Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(protocol): upgrade to use OZ 4.9.6 #16360

Merged
merged 6 commits into from
Mar 9, 2024
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 21 additions & 34 deletions packages/protocol/contracts/L1/gov/TaikoGovernor.sol
Original file line number Diff line number Diff line change
@@ -1,22 +1,20 @@
// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

import "@openzeppelin/contracts-upgradeable/governance/GovernorUpgradeable.sol";
import
"@openzeppelin/contracts-upgradeable/governance/compatibility/GovernorCompatibilityBravoUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/governance/extensions/GovernorVotesUpgradeable.sol";
import
"@openzeppelin/contracts-upgradeable/governance/extensions/GovernorVotesQuorumFractionUpgradeable.sol";
import
"@openzeppelin/contracts-upgradeable/governance/extensions/GovernorTimelockControlUpgradeable.sol";
import "../../common/EssentialContract.sol";

dionysuzx marked this conversation as resolved.
Show resolved Hide resolved
import "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";

/// @title TaikoGovernor
/// @custom:security-contact security@taiko.xyz
contract TaikoGovernor is
EssentialContract,
Ownable2StepUpgradeable,
GovernorCompatibilityBravoUpgradeable,
GovernorVotesUpgradeable,
GovernorVotesQuorumFractionUpgradeable,
GovernorTimelockControlUpgradeable
{
Expand All @@ -36,9 +34,8 @@ contract TaikoGovernor is
external
initializer
{
__Essential_init(_owner);
_transferOwnership(_owner == address(0) ? msg.sender : _owner);
__Governor_init("TaikoGovernor");
__GovernorCompatibilityBravo_init();
__GovernorVotes_init(_token);
__GovernorVotesQuorumFraction_init(4);
__GovernorTimelockControl_init(_timelock);
Expand All @@ -58,33 +55,6 @@ contract TaikoGovernor is
return super.propose(_targets, _values, _calldatas, _description);
}

/// @notice An overwrite of GovernorCompatibilityBravoUpgradeable's propose() as that one does
/// not check that the length of signatures equal the calldata.
/// @dev See vulnerability description here:
/// https://github.com/taikoxyz/taiko-mono/security/dependabot/114
/// See fix in OZ 4.8.3 here (URL broken down for readability):
/// https://github.com/OpenZeppelin/openzeppelin-contracts/blob/
/// 0a25c1940ca220686588c4af3ec526f725fe2582/contracts/governance/compatibility/GovernorCompatibilityBravo.sol#L72
/// See {GovernorCompatibilityBravoUpgradeable-propose}
function propose(
address[] memory _targets,
uint256[] memory _values,
string[] memory _signatures,
bytes[] memory _calldatas,
string memory _description
)
public
virtual
override(GovernorCompatibilityBravoUpgradeable)
returns (uint256)
{
if (_signatures.length != _calldatas.length) revert TG_INVALID_SIGNATURES_LENGTH();

return GovernorCompatibilityBravoUpgradeable.propose(
_targets, _values, _signatures, _calldatas, _description
);
}

/// @dev See {GovernorUpgradeable-supportsInterface}
function supportsInterface(bytes4 _interfaceId)
public
Expand Down Expand Up @@ -124,6 +94,23 @@ contract TaikoGovernor is
return 1_000_000_000 ether / 10_000; // 0.01% of Taiko Token
}

/// @dev Cancel a proposal with GovernorBravo logic.
dantaik marked this conversation as resolved.
Show resolved Hide resolved
function cancel(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
bytes32 descriptionHash
)
public
virtual
override(IGovernorUpgradeable, GovernorUpgradeable, GovernorCompatibilityBravoUpgradeable)
returns (uint256)
{
return GovernorCompatibilityBravoUpgradeable.cancel(
targets, values, calldatas, descriptionHash
);
}

function _execute(
uint256 _proposalId,
address[] memory _targets,
Expand Down
4 changes: 2 additions & 2 deletions packages/protocol/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,8 @@
"typescript": "^5.2.2"
},
"dependencies": {
"@openzeppelin/contracts": "4.8.2",
"@openzeppelin/contracts-upgradeable": "4.8.2",
"@openzeppelin/contracts": "4.9.6",
"@openzeppelin/contracts-upgradeable": "4.9.6",
"ds-test": "github:dapphub/ds-test#e282159d5170298eb2455a6c05280ab5a73a4ef0",
"forge-std": "github:foundry-rs/forge-std#v1.7.5",
"merkletreejs": "^0.3.11",
Expand Down
5 changes: 0 additions & 5 deletions packages/protocol/test/L1/gov/TaikoGovernor.t.sol
Original file line number Diff line number Diff line change
Expand Up @@ -99,11 +99,6 @@ contract TestTaikoGovernor is TaikoL1TestBase {
true,
"Incorrect supports interface"
);
assertEq(
taikoGovernor.supportsInterface(type(IGovernorUpgradeable).interfaceId),
dantaik marked this conversation as resolved.
Show resolved Hide resolved
true,
"Incorrect supports interface"
);
assertEq(
taikoGovernor.supportsInterface(type(IERC1155ReceiverUpgradeable).interfaceId),
true,
Expand Down
32 changes: 24 additions & 8 deletions pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading