From 365896ca4b95c014a480b2c7e10a13c5a80e35a6 Mon Sep 17 00:00:00 2001 From: Daniel Wang Date: Fri, 8 Mar 2024 21:51:54 +0800 Subject: [PATCH 1/5] upgrade to OZ 4.9.3 --- .../contracts/L1/gov/TaikoGovernor.sol | 22 +++++++++++++ packages/protocol/package.json | 4 +-- pnpm-lock.yaml | 32 ++++++++++++++----- 3 files changed, 48 insertions(+), 10 deletions(-) diff --git a/packages/protocol/contracts/L1/gov/TaikoGovernor.sol b/packages/protocol/contracts/L1/gov/TaikoGovernor.sol index 6a44820ee5c..b37cba4f833 100644 --- a/packages/protocol/contracts/L1/gov/TaikoGovernor.sol +++ b/packages/protocol/contracts/L1/gov/TaikoGovernor.sol @@ -124,6 +124,28 @@ contract TaikoGovernor is return 1_000_000_000 ether / 10_000; // 0.01% of Taiko Token } + /** + * @dev Cancel a proposal with GovernorBravo logic. At any moment a proposal can be cancelled, + * either by the + * proposer, or by third parties if the proposer's voting power has dropped below the proposal + * threshold. + */ + function cancel( + address[] memory targets, + uint256[] memory values, + bytes[] memory calldatas, + bytes32 descriptionHash + ) + public + virtual + override(IGovernorUpgradeable, GovernorUpgradeable, GovernorCompatibilityBravoUpgradeable) + returns (uint256) + { + return GovernorCompatibilityBravoUpgradeable.cancel( + targets, values, calldatas, descriptionHash + ); + } + function _execute( uint256 _proposalId, address[] memory _targets, diff --git a/packages/protocol/package.json b/packages/protocol/package.json index d96f493788b..ac5834bf4f4 100644 --- a/packages/protocol/package.json +++ b/packages/protocol/package.json @@ -35,8 +35,8 @@ "typescript": "^5.2.2" }, "dependencies": { - "@openzeppelin/contracts": "4.8.2", - "@openzeppelin/contracts-upgradeable": "4.8.2", + "@openzeppelin/contracts": "4.9.3", + "@openzeppelin/contracts-upgradeable": "4.9.3", "ds-test": "github:dapphub/ds-test#e282159d5170298eb2455a6c05280ab5a73a4ef0", "forge-std": "github:foundry-rs/forge-std#v1.7.5", "merkletreejs": "^0.3.11", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index ae9f9e1f6c9..8e62a5aaa1d 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -265,11 +265,11 @@ importers: packages/protocol: dependencies: '@openzeppelin/contracts': - specifier: 4.8.2 - version: 4.8.2 + specifier: 4.9.3 + version: 4.9.3 '@openzeppelin/contracts-upgradeable': - specifier: 4.8.2 - version: 4.8.2 + specifier: 4.9.3 + version: 4.9.3 ds-test: specifier: github:dapphub/ds-test#e282159d5170298eb2455a6c05280ab5a73a4ef0 version: github.com/dapphub/ds-test/e282159d5170298eb2455a6c05280ab5a73a4ef0 @@ -3301,12 +3301,12 @@ packages: fastq: 1.17.1 dev: true - /@openzeppelin/contracts-upgradeable@4.8.2: - resolution: {integrity: sha512-zIggnBwemUmmt9IS73qxi+tumALxCY4QEs3zLCII78k0Gfse2hAOdAkuAeLUzvWUpneMUfFE5sGHzEUSTvn4Ag==} + /@openzeppelin/contracts-upgradeable@4.9.3: + resolution: {integrity: sha512-jjaHAVRMrE4UuZNfDwjlLGDxTHWIOwTJS2ldnc278a0gevfXfPr8hxKEVBGFBE96kl2G3VHDZhUimw/+G3TG2A==} dev: false - /@openzeppelin/contracts@4.8.2: - resolution: {integrity: sha512-kEUOgPQszC0fSYWpbh2kT94ltOJwj1qfT2DWo+zVttmGmf97JZ99LspePNaeeaLhCImaHVeBbjaQFZQn7+Zc5g==} + /@openzeppelin/contracts@4.9.3: + resolution: {integrity: sha512-He3LieZ1pP2TNt5JbkPA4PNT9WC3gOTOlDcFGJW4Le4QKqwmiNJCRt44APfxMxvq7OugU/cqYuPcSBzOw38DAg==} dev: false /@parcel/watcher-android-arm64@2.4.0: @@ -6100,6 +6100,13 @@ packages: /@web3modal/siwe@4.0.9(typescript@5.3.3): resolution: {integrity: sha512-OB4z/lTHCAm3bjiuyPz4uBib46YU6kzp4eeSnAWZzAHj9mQnB4DZOoCdFQvFn+N1n3CzTZaMxz3CYjYn2A+Qhw==} requiresBuild: true + peerDependenciesMeta: + react: + optional: true + react-dom: + optional: true + vue: + optional: true dependencies: '@web3modal/core': 4.0.9(react@18.2.0) '@web3modal/scaffold-utils': 4.0.9(react@18.2.0) @@ -6126,6 +6133,15 @@ packages: '@wagmi/connectors': '>=4.0.0' '@wagmi/core': '>=2.0.0' viem: '>=2.0.0' + peerDependenciesMeta: + '@web3modal/siwe': + optional: true + react: + optional: true + react-dom: + optional: true + vue: + optional: true dependencies: '@wagmi/connectors': 4.1.14(@wagmi/core@2.6.5)(react-dom@18.2.0)(react-native@0.73.4)(react@18.2.0)(typescript@5.3.3)(viem@2.7.11) '@wagmi/core': 2.6.5(react@18.2.0)(typescript@5.3.3)(viem@2.7.11) From 062a8b48007ca1b9d5d1210641b5b6899a1b752e Mon Sep 17 00:00:00 2001 From: Daniel Wang Date: Fri, 8 Mar 2024 21:59:00 +0800 Subject: [PATCH 2/5] more --- .../protocol/contracts/L1/gov/TaikoGovernor.sol | 7 +------ packages/protocol/package.json | 4 ++-- pnpm-lock.yaml | 16 ++++++++-------- 3 files changed, 11 insertions(+), 16 deletions(-) diff --git a/packages/protocol/contracts/L1/gov/TaikoGovernor.sol b/packages/protocol/contracts/L1/gov/TaikoGovernor.sol index b37cba4f833..35c9c3eb4a5 100644 --- a/packages/protocol/contracts/L1/gov/TaikoGovernor.sol +++ b/packages/protocol/contracts/L1/gov/TaikoGovernor.sol @@ -124,12 +124,7 @@ contract TaikoGovernor is return 1_000_000_000 ether / 10_000; // 0.01% of Taiko Token } - /** - * @dev Cancel a proposal with GovernorBravo logic. At any moment a proposal can be cancelled, - * either by the - * proposer, or by third parties if the proposer's voting power has dropped below the proposal - * threshold. - */ + /// @dev Cancel a proposal with GovernorBravo logic. function cancel( address[] memory targets, uint256[] memory values, diff --git a/packages/protocol/package.json b/packages/protocol/package.json index ac5834bf4f4..280d85d1180 100644 --- a/packages/protocol/package.json +++ b/packages/protocol/package.json @@ -35,8 +35,8 @@ "typescript": "^5.2.2" }, "dependencies": { - "@openzeppelin/contracts": "4.9.3", - "@openzeppelin/contracts-upgradeable": "4.9.3", + "@openzeppelin/contracts": "4.9.6", + "@openzeppelin/contracts-upgradeable": "4.9.6", "ds-test": "github:dapphub/ds-test#e282159d5170298eb2455a6c05280ab5a73a4ef0", "forge-std": "github:foundry-rs/forge-std#v1.7.5", "merkletreejs": "^0.3.11", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 8e62a5aaa1d..6d5dee78c68 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -265,11 +265,11 @@ importers: packages/protocol: dependencies: '@openzeppelin/contracts': - specifier: 4.9.3 - version: 4.9.3 + specifier: 4.9.6 + version: 4.9.6 '@openzeppelin/contracts-upgradeable': - specifier: 4.9.3 - version: 4.9.3 + specifier: 4.9.6 + version: 4.9.6 ds-test: specifier: github:dapphub/ds-test#e282159d5170298eb2455a6c05280ab5a73a4ef0 version: github.com/dapphub/ds-test/e282159d5170298eb2455a6c05280ab5a73a4ef0 @@ -3301,12 +3301,12 @@ packages: fastq: 1.17.1 dev: true - /@openzeppelin/contracts-upgradeable@4.9.3: - resolution: {integrity: sha512-jjaHAVRMrE4UuZNfDwjlLGDxTHWIOwTJS2ldnc278a0gevfXfPr8hxKEVBGFBE96kl2G3VHDZhUimw/+G3TG2A==} + /@openzeppelin/contracts-upgradeable@4.9.6: + resolution: {integrity: sha512-m4iHazOsOCv1DgM7eD7GupTJ+NFVujRZt1wzddDPSVGpWdKq1SKkla5htKG7+IS4d2XOCtzkUNwRZ7Vq5aEUMA==} dev: false - /@openzeppelin/contracts@4.9.3: - resolution: {integrity: sha512-He3LieZ1pP2TNt5JbkPA4PNT9WC3gOTOlDcFGJW4Le4QKqwmiNJCRt44APfxMxvq7OugU/cqYuPcSBzOw38DAg==} + /@openzeppelin/contracts@4.9.6: + resolution: {integrity: sha512-xSmezSupL+y9VkHZJGDoCBpmnB2ogM13ccaYDWqJTfS3dbuHkgjuwDFUmaFauBCboQMGB/S5UqUl2y54X99BmA==} dev: false /@parcel/watcher-android-arm64@2.4.0: From 6d4c1d31ae4e44aef4a25720c7eb3281f67426a5 Mon Sep 17 00:00:00 2001 From: Daniel Wang Date: Fri, 8 Mar 2024 22:11:31 +0800 Subject: [PATCH 3/5] Update TaikoGovernor.t.sol --- packages/protocol/test/L1/gov/TaikoGovernor.t.sol | 5 ----- 1 file changed, 5 deletions(-) diff --git a/packages/protocol/test/L1/gov/TaikoGovernor.t.sol b/packages/protocol/test/L1/gov/TaikoGovernor.t.sol index 76fb7b6c869..e9a42b57de1 100644 --- a/packages/protocol/test/L1/gov/TaikoGovernor.t.sol +++ b/packages/protocol/test/L1/gov/TaikoGovernor.t.sol @@ -99,11 +99,6 @@ contract TestTaikoGovernor is TaikoL1TestBase { true, "Incorrect supports interface" ); - assertEq( - taikoGovernor.supportsInterface(type(IGovernorUpgradeable).interfaceId), - true, - "Incorrect supports interface" - ); assertEq( taikoGovernor.supportsInterface(type(IERC1155ReceiverUpgradeable).interfaceId), true, From f37acb0218ff7f20629b8f366898a11d9d331cfa Mon Sep 17 00:00:00 2001 From: D <51912515+adaki2004@users.noreply.github.com> Date: Fri, 8 Mar 2024 17:17:45 +0100 Subject: [PATCH 4/5] feat(protocol): make TaikoGovernor codesize smaller (#16363) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Keszey Dániel --- .../contracts/L1/gov/TaikoGovernor.sol | 38 ++----------------- 1 file changed, 4 insertions(+), 34 deletions(-) diff --git a/packages/protocol/contracts/L1/gov/TaikoGovernor.sol b/packages/protocol/contracts/L1/gov/TaikoGovernor.sol index 35c9c3eb4a5..729f3f2e25e 100644 --- a/packages/protocol/contracts/L1/gov/TaikoGovernor.sol +++ b/packages/protocol/contracts/L1/gov/TaikoGovernor.sol @@ -1,22 +1,20 @@ // SPDX-License-Identifier: MIT pragma solidity 0.8.24; -import "@openzeppelin/contracts-upgradeable/governance/GovernorUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/governance/compatibility/GovernorCompatibilityBravoUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/governance/extensions/GovernorVotesUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/governance/extensions/GovernorVotesQuorumFractionUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/governance/extensions/GovernorTimelockControlUpgradeable.sol"; -import "../../common/EssentialContract.sol"; + +import "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol"; /// @title TaikoGovernor /// @custom:security-contact security@taiko.xyz contract TaikoGovernor is - EssentialContract, + Ownable2StepUpgradeable, GovernorCompatibilityBravoUpgradeable, - GovernorVotesUpgradeable, GovernorVotesQuorumFractionUpgradeable, GovernorTimelockControlUpgradeable { @@ -36,9 +34,8 @@ contract TaikoGovernor is external initializer { - __Essential_init(_owner); + _transferOwnership(_owner == address(0) ? msg.sender : _owner); __Governor_init("TaikoGovernor"); - __GovernorCompatibilityBravo_init(); __GovernorVotes_init(_token); __GovernorVotesQuorumFraction_init(4); __GovernorTimelockControl_init(_timelock); @@ -58,33 +55,6 @@ contract TaikoGovernor is return super.propose(_targets, _values, _calldatas, _description); } - /// @notice An overwrite of GovernorCompatibilityBravoUpgradeable's propose() as that one does - /// not check that the length of signatures equal the calldata. - /// @dev See vulnerability description here: - /// https://github.com/taikoxyz/taiko-mono/security/dependabot/114 - /// See fix in OZ 4.8.3 here (URL broken down for readability): - /// https://github.com/OpenZeppelin/openzeppelin-contracts/blob/ - /// 0a25c1940ca220686588c4af3ec526f725fe2582/contracts/governance/compatibility/GovernorCompatibilityBravo.sol#L72 - /// See {GovernorCompatibilityBravoUpgradeable-propose} - function propose( - address[] memory _targets, - uint256[] memory _values, - string[] memory _signatures, - bytes[] memory _calldatas, - string memory _description - ) - public - virtual - override(GovernorCompatibilityBravoUpgradeable) - returns (uint256) - { - if (_signatures.length != _calldatas.length) revert TG_INVALID_SIGNATURES_LENGTH(); - - return GovernorCompatibilityBravoUpgradeable.propose( - _targets, _values, _signatures, _calldatas, _description - ); - } - /// @dev See {GovernorUpgradeable-supportsInterface} function supportsInterface(bytes4 _interfaceId) public From 94f6594b4460f7a29292430b3755ef8e38d66c5d Mon Sep 17 00:00:00 2001 From: d1onys1us <13951458+d1onys1us@users.noreply.github.com> Date: Fri, 8 Mar 2024 22:22:39 -0500 Subject: [PATCH 5/5] Update packages/protocol/contracts/L1/gov/TaikoGovernor.sol --- packages/protocol/contracts/L1/gov/TaikoGovernor.sol | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/protocol/contracts/L1/gov/TaikoGovernor.sol b/packages/protocol/contracts/L1/gov/TaikoGovernor.sol index 729f3f2e25e..6fbfe9d6d55 100644 --- a/packages/protocol/contracts/L1/gov/TaikoGovernor.sol +++ b/packages/protocol/contracts/L1/gov/TaikoGovernor.sol @@ -7,7 +7,6 @@ import "@openzeppelin/contracts-upgradeable/governance/extensions/GovernorVotesQuorumFractionUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/governance/extensions/GovernorTimelockControlUpgradeable.sol"; - import "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol"; /// @title TaikoGovernor