Agent app: EVM

.travis.yml

@@ -12,6 +12,8 @@ cache:
  - apps/vault/node_modules
  - apps/voting/node_modules
  - apps/voting/app/node_modules
+ - future-apps/agent/node_modules
+ - future-apps/payroll/node_modules
  - shared/migrations/node_modules
  - shared/minime/node_modules
  - shared/test-helpers/node_modules
@@ -24,12 +26,14 @@ env:
  - INSTALL_FRONTEND=false
  matrix:
  - TASK=lint
+ - TASK=test:agent
  - TASK=test:finance
  - TASK=test:survey
  - TASK=test:token-manager
  - TASK=test:token-manager:app INSTALL_FRONTEND=true
  - TASK=test:vault
  - TASK=test:voting
+ - TASK=coverage:agent
  - TASK=coverage:finance
  - TASK=coverage:survey
  - TASK=coverage:token-manager
@@ -38,7 +42,10 @@ env:
  - TASK=test:shared
 matrix:
  allow_failures:
+ - env: TASK=coverage:agent
  - env: TASK=coverage:finance
+install:
+ - travis_wait 60 npm install
 before_script:
  - npm prune
 script:

apps/agent/.solcover.js

@@ -0,0 +1,7 @@
+module.exports = {
+ norpc: true,
+ copyPackages: ['@aragon/os', '@aragon/apps-vault'],
+ skipFiles: [
+ 'test'
+ ]
+}

apps/agent/.soliumignore

@@ -0,0 +1 @@
+contracts/test

apps/agent/.soliumrc.json

@@ -0,0 +1,23 @@
+{
+ "extends": "solium:all",
+ "rules": {
+ "imports-on-top": ["error"],
+ "variable-declarations": ["error"],
+ "array-declarations": ["error"],
+ "operator-whitespace": ["error"],
+ "lbrace": ["error"],
+ "mixedcase": 0,
+ "camelcase": ["error"],
+ "uppercase": 0,
+ "no-empty-blocks": ["error"],
+ "no-unused-vars": ["error"],
+ "quotes": ["error"],
+ "indentation": 0,
+ "whitespace": ["error"],
+ "deprecated-suicide": ["error"],
+ "arg-overflow": ["error", 8],
+ "pragma-on-top": ["error"],
+ "security/enforce-explicit-visibility": ["error"],
+ "error-reason": 0
+ }
+}

apps/agent/arapp.json

@@ -0,0 +1,63 @@
+{
+ "status": "experimental",
+ "environments": {
+ "default": {
+ "registry": "0x5f6f7e8cc7346a11ca2def8f827b7a0b612c56a1",
+ "appName": "agent.aragonpm.eth",
+ "network": "rpc"
+ },
+ "rinkeby": {
+ "registry": "0x98Df287B6C145399Aaa709692c8D308357bC085D",
+ "appName": "agent.aragonpm.eth",
+ "network": "rinkeby"
+ },
+ "staging": {
+ "registry": "0xfe03625ea880a8cba336f9b5ad6e15b0a3b5a939",
+ "appName": "agent.aragonpm.eth",
+ "network": "rinkeby"
+ },
+ "mainnet": {
+ "registry": "0x314159265dd8dbb310642f98f50c066173c1259b",
+ "appName": "agent.aragonpm.eth",
+ "network": "mainnet"
+ },
+ "rinkeby-old": {
+ "registry": "0xfbae32d1cde62858bc45f51efc8cc4fa1415447e",
+ "appName": "agent.aragonpm.eth",
+ "network": "rinkeby"
+ }
+ },
+ "roles": [
+ {
+ "name": "Execute actions",
+ "id": "EXECUTE_ROLE",
+ "params": [
+ "Target address",
+ "ETH value",
+ "Signature"
+ ]
+ },
+ {
+ "name": "Designate signer",
+ "id": "DESIGNATE_SIGNER_ROLE",
+ "params": [
+ "Designated signer address"
+ ]
+ },
+ {
+ "name": "Presign hash",
+ "id": "ADD_PRESIGNED_HASH_ROLE",
+ "params": [
+ "Hash"
+ ]
+ },
+ {
+ "name": "Run EVM Script",
+ "id": "RUN_SCRIPT_ROLE",
+ "params": [
+ "EVM Script"
+ ]
+ }
+ ],
+ "path": "contracts/Agent.sol"
+}

apps/agent/contracts/.npmignore

@@ -0,0 +1 @@
+/test

apps/agent/contracts/Agent.sol

@@ -0,0 +1,147 @@
+/*
+ * SPDX-License-Identitifer: GPL-3.0-or-later
+ */
+
+pragma solidity 0.4.24;
+
+import "./SignatureValidator.sol";
+import "./standards/IERC165.sol";
+import "./standards/ERC1271.sol";
+
+import "@aragon/apps-vault/contracts/Vault.sol";
+
+import "@aragon/os/contracts/common/IForwarder.sol";
+
+
+contract Agent is IERC165, ERC1271Bytes, IForwarder, IsContract, Vault {
+ bytes32 public constant EXECUTE_ROLE = keccak256("EXECUTE_ROLE");
+ bytes32 public constant RUN_SCRIPT_ROLE = keccak256("RUN_SCRIPT_ROLE");
+ bytes32 public constant ADD_PRESIGNED_HASH_ROLE = keccak256("ADD_PRESIGNED_HASH_ROLE");
+ bytes32 public constant DESIGNATE_SIGNER_ROLE = keccak256("DESIGNATE_SIGNER_ROLE");
+
+ bytes4 private constant ERC165_INTERFACE_ID = 0x01ffc9a7;
+
+ string private constant ERROR_EXECUTE_ETH_NO_DATA = "AGENT_EXEC_ETH_NO_DATA";
+ string private constant ERROR_EXECUTE_TARGET_NOT_CONTRACT = "AGENT_EXEC_TARGET_NO_CONTRACT";
+ string private constant ERROR_DESIGNATED_TO_SELF = "AGENT_DESIGNATED_TO_SELF";
+
+ mapping (bytes32 => bool) public isPresigned;
+ address public designatedSigner;
+
+ event Execute(address indexed sender, address indexed target, uint256 ethValue, bytes data);
+ event PresignHash(address indexed sender, bytes32 indexed hash);
+ event SetDesignatedSigner(address indexed sender, address indexed oldSigner, address indexed newSigner);
+
+ /**
+ * @notice Execute '`@radspec(_target, _data)`' on `_target``_ethValue == 0 ? '' : ' (Sending' + @tokenAmount(_ethValue, 0x00) + ')'`
+ * @param _target Address where the action is being executed
+ * @param _ethValue Amount of ETH from the contract that is sent with the action
+ * @param _data Calldata for the action
+ * @return Exits call frame forwarding the return data of the executed call (either error or success data)
+ */
+ function execute(address _target, uint256 _ethValue, bytes _data)
+ external // This function MUST always be external as the function performs a low level return, exiting the Agent app execution context
+ authP(EXECUTE_ROLE, arr(_target, _ethValue, uint256(getSig(_data)))) // TODO: Test that sig bytes are the least significant bytes
+ {
+ bool result = _target.call.value(_ethValue)(_data);
+
+ if (result) {
+ emit Execute(msg.sender, _target, _ethValue, _data);
+ }
+
+ assembly {
+ let size := returndatasize
+ let ptr := mload(0x40)
+ returndatacopy(ptr, 0, size)
+
+ // revert instead of invalid() bc if the underlying call failed with invalid() it already wasted gas.
+ // if the call returned error data, forward it
+ switch result case 0 { revert(ptr, size) }
+ default { return(ptr, size) }
+ }
+ }
+
+ /**
+ * @notice Set `_designatedSigner` as the designated signer of the app, which will be able to sign messages on behalf of the app
+ * @param _designatedSigner Address that will be able to sign messages on behalf of the app
+ */
+ function setDesignatedSigner(address _designatedSigner)
+ external
+ authP(DESIGNATE_SIGNER_ROLE, arr(_designatedSigner))
+ {
+ // Prevent an infinite loop by setting the app itself as its designated signer.
+ // An undetectable loop can be created by setting a different contract as the
+ // designated signer which calls back into `isValidSignature`.
+ // Given that `isValidSignature` is always called with just 50k gas, the max
+ // damage of the loop is wasting 50k gas.
+ require(_designatedSigner != address(this), ERROR_DESIGNATED_TO_SELF);
+
+ address oldDesignatedSigner = designatedSigner;
+ designatedSigner = _designatedSigner;
+
+ emit SetDesignatedSigner(msg.sender, oldDesignatedSigner, _designatedSigner);
+ }
+
+ /**
+ * @notice Pre-sign hash `_hash`
+ * @param _hash Hash that will be considered signed regardless of the signature checked with 'isValidSignature()'
+ */
+ function presignHash(bytes32 _hash)
+ external
+ authP(ADD_PRESIGNED_HASH_ROLE, arr(_hash))
+ {
+ isPresigned[_hash] = true;
+
+ emit PresignHash(msg.sender, _hash);
+ }
+
+ function isForwarder() external pure returns (bool) {
+ return true;
+ }
+
+ function supportsInterface(bytes4 interfaceId) external pure returns (bool) {
+ return
+ interfaceId == ERC1271_INTERFACE_ID ||
+ interfaceId == ERC165_INTERFACE_ID;
+ }
+
+ /**
+ * @notice Execute the script as the Agent app
+ * @dev IForwarder interface conformance. Forwards any token holder action.
+ * @param _evmScript Script being executed
+ */
+ function forward(bytes _evmScript)
+ public
+ authP(RUN_SCRIPT_ROLE, arr(getScriptACLParam(_evmScript)))
+ {
+ bytes memory input = ""; // no input
+ address[] memory blacklist = new address[](0); // no addr blacklist, can interact with anything
+ runScript(_evmScript, input, blacklist);
+ // We don't need to emit an event here as EVMScriptRunner will emit ScriptResult if successful
+ }
+
+ function isValidSignature(bytes32 hash, bytes signature) public view returns (bytes4) {
+ // Short-circuit in case the hash was presigned. Optimization as performing calls
+ // and ecrecover is more expensive than an SLOAD.
+ if (isPresigned[hash]) {
+ return returnIsValidSignatureMagicNumber(true);
+ }
+
+ bool isValid = SignatureValidator.isValidSignature(hash, designatedSigner, signature);
+ return returnIsValidSignatureMagicNumber(isValid);
+ }
+
+ function canForward(address sender, bytes evmScript) public view returns (bool) {
+ uint256[] memory params = new uint256[](1);
+ params[0] = getScriptACLParam(evmScript);
+ return canPerform(sender, RUN_SCRIPT_ROLE, params);
+ }
+
+ function getScriptACLParam(bytes evmScript) internal pure returns (uint256) {
+ return uint256(keccak256(abi.encodePacked(evmScript)));
+ }
+
+ function getSig(bytes data) internal pure returns (bytes4 sig) {
+ assembly { sig := add(data, 0x20) }
+ }
+}