Merge branch 'develop' into feature/OS-656-oz-dependency-bump

.github/workflows/subgraph-deploy.yaml

@@ -65,8 +65,9 @@ jobs:
     runs-on: ubuntu-latest
     needs: [prepare, changelog]
     if: >
+      (github.event_name	== 'workflow_dispatch') || (
       needs.changelog.result == 'success' &&
-      contains(toJson(github.event.pull_request.labels.*.name), 'subgraph:deploy')
+      contains(toJson(github.event.pull_request.labels.*.name), 'subgraph:deploy'))
     environment: ${{ needs.prepare.outputs.environment }}
     strategy:
       fail-fast: false

DEPLOYMENT_CHECKLIST.md

@@ -38,6 +38,7 @@ To deploy run `yarn deploy --network NETWORK` in `packages/contracts` and replac
 - [ ] Update `active_contracts.json` with the new deployed addresses
 - [ ] Update `packages/contracts/Releases.md` with the new deployed addresses
 - [ ] Add the managing DAOs' multisig address to `packages/contracts/.env.example` in the format `{NETWORK}_MANAGINGDAO_MULTISIG`
+- [ ] Add a Github Release with the version number as tag and the defined content (check previous releases for reference)
 
 ### Verification
 

UPDATE_CHECKLIST.md

@@ -40,6 +40,7 @@ To update run `yarn deploy --network NETWORK` in `packages/contracts` and replac
 - [ ] Take the addresses from this file `packages/contracts/deployed_contracts.json`
 - [ ] Update `active_contracts.json` with the new deployed addresses
 - [ ] Update `packages/contracts/Releases.md` with the new deployed addresses
+- [ ] Add a Github Release with the version number as tag and the defined content (check previous releases for reference)
 
 ### ManagingDAO
 

packages/contracts/CHANGELOG.md

@@ -15,7 +15,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - Bumped OpenZeppelin dependencies to `4.9.3`.
-- Renamed the `signatureValidator` variable in `DAO` to `__deprecated`.
+- Refactored the fallback in the `isGranted` function in `PermissionManager` to make conditions mutually exclusive: Specific conditions answering `false` do not fall back to generic caller conditions (`_who: ANY_ADDR`) or generic target conditions (`_where: ANY_ADDR`).
+- Renamed the `signatureValidator` variable in `DAO` to `__removed0`.
 - Use the DAOs permission manager functionality to validate signatures.
 
 ### Removed

packages/contracts/docs/osx/01-how-it-works/01-core/02-permissions/index.md

@@ -133,6 +133,11 @@ Granting a permission with `_where: ANY_ADDR` to a condition has the effect that
 Imagine, for example, that many instances of the `Service` contract exist, and a user should have the permission to use all of them. By granting the `USE_PERMISSION_ID` with `_where: ANY_ADDR`, to some user `_who: userAddr`, the user has access to all of them. If this should not be possible anymore, you can later revoke the permission.
 
 However, some restrictions apply. For security reasons, Aragon OSx does not allow you to use both, `_where: ANY_ADDR` and `_who: ANY_ADDR` in the same permission. Furthermore, the permission IDs of [permissions native to the `DAO` Contract](#permissions-native-to-the-dao-contract) cannot be used.
+Moreover, if a condition is set, we return its `isGranted` result and do not fall back to a more generic one. The condition checks occur in the following order
+
+1. Condition with specific `_who` and specific `where`.
+2. Condition with generic `_who: ANY_ADDR` and specific `_where`.
+3. Condition with specific `_where` and generic `_who: ANY_ADDR`.
 
 ### Permissions Native to the `DAO` Contract
 

packages/contracts/src/core/dao/DAO.sol

@@ -25,6 +25,7 @@ import {IDAO} from "./IDAO.sol";
 /// @author Aragon Association - 2021-2023
 /// @notice This contract is the entry point to the Aragon DAO framework and provides our users a simple and easy to use public interface.
 /// @dev Public API of the Aragon DAO framework.
+/// @custom:security-contact [email protected]
 contract DAO is
     IEIP4824,
     Initializable,
@@ -70,7 +71,7 @@ contract DAO is
     uint256 private constant _ENTERED = 2;
 
     /// @notice Removed variable that is left here to maintain the storage layout.
-    /// @dev Introducedd in v1.0.0. Removed in v1.4.0.
+    /// @dev Introduced in v1.0.0. Removed in v1.4.0.
     /// @custom:oz-renamed-from signatureValidator
     address private __removed0;
 
@@ -186,6 +187,15 @@ contract DAO is
             _reentrancyStatus = _NOT_ENTERED;
             _registerInterface(type(IProtocolVersion).interfaceId);
         }
+
+        // Revoke the `SET_SIGNATURE_VALIDATOR_PERMISSION` that was deprecated in v1.4.0.
+        if (_previousProtocolVersion[1] <= 3) {
+            _revoke({
+                _where: address(this),
+                _who: address(this),
+                _permissionId: keccak256("SET_SIGNATURE_VALIDATOR_PERMISSION")
+            });
+        }
     }
 
     /// @inheritdoc PermissionManager
@@ -223,7 +233,7 @@ contract DAO is
         bytes32 _permissionId,
         bytes memory _data
     ) external view override returns (bool) {
-        return isGranted(_where, _who, _permissionId, _data);
+        return isGranted({_where: _where, _who: _who, _permissionId: _permissionId, _data: _data});
     }
 
     /// @inheritdoc IDAO

packages/contracts/src/core/dao/IDAO.sol

@@ -5,6 +5,7 @@ pragma solidity ^0.8.8;
 /// @title IDAO
 /// @author Aragon Association - 2022-2023
 /// @notice The interface required for DAOs within the Aragon App DAO framework.
+/// @custom:security-contact [email protected]
 interface IDAO {
     /// @notice The action struct to be consumed by the DAO's `execute` function resulting in an external call.
     /// @param to The address to call.
@@ -115,7 +116,7 @@ interface IDAO {
     /// @notice Checks whether a signature is valid for a provided hash according to [ERC-1271](https://eips.ethereum.org/EIPS/eip-1271).
     /// @param _hash The hash of the data to be signed.
     /// @param _signature The signature byte array associated with `_hash`.
-    /// @return Returns the `bytes4` magic value `0x1626ba7e` if the signature is valid.
+    /// @return Returns the `bytes4` magic value `0x1626ba7e` if the signature is valid and `0xffffffff` if not.
     function isValidSignature(bytes32 _hash, bytes memory _signature) external returns (bytes4);
 
     /// @notice Registers an ERC standard having a callback by registering its [ERC-165](https://eips.ethereum.org/EIPS/eip-165) interface ID and callback function signature.

packages/contracts/src/core/dao/IEIP4824.sol

@@ -5,6 +5,7 @@ pragma solidity 0.8.17;
 /// @title EIP-4824 Common Interfaces for DAOs
 /// @dev See https://eips.ethereum.org/EIPS/eip-4824
 /// @author Aragon Association - 2021-2023
+/// @custom:security-contact [email protected]
 interface IEIP4824 {
     /// @notice A distinct Uniform Resource Identifier (URI) pointing to a JSON object following the "EIP-4824 DAO JSON-LD Schema". This JSON file splits into four URIs: membersURI, proposalsURI, activityLogURI, and governanceURI. The membersURI should point to a JSON file that conforms to the "EIP-4824 Members JSON-LD Schema". The proposalsURI should point to a JSON file that conforms to the "EIP-4824 Proposals JSON-LD Schema". The activityLogURI should point to a JSON file that conforms to the "EIP-4824 Activity Log JSON-LD Schema". The governanceURI should point to a flatfile, normatively a .md file. Each of the JSON files named above can be statically hosted or dynamically-generated.
     /// @return _daoURI The DAO URI.

packages/contracts/src/core/permission/IPermissionCondition.sol

@@ -6,6 +6,7 @@ pragma solidity ^0.8.8;
 /// @author Aragon Association - 2021-2023
 /// @notice An interface to be implemented to support custom permission logic.
 /// @dev To attach a condition to a permission, the `grantWithCondition` function must be used and refer to the implementing contract's address with the `condition` argument.
+/// @custom:security-contact [email protected]
 interface IPermissionCondition {
     /// @notice Checks if a call is permitted.
     /// @param _where The address of the target contract.

packages/contracts/src/core/permission/PermissionCondition.sol

@@ -10,6 +10,7 @@ import {IPermissionCondition} from "./IPermissionCondition.sol";
 /// @title PermissionCondition
 /// @author Aragon Association - 2023
 /// @notice An abstract contract for non-upgradeable contracts instantiated via the `new` keyword  to inherit from to support customary permissions depending on arbitrary on-chain state.
+/// @custom:security-contact [email protected]
 abstract contract PermissionCondition is ERC165, IPermissionCondition, ProtocolVersion {
     /// @notice Checks if an interface is supported by this or its parent contract.
     /// @param _interfaceId The ID of the interface.

packages/contracts/src/core/permission/PermissionConditionUpgradeable.sol

@@ -10,6 +10,7 @@ import {IPermissionCondition} from "./IPermissionCondition.sol";
 /// @title PermissionConditionUpgradeable
 /// @author Aragon Association - 2023
 /// @notice An abstract contract for upgradeable or cloneable contracts to inherit from and to support customary permissions depending on arbitrary on-chain state.
+/// @custom:security-contact [email protected]
 abstract contract PermissionConditionUpgradeable is
     ERC165Upgradeable,
     IPermissionCondition,

packages/contracts/src/core/permission/PermissionLib.sol

@@ -5,6 +5,7 @@ pragma solidity ^0.8.8;
 /// @title PermissionLib
 /// @author Aragon Association - 2021-2023
 /// @notice A library containing objects for permission processing.
+/// @custom:security-contact [email protected]
 library PermissionLib {
     /// @notice A constant expressing that no condition is applied to a permission.
     address public constant NO_CONDITION = address(0);