From 9575b84cad63f15bfa2c0538aab8343d5e558631 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Ber=C4=8Di=C4=8D?= <jan@oasisprotocol.org>
Date: Fri, 26 Jul 2024 19:17:50 +0200
Subject: [PATCH] Add authorization for EVM contract deployment

---
 runtime/Cargo.lock |  2 +-
 runtime/Cargo.toml |  2 +-
 runtime/src/lib.rs | 32 +++++++++++++++++++++++++++++++-
 3 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/runtime/Cargo.lock b/runtime/Cargo.lock
index 655d2be..e3af436 100644
--- a/runtime/Cargo.lock
+++ b/runtime/Cargo.lock
@@ -2707,7 +2707,7 @@ dependencies = [
 
 [[package]]
 name = "pontusx-paratime"
-version = "0.0.4-devnet"
+version = "0.0.5-devnet"
 dependencies = [
  "const-str",
  "hex",
diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml
index df67925..fb46f7c 100644
--- a/runtime/Cargo.toml
+++ b/runtime/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "pontusx-paratime"
-version = "0.0.4-devnet"
+version = "0.0.5-devnet"
 authors = ["deltaDAO <contact@delta-dao.com>"]
 edition = "2021"
 license = "Apache-2.0"
diff --git a/runtime/src/lib.rs b/runtime/src/lib.rs
index 1a3c854..3972976 100644
--- a/runtime/src/lib.rs
+++ b/runtime/src/lib.rs
@@ -1,7 +1,10 @@
 //! The Pontus-X ParaTime.
 #![deny(rust_2018_idioms, single_use_lifetimes, unreachable_pub)]
 
-use std::collections::{BTreeMap, BTreeSet};
+use std::{
+    collections::{BTreeMap, BTreeSet},
+    str::FromStr,
+};
 
 #[cfg(target_env = "sgx")]
 use oasis_runtime_sdk::core::consensus::verifier::TrustRoot;
@@ -14,6 +17,7 @@ use oasis_runtime_sdk::{
     Module, Version,
 };
 use once_cell::unsync::Lazy;
+use primitive_types::H160;
 
 /// Configuration of the various modules.
 pub struct Config;
@@ -109,6 +113,29 @@ impl module_evm::Config for Config {
     const CONFIDENTIAL: bool = true;
 }
 
+#[allow(clippy::declare_interior_mutable_const)]
+impl modules::access::Config for Config {
+    const METHOD_AUTHORIZATIONS: Lazy<modules::access::types::Authorization> = Lazy::new(|| {
+        modules::access::types::Authorization::with_filtered_methods([(
+            "evm.Create",
+            modules::access::types::MethodAuthorization::allow_from([
+                // ERC-721 factory contract.
+                Address::from_eth(
+                    H160::from_str("0xFdC4a5DEaCDfc6D82F66e894539461a269900E13")
+                        .unwrap()
+                        .as_ref(),
+                ),
+                // Main devnet deployment account.
+                Address::from_eth(
+                    H160::from_str("0x4B010D64C7b2037ea2Dabea4d303c4c24b723d00")
+                        .unwrap()
+                        .as_ref(),
+                ),
+            ]),
+        )])
+    });
+}
+
 /// The EVM ParaTime.
 pub struct Runtime;
 
@@ -142,6 +169,8 @@ impl sdk::Runtime for Runtime {
         modules::consensus_accounts::Module<modules::consensus::Module>,
         // EVM.
         module_evm::Module<Config>,
+        // Access control module.
+        modules::access::Module<Config>,
     );
 
     fn trusted_signers() -> Option<TrustedSigners> {
@@ -284,6 +313,7 @@ impl sdk::Runtime for Runtime {
                     gas_costs: module_evm::GasCosts {},
                 },
             },
+            (), // Access module.
         )
     }