-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Audit Fixes - System Changes - Code Refactoring - Mega Merge #17
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Dev governance refactor
Fix: Upscale TS to reduce precision loss
To avoid circular dependencies when deploying.
Also: - remove now redundant check for initial initiatives - add epoch to initial initiatives
Tweaks to incorporate into core deployment
fix: Add Governance owner as constructor param
Fix broken properties
Fix audit and invariants
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Invariant Tests
https://getrecon.xyz/shares/478a5ff7-e63d-4075-bd9d-5dc5a51fe739
NOTE: CI/CD re-uses a 200 MLN tests run to massively speed up testing changes
Make sure to run a proper 200MLN+ run after all mitigations have been applied
1 BLN tests (after adding a canary for
claimForInitiative
:https://getrecon.xyz/shares/3d6c3753-1ecb-4f6f-b1e4-7661679bf632
Mitigation Notes
Mega PR of all changes
This PR will not be merged until the mitigation review is done
The current WIP PR is: #16
This PR collects additional small changes and fixes
5.1 -
Fixed, see: #16
Fix: 5.2 - Try Catch that actually doesn't revert - #5
selfdestruct
,returnbomb
,gasgrief
andreverts
Fix: 5.3 - fix: counted ts fix - #18
@nican0r need coverage here pls
Missing Test here
Can write a basic one:
Given a User Voting contributing X to the total
Removing 100% of votes should remove X off the total
5.4 - WIP - See: #16
5.5 - FIXED - #19
Fix: 5.6 - see 5.2
5.7 -> See 5.4
5.8 -> See 5.4
Fix: 5.9 - Curve Claim Flow + Tests + Griefing - #10
See DD: CurveV2 Gotchas / DD #45
NOTE:
You will have to get the initiative approved by the CurveDAO
If the voting time is 7 days, then this should be fine
Even if the voting time is longer, as long as you get it approved within less than 14 days from deployment, the entirety of the system will work and no epoch will be skipped
It's worth doing a review / simulation post deployment, but the local tests do use the NG implementations which seem to be the latest
5.10 -> See 5.4
5.11
Awaiting @jltqy See:
fix/voteCheck
May rewrite these
5.12
Ack
Fix: V4 Claim Grief Flow - #11
We have the followign doubts:
Recommended steps:
Additional Bug Fixes
Voting Power Desynch (Med / High)
Fixed by enforcing a reset
#49
Minor
Unchecked ETH Transfer - #7
Always use
safeTransfer
| bcf897esafeTransfer
but not usingsafeApprove
safe
functions as they are unnecessaryEncode and Decode Library with Fuzz Tests
#24