Merged
Conversation
…admapu into fix/security-hardening-85-target
Collaborator
Author
|
Merging after updating the ENS subnames |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces significant security hardening and standardization to the administrative and meta-transaction (forwarder) controls in both the
CLPctoken andClaimCLPccontracts. The main improvements are the introduction of on-chain timelocks for sensitive operations (notably, updating the trusted forwarder), migration to standardized OpenZeppelin primitives for admin and pause controls, and comprehensive documentation and operational checklists for secure redeployment and post-release validation.CLPcandClaimcontractsKey changes include:
Security Hardening: Timelock for Trusted Forwarder Updates
trustedForwarderin bothCLPcandClaimCLPcnow requires a two-step process with a mandatory 2-day on-chain delay. The process involves scheduling the update, waiting for the timelock, and then executing it, with the ability to cancel before execution. This mitigates the risk of instant privilege escalation if an admin key is compromised. [1] [2] [3] [4] [5] [6] [7] [8] [9]Standardization of Administrative Controls
ClaimCLPcnow uses OpenZeppelin'sOwnable2Step,Pausable, andReentrancyGuardfor admin, pause, and reentrancy protection, replacing custom logic. This introduces a two-step ownership transfer and standard pause mechanisms, improving auditability and operational safety. [1] [2] [3]Token Contract Admin Improvements
CLPccontract now usesAccessControlDefaultAdminRuleswith a built-in delay for transferring the default admin role, further reducing the risk of immediate privilege transfers. Documentation reflects these changes, including the new admin transfer flow and updated function names for pausing minting. [1] [2] [3] [4] [5] [6]Documentation and Operational Guidance
Improved Makefile and CLI Support
Makefileand deployment runbooks are updated to support the new timelocked forwarder update process, including commands for scheduling, executing, canceling, and checking pending changes for both contracts. [1] [2] [3]These changes collectively improve the security posture and maintainability of the contracts by enforcing observable delays for sensitive operations and aligning with widely-accepted standards for administrative controls.