A secure and manageable proxy account system for Aptos blockchain, providing deterministic resource account creation with two-step admin role management.
This package implements a proxy account system that allows users to create deterministic resource accounts with secure admin role management. The system is designed for scenarios where you need predictable account addresses and secure privilege management.
- Deterministic Proxy Creation: Create resource accounts with predictable addresses using a seed-based approach
- Two-Step Admin Transfer: Secure admin role transfer mechanism inspired by OpenZeppelin's Ownable2Step
- Resource Account Management: Efficient management of Aptos resource accounts with signer capabilities
- Event-Driven: Comprehensive event emission for admin role changes and lifecycle management
The core module for creating and managing deterministic proxy accounts.
Key Functions:
create(creator: &signer, proxy_name: vector<u8>): address- Creates a new proxy accountproxy_address(creator: address, proxy_name: vector<u8>): address- Calculates the deterministic addressgenerate_proxy_signer(admin: &signer, proxy: address): signer- Generates a signer for the proxy account (admin only)
Features:
- Uses a deterministic seed (
proxy:deterministic_proxy+ custom name) for address generation - Automatically sets up admin role management for the created proxy
- Returns the proxy account address for further interactions
Provides secure admin role management with two-step transfer process.
Key Functions:
new(caller: &signer, admin: address)- Initialize admin role for a resourcechange_admin(caller: &signer, resource_address: address, new_admin: address)- Start admin transferaccept_admin(caller: &signer, resource_address: address)- Complete admin transferadmin(resource_address: address): address- View current adminpending_admin(resource_address: address): Option<address>- View pending admin
Security Features:
- Two-step transfer process prevents accidental role transfer to inaccessible addresses
- Comprehensive access control with proper error handling
- Event emission for all role changes
use proxy::deterministic_proxy;
// Create a new proxy account
let proxy_addr = deterministic_proxy::create(&creator_signer, b"my_proxy");
// Calculate address without creating (for verification)
let expected_addr = deterministic_proxy::proxy_address(creator_address, b"my_proxy");
// Generate a signer for the proxy (only admin can do this)
let proxy_signer = deterministic_proxy::generate_proxy_signer(&admin_signer, proxy_addr);use proxy::manageable;
// Check current admin
let current_admin = manageable::admin(proxy_address);
// Start admin transfer
manageable::change_admin(¤t_admin_signer, proxy_address, new_admin_address);
// Accept admin role (must be called by new_admin)
manageable::accept_admin(&new_admin_signer, proxy_address);The system emits the following events for transparency and monitoring:
AdminChangeStarted- Emitted when admin transfer is initiatedAdminChanged- Emitted when admin transfer is completedAdminRoleDestroyed- Emitted when admin role is destroyed
- Two-Step Transfer: Admin role changes require two transactions, preventing accidental transfers
- Access Control: All administrative functions verify caller permissions
- Deterministic Addresses: Proxy addresses are predictable but collision-resistant
- Resource Safety: Proper resource management with cleanup functions
- Aptos Framework: Uses
account,event, and standard library modules - Move Standard Library: Utilizes
option,signer, andvectormodules
- Aptos CLI installed
- Move compiler
aptos move compile# Update Move.toml with your address
aptos move publish --named-addresses proxy=<your_address>Update Move.toml with your deployment address:
[addresses]
proxy = "YOUR_DEPLOYMENT_ADDRESS"For development:
[dev-addresses]
proxy = "0x10" # or your preferred dev addressLicensed under the Apache License, Version 2.0. See LICENSE for details.
This package is developed by Yeap Labs. Contributions following the established code style and security practices are welcome.
- 1.0.0: Initial release with deterministic proxy creation and manageable admin roles
Author: oneke@yeap.finance Organization: Yeap Labs