OpenZeppelin Access Control and Ownable
About This Project
SubQuery indexer for OpenZeppelin Stellar Access Control and Ownable contracts, enabling server-side filtering and historical queries for role-based access control (RBAC) and ownership management events. This indexer captures **all 9 critical events** from OpenZeppelin's Stellar smart contracts: **Access Control Events:** - `role_granted` - Track when roles are assigned to accounts - `role_revoked` - Monitor role removals - `role_admin_changed` - Log changes to role administrators **Admin Transfer Events:** - `admin_transfer_initiated` - Detect when admin transfer is proposed - `admin_transfer_completed` - Confirm admin transfer completion - `admin_renounced` - Track admin role renunciations **Ownership Events:** - `ownership_transfer` - Monitor ownership transfer initiation - `ownership_transfer_completed` - Confirm ownership changes - `ownership_renounced` - Track ownership renunciations **Additional Features:** - **Contract Deployment Tracking**: Monitors `invokeHostFunction` operations to detect new contract deployments. - **Current State Snapshot**: Maintains live records of `RoleMembership` and `ContractOwnership` for instant verification. **Use Cases:** - Historical audit trails for security and compliance - Real-time monitoring of access control changes - Governance dashboards and analytics - dApp integration for role and permission management - Security monitoring and alerting systems **Network Support:** - **Stellar Testnet**: Supported (Default manifest: `project.ts`) - **Stellar Mainnet**: Supported (Mainnet manifest: `project-mainnet.ts`) **Technical Details:** - **Multi-Manifest Architecture**: Shared mapping logic across Testnet and Mainnet via separate configuration files. - **Deterministic Indexing**: Optimized for SubQuery Network compatibility and sequential proof-of-indexing consensus. - **Pruned Node Compatibility**: Configurable `startBlock` to support public Horizon endpoints. - **GraphQL API**: Rich querying capabilities with flexible filtering and pagination. **Contact:** - GitHub: https://github.com/pasevin/stellar-access-control-indexer - Issues: https://github.com/pasevin/stellar-access-control-indexer/issues - Organization: OpenZeppelin (https://openzeppelin.com) - Related Projects: OpenZeppelin Stellar Contracts (https://github.com/OpenZeppelin/stellar-contracts)
Version Details
#### **Overview** This project is a specialized SubQuery indexer for **OpenZeppelin Stellar Access Control and Ownable** contracts. it indexes all 9 critical security events (Role Grants/Revocations, Admin Transfers, Ownership Lifecycle) and maintains a live snapshot of contract permissions across the Stellar network. #### **Network Configuration** * **Chain ID**: `Public Global Stellar Network ; September 2015` * **Manifest File**: `project-mainnet.ts` (or `project-mainnet.yaml` on IPFS) * **Start Block**: `60250000` (Optimized for pruned Horizon nodes). * *Note: If you are running a non-pruned Horizon archive, you can index from block `57243255` to capture the full history of OZ contracts on mainnet.* #### **System Requirements & Performance** * **Database**: PostgreSQL 14+. * **Growth**: Moderate. The indexer stores event logs and current state. Estimated database size after indexing 1 million blocks is ~500MB. * **Node Resources**: * **CPU**: 1-2 vCPUs is sufficient. * **RAM**: 2GB minimum (the mapping logic is lightweight but the Stellar SDK requires some overhead). * **Indexing Speed**: * On a standard public Horizon endpoint (rate-limited): ~0.5 - 1 block/sec. * On a private/unlimited Horizon endpoint: ~50 - 100 blocks/sec. * **Estimated Sync Time**: ~2-4 hours from the current start block on public endpoints; <10 minutes on private endpoints. #### **Operator Configuration Tips** For the best performance and to avoid "Proof of Indexing" mismatches: 1. **Horizon Endpoints**: Using private endpoints is highly recommended. If using public endpoints, set `--batch-size=1` or `--batch-size=5` to stay within rate limits. 2. **Retry Logic**: Configure the following environment variables to handle transient network errors: * `STELLAR_ENDPOINT_RETRY_ATTEMPTS=10` * `STELLAR_ENDPOINT_RETRY_DELAY=20000` (20 seconds) 3. **Workers**: Use `--workers=1` for public endpoints to avoid concurrent rate-limit triggers. #### **Breaking Changes & Versioning** * **v1.0.0 (Current)**: Initial production release. * **Schema Policy**: Any changes to `schema.graphql` will be released as a Major version (x.0.0) and will require a `--force-clean` re-index. * **Handler Logic**: Minor changes to event decoding will be released as Minor versions (0.x.0). #### **Contact & Support** * **Maintainer**: OpenZeppelin * **Repository**: [https://github.com/pasevin/stellar-access-control-indexer](https://github.com/pasevin/stellar-access-control-indexer) * **Issues**: Please report any indexing errors or POI mismatches on our GitHub Issues page. *** ### **Summary of Why Operators Should Index This** * **Critical Utility**: This is a core infrastructure component for any dApp using OpenZeppelin's standard Stellar contracts. * **Reliability**: Includes sandbox-safe polyfills and deterministic mapping logic designed specifically for the SubQuery Network. * **Low Maintenance**: Minimal database growth and stable handler logic.
Why you should sign up
Join our Active Discord Community