Added Check to CeloDistributionSchedule activate function
#11109
Conversation
soloseng
changed the title
activate function
…contract is actually the celoDistributionSchedule contract address
…ng in CeloToken contract manually
…istribution-schedule
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 10538986 | Triggered | Generic High Entropy Secret | e379b5c | packages/protocol/scripts/foundry/constants.sh | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
There was a problem hiding this comment.
Left a couple nit comments, but looks good to me. I like how you wrote the two new unit tests. It's clever to expect the contract to revert.
Nit: registryAddress and proxyAdminAddress (as examples) are constants that could live in test-sol/constants.sol. Probably not worth refactoring in this PR, but something that might be worth doing separately.
packages/protocol/test-sol/unit/common/CeloDistributionSchedule.t.sol
Outdated
Show resolved
Hide resolved
packages/protocol/test-sol/unit/governance/voting/ReleaseGold.t.sol
Outdated
Show resolved
Hide resolved
arthurgousset
dismissed
their stale review
I mistakenly approved the PR when I meant to leave a comment
Updated the PR description to make it more clear what the changes are and why they were needed. |
…istribution-schedule
…istribution-schedule
There was a problem hiding this comment.
Pending this conversation the changes look good to me. But, I'm always a little nervous approving changes to core contracts. So take my approval with a pinch of salt. I'd prefer if @martinvol or @pahor167 gave this an approval too.
Description
Added a check that prevents activating theCeloDistributionSchedulecontract if the distributionSchedule contract address if not set in CELO token contract.Previously, it was expected that the
CeloDistributionScheduleaddress would be manually set in theGoldTokencontract by callingsetCeloTokenDistributionSchedule(). This was expected to be done before callingactivate()in theCeloDistributionSchedule. However, theCeloDistributionSchedulecontract did not verify that theCeloDistributionScheduleaddress was set in theGoldTokencontract, allowing for theCeloDistributionScheduleto be incorrectly activated.These new changes get the
CeloDistributionScheduleaddress from the registry, instead of setting it in theGoldTokencontract. Hence, no longer requiring that theCeloDistributionScheduleaddress be manually set in theGoldTokencontract before activating theCeloDistributionSchedulecontract.Tested
unit tested