Should I make it possible to grant control to an envoy over a full target contract?

[PaulRBerg]

The current access-control system requires proxy owners to grant granular permissions if they want to let other accounts (i.e. "envoys") execute txs on their behalf:

prb-proxy/src/PRBProxy.sol

Line 40 in 7594489

mapping(address => mapping(address => mapping(bytes4 => bool))) internal permissions;

However, this behavior is somewhat limiting since it asks the end user to sign lots of txs. Given that DeFi protocols typically have many moving pieces, I wonder if it wouldn't make sense to ditch the selector in the permission scheme so that owners can grant access to whole target contracts?

prb-proxy/src/PRBProxy.sol

Lines 192 to 201 in 7594489

	/// @inheritdoc IPRBProxy
	function setPermission(
	address envoy,
	address target,
	bytes4 selector,
	bool permission
	) external override onlyOwner {
	permissions[envoy][target][selector] = permission;
	emit SetPermission(envoy, target, selector, permission);
	}

Feel free to cast your vote below. I would be particularly interested in getting a response from @razgraf, @cleanunicorn, @SolcAndMe, and @amarcu :)

[SolcAndMe]

Another approach would be to do it like this: https://github.com/fiatdao/fiat-i/blob/main/src/core/utils/Guarded.sol#L17. Though this comes with the overhead of having to check for the Wildcard selector as well.

[PaulRBerg]

Thank you for your response, @SolcAndMe.

Interesting idea with the wildcard, but I would not add more complexity to the execute function. The gas cost is already relatively high - higher than DSProxy, at least.

[SolcAndMe]

Yes agreed. Would also not go that route. Currently I'm in favor of just simplifying the permission scheme.

[PaulRBerg]

I ended up implementing this:

2207486