Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(og): N-02 - Remove payable in executeProposal #4491

Merged
merged 2 commits into from Mar 22, 2023
Merged

fix(og): N-02 - Remove payable in executeProposal #4491

merged 2 commits into from Mar 22, 2023

Conversation

Reinis-FRP
Copy link
Contributor

Motivation

OZ identified the following issue:

The executeProposal function has the payable modifier. However, any ETH sent is not
used in the function and will be locked in the OptimisticGovernor contract.

Summary

This PR addresses this issue by removing the payable attribute to avoid potentially locking ETH in the OptimisticGovernor contract.

Testing

Check a box to describe how you tested these changes and list the steps for reviewers to test.

  • Ran end-to-end test, running the code as in production
  • New unit tests created
  • Existing tests adequate, no new tests required
  • All existing tests pass
  • Untested

@Reinis-FRP
fix(og): N-02 - Remove payable in executeProposal
7665991 
Signed-off-by: Reinis Martinsons <reinis@umaproject.org>
mrice32
mrice32 approved these changes Mar 22, 2023
View reviewed changes
Copy link
Member

@mrice32 mrice32 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

chrismaree
chrismaree reviewed Mar 22, 2023
View reviewed changes
packages/core/contracts/optimistic-governor/implementation/OptimisticGovernor.sol Outdated
@@ -297,7 +297,7 @@ contract OptimisticGovernor is OptimisticOracleV3CallbackRecipientInterface, Mod
* @notice Executes an approved proposal.
* @param _transactions the transactions being executed. These must exactly match those that were proposed.
*/
function executeProposal(Transaction[] memory _transactions) external payable nonReentrant {
function executeProposal(Transaction[] memory _transactions) external nonReentrant {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would the value passed in not be pulled out on exec with transaction.value?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no, exec does not pass msg.value when calling execTransactionFromModule on the target (safe) here. The value parameter in execTransactionFromModule would pull Ether from the safe in case of regular call operation, but any value sent by the caller of executeProposal would be stuck in the Optimistic Governor contract.

@Reinis-FRP
Merge branch 'master' into reinis-frp/n02-og-upgrade
4533c39 
Signed-off-by: Reinis Martinsons <reinis@umaproject.org>
chrismaree
chrismaree approved these changes Mar 22, 2023
View reviewed changes
Copy link
Member

@chrismaree chrismaree left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. thanks for explaining. I was a bit confused by the exec function.

@Reinis-FRP Reinis-FRP merged commit f417256 into master Mar 22, 2023
1 check passed
@Reinis-FRP Reinis-FRP deleted the reinis-frp/n02-og-upgrade branch March 22, 2023 12:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrice32 mrice32 mrice32 approved these changes

@chrismaree chrismaree chrismaree approved these changes

@md0x md0x Awaiting requested review from md0x md0x is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Reinis-FRP @mrice32 @chrismaree