feat(rfq-api): check both relayer role and quoter role (#3399)

* Fix: regen * Fix: build * Feat: check both quoter role and relayer role * logging nit * Feat: parallelize role checking --------- Co-authored-by: parodime <[email protected]>
synapsecns · Nov 22, 2024 · 884d9ae · 884d9ae
1 parent 8edcb7b
commit 884d9ae
Show file tree

Hide file tree

Showing 4 changed files with 1,103 additions and 814 deletions.
diff --git a/services/rfq/api/rest/server.go b/services/rfq/api/rest/server.go
@@ -358,17 +358,18 @@ type roleContract interface {
 func (r *QuoterAPIServer) checkRoleParallel(c *gin.Context, destChainID uint32) (addressRecovered common.Address, err error) {
 	g := new(errgroup.Group)
 	var v1Addr, v2Addr common.Address
+	var v1Ok, v2Ok bool
 	var v1Err, v2Err error
 
-	var v1Ok, v2Ok bool
+	quoterRole := crypto.Keccak256Hash([]byte("QUOTER_ROLE"))
+	relayerRole := crypto.Keccak256Hash([]byte("RELAYER_ROLE"))
 	g.Go(func() error {
-		v1Addr, v1Err = r.checkRole(c, destChainID, true)
+		v1Addr, v1Err = r.checkRole(c, destChainID, true, relayerRole)
 		v1Ok = v1Err == nil
 		return v1Err
 	})
-
 	g.Go(func() error {
-		v2Addr, v2Err = r.checkRole(c, destChainID, false)
+		v2Addr, v2Err = r.checkRole(c, destChainID, false, quoterRole)
 		v2Ok = v2Err == nil
 		return v2Err
 	})
@@ -387,7 +388,7 @@ func (r *QuoterAPIServer) checkRoleParallel(c *gin.Context, destChainID uint32)
 	return common.Address{}, fmt.Errorf("role check failed for both v1 and v2")
 }
 
-func (r *QuoterAPIServer) checkRole(c *gin.Context, destChainID uint32, useV1 bool) (addressRecovered common.Address, err error) {
+func (r *QuoterAPIServer) checkRole(c *gin.Context, destChainID uint32, useV1 bool, role [32]byte) (addressRecovered common.Address, err error) {
 	var bridge roleContract
 	var roleCache *ttlcache.Cache[string, bool]
 	var ok bool
@@ -408,7 +409,6 @@ func (r *QuoterAPIServer) checkRole(c *gin.Context, destChainID uint32, useV1 bo
 	}
 
 	ops := &bind.CallOpts{Context: c}
-	relayerRole := crypto.Keccak256Hash([]byte("RELAYER_ROLE"))
 
 	// authenticate relayer signature with EIP191
 	deadline := time.Now().Unix() - 1000 // TODO: Replace with some type of r.cfg.AuthExpiryDelta
@@ -424,9 +424,9 @@ func (r *QuoterAPIServer) checkRole(c *gin.Context, destChainID uint32, useV1 bo
 
 	if cachedRoleItem == nil || cachedRoleItem.IsExpired() {
 		// Cache miss or expired, check on-chain
-		hasRole, err = bridge.HasRole(ops, relayerRole, addressRecovered)
+		hasRole, err = bridge.HasRole(ops, role, addressRecovered)
 		if err != nil {
-			return addressRecovered, fmt.Errorf("unable to check relayer role on-chain: %w", err)
+			return addressRecovered, fmt.Errorf("unable to check role on-chain: %w", err)
 		}
 		// Update cache
 		roleCache.Set(addressRecovered.Hex(), hasRole, cacheInterval)