Include sections for Safeharbor/BugBounties updates #47
Conversation
0xBasset
dismissed stale reviews from oddaf and 0x3phemeralsoul
via
b336b8f
| * [ ] Update safeharbor script | ||
| ```bash | ||
| cd scripts/safeharbor | ||
| npm install | ||
| ``` | ||
| * [ ] Run `npm run generate` command in the `spells-mainnet` repo to check for bug bounty updates | ||
| * [ ] IF the command outputs hex encoded call: |
There was a problem hiding this comment.
Shouldn't make all that available from the main Makefile?
Check the cast-on-tenderly entry there for reference.
| * [ ] Run `npm run generate` command in the `spells-mainnet` repo to check for bug bounty updates | ||
| * [ ] IF the command outputs hex encoded call: | ||
| * [ ] Add ALL output call to the spell using low-level Solidity call. | ||
| * [ ] The call MUST use the pattern: `(bool succ, bytes memory err) = AGREEMENT.call(<encodedDATA>);` |
There was a problem hiding this comment.
Aren't we using multicall now?
This way we can just pass the data and make a higher level call, which won't require us to check the success status.
There was a problem hiding this comment.
The issue is that the multicall accepts:
struct Call {
address target;
bytes callData;
}
function aggregate(Call[] memory calls);
Therefore, if there are multiple calls, we would need to use the annoying syntax of:
Call memory calls = new Call[](x);
calls[0] = { ... };
...
calls[x] = { ...};
multicall.aggregate(calls);
Which I personally think it's much worse in terms of clutter and amount of outputs.
There was a problem hiding this comment.
I see, makes sense.
However there's another point, the script already provides the raw data for a low-level call to MULTICALL, so the checklist should reference this contract, not the agreement:
| * [ ] The call MUST use the pattern: `(bool succ, bytes memory err) = AGREEMENT.call(<encodedDATA>);` | |
| * [ ] The call MUST use the pattern: `(bool succ, bytes memory err) = MULTICALL.call(<encodedDATA>);` |
| * [ ] All actions are executed in the transaction trace | ||
| * [ ] No reverts are present that block execution | ||
| * [ ] No out-of-gas errors are present | ||
| * [ ] Confirm `make update-bug-bounty` returns empty |
There was a problem hiding this comment.
| * [ ] Confirm `make update-bug-bounty` returns empty | |
| * [ ] Confirm `make safeharbor-generate` returns empty |
| * [ ] End-to-end "happy path" interaction with the module | ||
| * IF bug bounty updates are present | ||
| * [ ] Test that all bug bounty registry calls execute successfully | ||
| * [ ] Verify `make update-bug-bounty` returns empty diff in test environment after spell execution |
There was a problem hiding this comment.
| * [ ] Verify `make update-bug-bounty` returns empty diff in test environment after spell execution | |
| * [ ] Verify `make safeharbor-generate` returns empty diff in test environment after spell execution |
| * [ ] End-to-end "happy path" interaction with the module | ||
| * IF bug bounty updates are present | ||
| * [ ] Test that all bug bounty registry calls execute successfully | ||
| * [ ] Verify `make update-bug-bounty` returns empty diff in test environment after spell execution |
There was a problem hiding this comment.
This specific step should probably be in the checklist right after "cast on tenderly".
| * [ ] Target Contract is included in the ChainLog | ||
| * [ ] Test Coverage is comprehensive | ||
| * IF bug bounty registry updates are present | ||
| * [ ] Run `make safeharbor-verify calldata=0xhexEncodedData` command in the `spells-mainnet` repo, passing the calldata in the spell to check for it's validity. |
There was a problem hiding this comment.
You don't need to explicitly mention the spells-mainnet repo, as it's implied. All other actions in the checklist happen there.
| * [ ] Run `make safeharbor-verify calldata=0xhexEncodedData` command in the `spells-mainnet` repo, passing the calldata in the spell to check for it's validity. | |
| * [ ] Run `make safeharbor-verify calldata=<encodedDATA>` command, passing the calldata in the spell to check for it's validity. |
| * [ ] Test Coverage is comprehensive | ||
| * IF bug bounty registry updates are present | ||
| * [ ] Run `make safeharbor-verify calldata=0xhexEncodedData` command in the `spells-mainnet` repo, passing the calldata in the spell to check for it's validity. | ||
| * [ ] Verify the call uses the correct pattern: `(bool succ, bytes memory err) = AGREEMENT.call(<encodedDATA>);` |
There was a problem hiding this comment.
| * [ ] Verify the call uses the correct pattern: `(bool succ, bytes memory err) = AGREEMENT.call(<encodedDATA>);` | |
| * [ ] Verify the call uses the correct pattern: `(bool succ, bytes memory err) = MULTICALL.call(<encodedDATA>);` |
| * IF bug bounty registry updates are present | ||
| * [ ] Run `make safeharbor-verify calldata=<encodedDATA>` command passing the calldata in the spell to check for it's validity. | ||
| * [ ] Verify the call uses the correct pattern: `(bool succ, bytes memory err) = MULTICALL.call(<encodedDATA>);` | ||
| * [ ] Confirm proper error handling is implemented for each call |
There was a problem hiding this comment.
There will be only one call. Using "for each" here might be confusing.
| * [ ] Confirm proper error handling is implemented for each call | |
| * [ ] Confirm proper error handling is implemented for the call |
| * [ ] Run `make safeharbor-verify calldata=<encodedDATA>` command passing the calldata in the spell to check for it's validity. | ||
| * [ ] Verify the call uses the correct pattern: `(bool succ, bytes memory err) = MULTICALL.call(<encodedDATA>);` | ||
| * [ ] Confirm proper error handling is implemented for each call | ||
| * [ ] Verify the bug bounty section has appropriate comments/documentation |
There was a problem hiding this comment.
"Appropriate" here is too subjective.
It's probably worth expanding which are the exact comments/documentation expectations.
Probably we should take the more detailed crafter check items and adapt them here.
0xBasset
force-pushed
the
safeHarbor
branch
from
fa99756 to
10ee338
Compare
| * [ ] If not already present, add the helper function to perform the call: | ||
| ```solidity | ||
| function _updateSafeHarbor(bytes[] memory calldatas) public { | ||
| for (uint256 i = 0; i < calldatas.length; i++) { | ||
| (bool success, ) = address(AGREEMENT_ADDRESS).call(calldatas[i]); | ||
| require(success, "SaferHarbor call failed"); | ||
| } | ||
| } | ||
| ``` |
There was a problem hiding this comment.
Hmm, not sure we want to have the function in the checklist. Maybe we just reference the archive:
| * [ ] If not already present, add the helper function to perform the call: | |
| ```solidity | |
| function _updateSafeHarbor(bytes[] memory calldatas) public { | |
| for (uint256 i = 0; i < calldatas.length; i++) { | |
| (bool success, ) = address(AGREEMENT_ADDRESS).call(calldatas[i]); | |
| require(success, "SaferHarbor call failed"); | |
| } | |
| } | |
| ``` | |
| * [ ] If not already present, add the helper function to perform the call, using the established archive pattern. |
| * [ ] Sanity checks of all values added/updated by the spell function | ||
| * [ ] End-to-end "happy path" interaction with the module | ||
| * IF bug bounty updates are present | ||
| * [ ] Test that all bug bounty registry calls execute successfully |
There was a problem hiding this comment.
Q: Could you please elaborate on what kind of tests should be written by the crafter? Is vm.expectCall sufficient or would the crafter have to test every new addition or deletion?
There was a problem hiding this comment.
Yes, I think making sure that there are no reverts.
There was a problem hiding this comment.
nit: I would still recommend adding an example of how to test it. You can omit it, however, if we are going to add a permanent test for it
There was a problem hiding this comment.
Hmm, I don't think we should include testing examples on this checklist. I think a permanent set of helper functions on the spells-mainnet repo would be enough to make sure a crafter can easily test.
For example a assertAccountIsPresent(address), or general tests that check the number of items on each chain, like there are with chainlog stuff. Either way, I don't think this is the place to add those.
| * [ ] Ensure every spell variable is declared as public/internal | ||
| * Bug Bounty Registry Updates | ||
| * [ ] Run `make safeharbor-generate` command in the `spells-mainnet` repo to check for bug bounty updates | ||
| * [ ] IF the command outputs a solidity snippet: |
There was a problem hiding this comment.
This places the Safeharbor update responsibility on the crafter. IMHO this has to come from GovFac, meaning that crafter should:
- check that output of
make safeharbor-generatematches the instructions provided by GovFac (who should've used the script in Week 1);- if no instructions were provided and script produces "no changes" - all is good;
- if there is a mismatch, crafter should notify GovFac;
- when there are instructions to execute, crafter should paste the code and follow the rest of the process as you already outlined
| * [ ] Run `make safeharbor-generate` command in the `spells-mainnet` repo to check for bug bounty updates | ||
| * [ ] IF the command outputs a solidity snippet: | ||
| * [ ] Paste the generated code into the spell as is. The code should not be modified. You may adjust formatting. | ||
| * [ ] Import the `AGREEMENT_ADDRESS` from the `ChainLog` |
There was a problem hiding this comment.
nit:
- The address is fetched and not imported;
- Let's not specify the exact chainlog key in the checklist, otherwise this item will get outdated after the adoption when a different key is used.
| * [ ] Import the `AGREEMENT_ADDRESS` from the `ChainLog` | |
| * [ ] Fetch the agreement address from the `ChainLog` |
| * [ ] Target Contract is included in the ChainLog | ||
| * [ ] Test Coverage is comprehensive | ||
| * IF bug bounty registry updates are present | ||
| * [ ] Run `make safeharbor-generate` command passing the calldata in the spell to check for it's validity. |
There was a problem hiding this comment.
Reviewers should also make sure that no warnings are produced by the script - neither before nor after deployment
| * [ ] All actions are executed in the transaction trace | ||
| * [ ] No reverts are present that block execution | ||
| * [ ] No out-of-gas errors are present | ||
| * [ ] `make safeharbor-generate` against the testnet returns "no updates" |
There was a problem hiding this comment.
Please also add a check for the warnings, according to this comment #47 (comment)
| * [ ] Create testnet and cast deployed spell there using `make cast-on-tenderly spell=0x...` command | ||
| * [ ] Check that returned `public explorer url` is publicly accessible (e.g. using incognito browser mode) | ||
| * [ ] IF `cast-on-tenderly` command is executed several times for the same spell, delete all testnets of the same name except the last one | ||
| * [ ] `make safeharbor-generate` returns empty diff in the testnet environment after spell was cast |
There was a problem hiding this comment.
nit: "empty diff" can be replaced with "no updates"
| * [ ] Sanity checks of all values added/updated by the spell function | ||
| * [ ] End-to-end "happy path" interaction with the module | ||
| * IF bug bounty updates are present | ||
| * [ ] Test that all bug bounty registry calls execute successfully |
There was a problem hiding this comment.
nit: I would still recommend adding an example of how to test it. You can omit it, however, if we are going to add a permanent test for it
| * [ ] If there is a mismatch, crafter should notify Governance Facilitators | ||
| * [ ] If the scripts outputs a warning indicated by ⚠️ ❗, notify Governance Facilitators. |
There was a problem hiding this comment.
There's one point about the process which I don't think has been resolved yet - timing. Currently both crafter and reviewer Safe Harbor sections are quite far into the checklists, after the tests, which leaves very little time for reacting to missing instructions (sections would probably be executed after Exec Doc was already merged).
I would therefore strongly recommend coming up with an earlier crafter and/or reviewer check to ensure that SafeHarbor instructions are as expected. As suggested in #47 (comment), this should preferably happen at one of the earliest stages as it's a simple script run + check instructions + notify govfac if needed.
Of course, GovFac would also need to amend their internal checklists, but this is out of scope of this review.
There was a problem hiding this comment.
I've added a new item on the beginning of both the crafter and reviewer checklist. Please let me know your thoughts.
| * [ ] If the scripts outputs a warning indicated by ⚠️ ❗, notify Governance Facilitators. | ||
| * [ ] If the command outputs a solidity snippet that matches the instructions provided by Governance Facilitators: | ||
| * [ ] Paste the generated code into the spell as is. The code should not be modified. You may adjust formatting | ||
| * [ ] Import the `AGREEMENT_ADDRESS` from the `ChainLog` |
There was a problem hiding this comment.
This hasn't been addressed yet: #47 (comment)
| * [ ] Adjust system values, collateral values inside `config.sol` | ||
| * [ ] Ensure every spell variable is declared as public/internal | ||
| * Bug Bounty Registry Updates | ||
| * [ ] Check that output of make safeharbor-generate matches the instructions provided by Governance Facilitators |
There was a problem hiding this comment.
nit:
| * [ ] Check that output of make safeharbor-generate matches the instructions provided by Governance Facilitators | |
| * [ ] Check that output of `make safeharbor-generate` matches the instructions provided by Governance Facilitators |
No description provided.