Comments (3)
toninorair
commented on July 28, 2024
Great point @cylon56. We decided to use slither-check-upgradeability plugin of slither library to check for clashes of functions between TransparentUpgradeableConfiguratorProxy and Configurator. So basically moving this problem off-chain via an additional static code analysis check.
from comet.
jflatow
commented on July 28, 2024
We analyzed the cases where a clash can occur and found that these cases are non-critical and recoverable.
The two types of clashes that can happen are:
- New function on proxy is introduced that clashes with an existing function in the Configurator. Admin is no longer able to call the function on the Configurator.
- To recover: The admin should still be able to upgrade the implementation of the proxy because that function lives on the proxy. Governance can simply introduce a new version of Configurator without the clash and upgrade the proxy to this new implementation.
- New function on Configurator is introduced that clashes with an existing function on the proxy. Admin cannot call this new Configurator function.
- To recover: Same recovery path as above. Function clashes only prevent the admin from calling a function on the Configurator, so the admin is still able to call the upgrade function on the proxy itself.
In either case, the contracts are in a recoverable state and nothing malicious can happen unless the admin is malicious.
We are also exploring a slither-check-upgradeability plugin of slither library to check for clashes of functions between ConfiguratorProxy and Configurator (#430).
from comet.
jflatow
commented on July 28, 2024
We added the slither check in addition to the above guidance/remedies, closing.
from comet.
Related Issues (20)
- [N10] Use of Global imports HOT 1
- [N11] Potential front-run HOT 1
- [N12] Potential reentrancies HOT 1
- [N13] Repetitive code HOT 1
- [N14] Typos HOT 1
- [N15] Unnecessary return values HOT 1
- [N16] Lack of explicitness on data type sizes HOT 2
- [N17] `PRICE_SCALE` constant is not used HOT 1
- [N18] Wrong value emitted in event
- pauseGuardianSigner is null HOT 1
- Derive asset addresses in deploy script from `configuration.json`
- Addresses in `relations.ts` should be case-insensitive HOT 2
- BulkerScenario.ts should bump supply caps in testing
- Goland SDK client HOT 2
- too many errors
- Missing events
- Spider tool can't crawl base with basic infura key HOT 1
- Update project to use Node.js 18 or 20 LTS (16 was end of life September 2023)
- Spider tool: fails to crawl create2 contracts produced by internal tx HOT 1
- Arbitrum USDT Migration
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from comet.