Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Council Manager Affordance Change Action #284

Merged
merged 27 commits into from
Jul 9, 2024

Conversation

godzillaba
Copy link
Collaborator

@godzillaba godzillaba commented Jun 5, 2024

Shifts some of the emergency council's privileges over to the non-emergency council. Specifically these 4 SecurityCouncilManager roles are transferred: MEMBER_ADDER_ROLE, MEMBER_REPLACER_ROLE, MEMBER_ROTATOR_ROLE, MEMBER_REMOVER_ROLE.

yarn ts-node scripts/printAccessControlRoles.ts shows the following roles on the manager:

Checking roles for 0xD509E5f5aEe2A205F554f36E8a7d56094494eDFC "Security Council Manager" on chain 42161

Accounts with '0x0000000000000000000000000000000000000000000000000000000000000000':
0xCF57572261c7c2BCF21ffD220ea7d1a27D40A827

Accounts with 'COHORT_REPLACER':
0x467923B9AE90BDB36BA88eCA11604D45F13b712C

Accounts with 'MEMBER_ADDER':
0x423552c0F05baCCac5Bfa91C6dCF1dc53a0A1641

Accounts with 'MEMBER_REMOVER':
0x6f3a242cA91A119F872f0073BC14BC8a74a315Ad
0x423552c0F05baCCac5Bfa91C6dCF1dc53a0A1641

Accounts with 'MEMBER_ROTATOR':
0x423552c0F05baCCac5Bfa91C6dCF1dc53a0A1641

Accounts with 'MEMBER_REPLACER':
0x423552c0F05baCCac5Bfa91C6dCF1dc53a0A1641

Documentation is also updated to reflect this change.

Proposal data: #290
Seatbelt: ArbitrumFoundation/governance-seatbelt#30

@godzillaba godzillaba requested review from yahgwai and removed request for yahgwai June 5, 2024 22:44
@godzillaba godzillaba changed the base branch from update-forge-std to fix-test-overflow June 5, 2024 23:26
Base automatically changed from fix-test-overflow to main June 7, 2024 12:20
@godzillaba godzillaba marked this pull request as ready for review June 7, 2024 12:33
@godzillaba godzillaba requested review from yahgwai and gvladika June 7, 2024 12:34
@godzillaba godzillaba requested a review from gzeoneth June 7, 2024 12:34
@@ -176,15 +176,17 @@ It accepts proposals in the same format that normal governors do, however it ove

Voting and proposing can occur using the standard governance UIs.

### 9/12 Security Council
### Non-Emergency Security Council
Copy link
Collaborator

@yahgwai yahgwai Jun 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is only consistent with the constitution because we're also making the non emergency governor a 9/12 multisig - so in the future we would need to be careful if we ever reduced the threshold again to move these roles back to the emergency governor.

I dont know how we can guard against. Could do:

  1. Add a big comment somewhere about the threshold - but I dont know where we could put a comment that it would get picked up in this case
  2. Add a check somewhere in the sec council manager that wont allow these updates to be called unless its by a safe with 9/12 threshold.
  3. Add a guard into the non emergency safe that doesnt allow the threshold to be reduced unless a special string is provided eg keccak256("the member roles on the sec council manager have already been revoked")

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we could put something in gotchas.md or security-council-manager.md but i'm not sure they would be noticed

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i actually think documenting it should be sufficient, the nonemergency can only do 2 things: queue l2 timelock and call the manager, so when the threshold is changed I would think this would be remembered

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, lets stick it in the gotchas or something then

bytes32 public immutable MEMBER_ROTATOR_ROLE = securityCouncilManager.MEMBER_ROTATOR_ROLE();
bytes32 public immutable MEMBER_REMOVER_ROLE = securityCouncilManager.MEMBER_REMOVER_ROLE();

function perform() public {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could add checks/verifications after roles are granted for extra layer of safety (even though it's tested in fork test so probably not necessary)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good call

Copy link
Collaborator

@gvladika gvladika left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@stonecoldpat
Copy link
Contributor

+1 let's keep it as a strict subset

@godzillaba godzillaba merged commit 8c6a155 into main Jul 9, 2024
7 of 8 checks passed
@godzillaba godzillaba deleted the manager-role-action branch July 9, 2024 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants