Assessment reports>Radix>Threat Model>Access controller

Access controller

The access-controller native blueprint is used to instantiate access-controller components. These components are intended to hold badges, which then allow authorized callers to generate proofs of these badges. This in turn lets the authorized callers use the badges for authentication elsewhere.

Every method of the access-controller component is protected; that is, only authorized roles are able to call these methods. We have extensively audited the code here to ensure that the access-controller component behaves as intended.

The only method that is callable by anyone is the timed_confirm_recovery() method. The recovery process is intended to be used when the role definitions within the access controller need to be updated (one situation where this might be necessary is if one of the roles is compromised).

In order to do this, the primary or recovery role owner must initiate the recovery process. Once the recovery proposal has gone through, if a certain amount of time has passed, the recovery proposal can be confirmed by anyone. To confirm this recovery, the timed_confirm_recovery() method must be called.

The method signature is as follows, where the rule_set contains the new role definitions for the primary, recovery, and confirmation roles:

timed_confirm_recovery( AccessControllerTimedConfirmRecoveryInput { rule_set, timed_recovery_delay_in_minutes, }: AccessControllerTimedConfirmRecoveryInput, api: &mut Y, )
Zellic © 2025Back to top ↑