Skip to content

Berlinite Release

Latest
Compare
Choose a tag to compare
@mathewmeconry mathewmeconry released this 05 Oct 11:25
· 6 commits to main since this release
e90ea8f

Summary

This is a low-priority release containing new features, patches, and low-severity bug fixes. Update at your convenience.

For technical details, see the Aragon OSx contracts changelog.

Audits

Code4rena: link 1, link 2
Halborn: link 1, link 2

Highlights

Reentrancy Protection and Gas Checks for the DAO Executor

In previous versions, the DAO executor was allowed to call itself. Such behavior is commonly found in other executor implementations (e.g., OpenZeppelin Governor or SAFE) too because the permission to execute is given only to trusted and vetted parties and contracts. Because DAOs created through the Aragon App frontend use audited contracts developed by Aragon itself and DAO proposals are subject to review, there is no risk exposure for Aragon OSx DAOs that have been created so far. However, since 3rd-party plugins will be easily installable to the DAO in the future, we followed the suggestion by Code4rena and added reentrancy protection to the DAO executor. Additionally, we have added checks to ensure that failure of the last action of a proposal cannot be intentionally caused by providing insufficient gas when it is explicitly allowed to fail is used.

Although rated as medium findings in the Code4rena audit report we believe that the risk exposure for DAOs is low.

Protocol Versioning for OSx Contracts

OSx contracts that changed compared to v1.0.0 now have an on-chain semantic versioning number indicating the OSx protocol version the contract is associated with. This number will be displayed on the frontend and help while supporting user requests.

Reworked Proposal Creation Criteria

Holders of governance tokens in the TokenVoting plugin can now create proposals too after they have delegated their tokens to someone else. Moreover, members of the Multisig plugin can now create a proposal in the same block in which they have become a member. Lastly, events emitted during proposal creation now contain the correct information.

Reworked Permission Conditions

The permission manager functionality related to permission conditions now has additional input checks and was slightly optimized. Permission condition contracts are now identifiable through ERC-165 and base contracts are provided for developers to use.

Solidity Compiler Pragma

In the prior release, the contracts were constrained by a stringent pragma, fixed at Solidity version 0.8.17. This limitation posed a hurdle for external developers seeking compatibility with newer Solidity versions. To enhance flexibility, the contracts external developers inherit from now allow inheritance from version 0.8.8 or higher, accommodating a broader range of Solidity versions.

All Changes

The following list contains all changes to the repository hosting also the subgraph and documentation.

  • Docs: Various improvements by @Michael-A-Heuer in #304
  • fix metadata by @novaknole in #303
  • fix: rename osx-contracts to osx by @mathewmeconry in #305
  • APP-1896 : Remove duplicated code by @Rekard0 in #307
  • Fixing npm package name by @juliettech13 in #300
  • feat: ignore tests in @aragon/osx package by @mathewmeconry in #308
  • App 1797 subgraph write tests for token membership by @mathewmeconry in #276
  • feat: adds blocklist to remove subdomains from indexing by @mathewmeconry in #310
  • Docs: Improved doc generation by @Michael-A-Heuer in #315
  • Improve the .env mentions by @brickpop in #313
  • Docs: Improvements by @Michael-A-Heuer in #320
  • exec results by @novaknole in #316
  • APP-1935 : Use int for minApprovals by @Rekard0 in #312
  • move to dev dependency by @novaknole in #322
  • APP-1928: create release entity + metadata by @Rekard0 in #319
  • Addressed code4arena findings in the docs by @Michael-A-Heuer in #323
  • fix by @novaknole in #318
  • coverage tests added by @novaknole in #324
  • Documentation fixes by @Michael-A-Heuer in #329
  • APP-1920 , APP-1854 : refactor relations by @Rekard0 in #317
  • Fix/deployment script by @mathewmeconry in #330
  • Feature/docs improvement by @Michael-A-Heuer in #332
  • fix: fixes vuln in Multisig Plugin by @mathewmeconry in #338
  • fix: makes Permissions in Subgraph mutable. by @mathewmeconry in #335
  • Fix 1/64 problem in DAO executor by @Michael-A-Heuer in #333
  • Feature/multisig setup build2 by @mathewmeconry in #339
  • fix: changelog merge fail by @mathewmeconry in #340
  • Placeholder setups and Multisig Build 2 deployment by @Michael-A-Heuer in #336
  • Feat/release mumbai by @mathewmeconry in #342
  • Fix wrong permission id by @Michael-A-Heuer in #341
  • Fix titles by @Michael-A-Heuer in #343
  • Feat/fix ens deployment by @mathewmeconry in #344
  • Fix storage corruption by @Michael-A-Heuer in #345
  • Feat/polygon deployment by @mathewmeconry in #346
  • fix: hardhat typescript typing by @mathewmeconry in #347
  • App 2085 core deploy upgrade mainnet polygon by @mathewmeconry in #349
  • fix: adds missing allowFailureMap parameter to IDAO.Executed event by @mathewmeconry in #351
  • OS-331 : Rename executable to potentiallyExecutable by @Rekard0 in #352
  • OS-265 : builder testing by @Rekard0 in #327
  • Feat/update mumbai by @mathewmeconry in #353
  • OS-206: test dao with extended schema (part-1) by @Rekard0 in #354
  • OS-365 : map and test delegation by @Rekard0 in #359
  • C4 Audit Suggestions by @Michael-A-Heuer in #360
  • Changed solc compiler pragma by @Michael-A-Heuer in #348
  • OS-385, [M-02] C4arena: Clarifying NatSpec comment for TokenFactory by @Michael-A-Heuer in #362
  • Feature/os 399 hardhat upgrades by @Michael-A-Heuer in #364
  • Feature: Add indexation of ERC20 wrapper contracts by @josemarinas in #356
  • OS-253 : rename proposalId to pluginProposalId by @Rekard0 in #357
  • F/ OS-380 npm package versions by @Rekard0 in #361
  • Add missing changelog entry by @Michael-A-Heuer in #368
  • F/ OS-419 export contract source by @Rekard0 in #370
  • Feature/os 389 Membership definition update by @Michael-A-Heuer in #371
  • Fix typechain and contracts tests by @Rekard0 in #374
  • OS-203 : index DAO URI by @Rekard0 in #378
  • feat: updates infura keys used by @mathewmeconry in #376
  • Fix documentation generation workflow by @Michael-A-Heuer in #379
  • Non-reentrant DAO executor by @Michael-A-Heuer in #355
  • Feature: Update membership definition by @josemarinas in #373
  • OS-437 : swap IPlugin for PluginInstallation on DAO entity by @Rekard0 in #381
  • Fix ProposalCreated event dates by @Michael-A-Heuer in #369
  • Refactored buildMetadata of the plugins by @Michael-A-Heuer in #375
  • F/ OS-387 add protocol version by @Rekard0 in #380
  • DAOFactory protocol version by @Michael-A-Heuer in #386
  • Deploy script for the protocol and plugin upgrades by @Michael-A-Heuer in #384
  • DAO ERC-165 tests by @Michael-A-Heuer in #387
  • Feature/deploy use artifact by @Michael-A-Heuer in #385
  • F/ OS-441 test protocol upgrade by @Rekard0 in #388
  • OS-440 : Check & update Subgraph deploy flow by @Rekard0 in #391
  • Feature/cleaning by @Michael-A-Heuer in #392
  • OS-459 : Subgraph update to v1.3.0 by @Rekard0 in #393
  • feat: improved update checklist by @Michael-A-Heuer in #396
  • Feat/update scrips by @mathewmeconry in #394
  • Clarifying NatSpec comment in the DAORegistry.register function by @Michael-A-Heuer in #403
  • Improved NatSpec comment for _canApply in PluginSetupProcessor by @Michael-A-Heuer in #405
  • Added revert case to applySingleTargetPermissions by @Michael-A-Heuer in #400
  • Dops 531 update check user perm gh actions osx by @chilcano in #407
  • Added revert case to grantWithCondition by @Michael-A-Heuer in #401
  • fix: corrected build metadata by @Michael-A-Heuer in #411
  • bump package version by @Rekard0 in #413
  • fix polygon manifest by @Rekard0 in #414
  • Added ProtocolVersion to PluginRepoFactory and PluginRepo by @Michael-A-Heuer in #412
  • OS-523 : add an extra check to deploy script by @Rekard0 in #410
  • ERC-165 support for PermissionConditions by @Michael-A-Heuer in #402
  • Update protocol upgrade deploy scripts by @Michael-A-Heuer in #409
  • Fix: Add decimals to ERC20WrapperContract by @josemarinas in #416
  • Documentation update: How To Guides overview by @juliettech13 in #367
  • OS-516 : add missing artifacts by @Rekard0 in #408
  • Fix CI/CD by supporting tags by @Michael-A-Heuer in #417
  • dev2main by @mathewmeconry in #397
  • feat(DOPS-541): renames builders-portal to develoer-portal by @mathewmeconry in #428
  • Update README Header by @juliettech13 in #427
  • OS-436 : use OSX npm for versioning by @Rekard0 in #418
  • Improve index naming by @juliettech13 in #423
  • OS-545 : fix indexing ERC20Wrapped by @Rekard0 in #426
  • Dockerized hardhat+subgraph setup by @RakeshUP in #415
  • Dev Portal docs consistency by @juliettech13 in #422
  • R/1.3.0 rc0 by @mathewmeconry in #429
  • merge main back by @mathewmeconry in #430
  • OS-572 Add missing abis by @Rekard0 in #433
  • Metadata Format Specification in the Docs by @Michael-A-Heuer in #436
  • Feature: Replace getMergedAbi by findEventTopicLog by @josemarinas in #420
  • Refactor upgradability tests by @Michael-A-Heuer in #437
  • chore: deploy 1.3.0-rc0 to base goerli by @mathewmeconry in #439
  • Fix: typos and formatting issues on documentation by @RuggeroCino in #434
  • Fix: changelog entry by @Michael-A-Heuer in #432
  • Move tagHash function by @Michael-A-Heuer in #438
  • Feature: Add support for erc1155 tokens by @josemarinas in #443
  • f/OS-659: Update Subgraph change log & version by @Rekard0 in #447
  • chore: deploy 1.3.0-rc0 to base goerli and mainnet by @Michael-A-Heuer in #442
  • fix(subgraph): update to @graphprotocol/[email protected] by @mathewmeconry in #453
  • fix: missing virtual keyword by @Michael-A-Heuer in #452
  • Deploy contracts and subgraph to sepolia by @mathewmeconry in #475
  • fix: empty metadata caused by IPFS upload returning an empty string by @Michael-A-Heuer in #495
  • chore: deploy 1.3.0-rc0 to arbitrum and arbitrumGoerli by @Michael-A-Heuer in #496