Access Control List is a powerful tool to manage roles and permissions, it improved the security and prevent unwanted actors to interactive with smart contracts. But there are many issues that weren’t solved in
eip-5982, please check the following list:
Role doesn’t reflect the permissions, a role in
eip-5982represent by a
stringwe don’t know the detail of its rights
Verification cost is high, to verify a role, we need to perform
keccak256and compare with the value in hashmap, this approach is quite costly when you want to check multiple roles.
Unable to organize the priority of permissions, there is no standard to compare the important between role/permissions, since all are
What would make Bit Based Permission better?.
The basic concept of this proposal is, using
uint256 to store permission since it’s supported natively by the EVM. We can defined up to
256 permissions, each bit of an
uint256 will be represent a permission (1 single permission is power of 2). What do we benefit from this approach?.
Role reflect permissions, since permissions were defined as power of 2, we can use
ORoperator to combine new role based on multiple permissions. We know exactly, what a role contains.
Cheaper verification cost, to verify a role or a subset of permission we just need to do a simple
ANDoperator on a permission bitmask. It’s much more cheaper than
Ordering permission by priority, We can use the most significant bit to represent for important permission, the comparison can be done easily since it all are
- Flexibility, 256 permissions can be combined to create up to 2²⁵⁶ different role. It would be enough for any complex ecosystem.