
- * @author Jan-Felix Schwarz  - <jan-felix.schwarz@gnosis.io>
+ * @author gnosisguild
+ *
  */
 abstract contract PermissionChecker is Core, Periphery {
     function _authorize(
@@ -122,9 +123,8 @@ abstract contract PermissionChecker is Core, Periphery {
         }
 
         if (role.targets[to].clearance == Clearance.Function) {
-            bytes32 key = _key(to, bytes4(data));
+            bytes32 header = role.scopeConfig[_key(to, bytes4(data))];
             {
-                bytes32 header = role.scopeConfig[key];
                 if (header == 0) {
                     return (
                         Status.FunctionNotAllowed,
@@ -135,8 +135,8 @@ abstract contract PermissionChecker is Core, Periphery {
                     );
                 }
 
-                (bool isWildcarded, ExecutionOptions options) = BufferPacker
-                    .unpackOptions(header);
+                (bool isWildcarded, ExecutionOptions options, ) = ScopeConfig
+                    .unpack(header);
 
                 Status status = _executionOptions(value, operation, options);
                 if (status != Status.Ok) {
@@ -156,8 +156,7 @@ abstract contract PermissionChecker is Core, Periphery {
 
             return
                 _scopedFunction(
-                    role,
-                    key,
+                    header,
                     data,
                     Context({
                         to: to,
@@ -210,16 +209,28 @@ abstract contract PermissionChecker is Core, Periphery {
     }
 
     function _scopedFunction(
-        Role storage role,
-        bytes32 key,
+        bytes32 scopeConfig,
         bytes calldata data,
         Context memory context
     ) private view returns (Status, Result memory) {
+        Consumption[] memory consumptions;
         (
             Condition memory condition,
             TypeTree memory typeTree,
-            Consumption[] memory consumptions
-        ) = _load(role, key);
+            bytes32[] memory allowanceKeys
+        ) = Deserializer.load(scopeConfig);
+
+        if (allowanceKeys.length > 0) {
+            consumptions = new Consumption[](allowanceKeys.length);
+
+            for (uint256 i; i < allowanceKeys.length; ++i) {
+                consumptions[i].allowanceKey = allowanceKeys[i];
+                (consumptions[i].balance, ) = _accruedAllowance(
+                    allowances[allowanceKeys[i]],
+                    uint64(block.timestamp)
+                );
+            }
+        }
 
         Payload memory payload = AbiDecoder.inspect(data, typeTree);
 
@@ -512,20 +523,17 @@ abstract contract PermissionChecker is Core, Periphery {
         Context memory context
     ) private view returns (Status, Result memory result) {
         result.consumptions = context.consumptions;
-
         if (
             payload.children.length == 0 ||
             payload.children.length > condition.children.length
         ) {
             return (Status.ParameterNotSubsetOfAllowed, result);
         }
-
         uint256 taken;
         for (uint256 i; i < payload.children.length; ++i) {
             bool found = false;
             for (uint256 j; j < condition.children.length; ++j) {
                 if (taken & (1 << j) != 0) continue;
-
                 (Status status, Result memory _result) = _walk(
                     data,
                     condition.children[j],
@@ -551,7 +559,6 @@ abstract contract PermissionChecker is Core, Periphery {
                 );
             }
         }
-
         return (Status.Ok, result);
     }
 

packages/evm/contracts/PermissionLoader.sol

@@ -4,22 +4,19 @@ pragma solidity >=0.8.17 <0.9.0;
 import "./AllowanceTracker.sol";
 import "./PermissionBuilder.sol";
 import "./PermissionChecker.sol";
-import "./PermissionLoader.sol";
 
 /**
  * @title Zodiac Roles Mod - granular, role-based, access control for your
- * on-chain avatar accounts (like Safe).
- * @author Cristóvão Honorato - <cristovao.honorato@gnosis.io>
- * @author Jan-Felix Schwarz  - <jan-felix.schwarz@gnosis.io>
- * @author Auryn Macmillan    - <auryn.macmillan@gnosis.io>
- * @author Nathan Ginnever    - <nathan.ginnever@gnosis.io>
+ * on-chain avatar accounts.
+ *
+ * @author gnosisguild
+ *
  */
 contract Roles is
     Modifier,
     AllowanceTracker,
     PermissionBuilder,
-    PermissionChecker,
-    PermissionLoader
+    PermissionChecker
 {
     mapping(address => bytes32) public defaultRoles;