Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release aragonOS 4.2.0 #505

merged 15 commits into from Apr 15, 2019


None yet
5 participants
Copy link

sohkai commented Apr 5, 2019

Bytecode diff:

ACL.json                       38600 more gas       +193               0
APMRegistry.json               4400 more gas        +22                0
AppStub.json                   4000 more gas        +20                0
AppStub2.json                  4000 more gas        +20                0
AppStubConditionalRecovery.js… 4000 more gas        +20                0
AppStubDepositable.json        4000 more gas        +20                0
AragonApp.json                 4000 more gas        +20                0
CallsScript.json               25400 more gas       +127               0
ENSSubdomainRegistrar.json     4000 more gas        +20                0
EVMScriptExecutorMock.json     13200 more gas       +66                0
EVMScriptRegistry.json         37200 more gas       +186               0
EVMScriptRegistryFactory.json  Same                 0                  +313
ExecutionTarget.json           84600 more gas       +423               0
KeccakConstants.json           28400 more gas       +142               0
Kernel.json                    8000 less gas        -40                0
KernelConstantsMock.json       8000 less gas        -40                0
KernelDepositableMock.json     8000 less gas        -40                0
KernelPinnedStorageMock.json   8000 less gas        -40                0
KernelSetAppMock.json          6400 less gas        -32                0
Repo.json                      4000 more gas        +20                0
TestACLInterpreter.json        41200 more gas       +206               0
UnsafeAppStub.json             4000 more gas        +20                0
UnsafeAppStubDepositable.json  4000 more gas        +20                0
UnsafeAragonApp.json           4000 more gas        +20                0
UnsafeAragonAppMock.json       4000 more gas        +20                0
UpgradedKernel.json            8000 less gas        -40                0
VaultMock.json                 4000 more gas        +20                0

Had to fight git a little bit with this PR since I didn't properly remake the dev branch on the last publish 🤦‍♂️. I should also write a bit of documentation in the to formalize the steps (never use the rebase merge since dev is the default branch).

@sohkai sohkai requested a review from bingen Apr 5, 2019

sohkai and others added some commits Mar 19, 2019

fix: Use double quotes in contract imports (#494)
* fix: Use double quotes in contract imports
* fix: add source location of ENS contracts
test: update bytes and address constants (#492)
Updates the tests to use `EMPTY_BYTES` and `ZERO_ADDR` constants (should move these out to a shared lib sometime).

Also fixes a few instances where we sent an invalid number of hex bytes (usually 1-length bytes like `0x1`; see trufflesuite/ganache-core#283 (comment)).
feat: add ConversionHelpers lib for converting memory types (#501)
Consolidates all the bytes<>uint256[] conversions into a library.

It's not _too_ costly to add, and hopefully makes us all feel a bit better about this bit 😄.

Also fixes the solidity test runner, which must've broke at some point along the way (due to the assert logs not being decoded properly) 😅.

@sohkai sohkai force-pushed the dev branch from a75ce92 to 76addef Apr 5, 2019


This comment has been minimized.

Copy link

coveralls commented Apr 5, 2019

Coverage Status

Coverage increased (+0.002%) to 99.542% when pulling 009e0f5 on dev into 27dbf00 on master.

sohkai and others added some commits Apr 9, 2019

ConversionHelpers: check length on bytes to uint256[] (#509)
There are publicly exposed interfaces that expect `bytes` and immediately turn them into `uint256[]` (e.g. `hasPermission()` in the ACL and Kernel.

There might be some cases where the truncation could lead to Bad Things<sup>TM</sup>, like the ACL being tricked into thinking a contract had permission to do something when it actually didn't. We never use the `bytes` form of `hasPermission()` directly ourselves, so this isn't exploitable, but could be if an external contract decided to.
EVMScriptRunner: handle no return data from executors (#508)
`EVMScriptRunner` was previously assuming its executor would always return correctly ABI-encoded data of type `bytes`, which are at least 64 bytes in length (32 bytes for position and 32 bytes for actual data).

Although an underflow here would've simply caused an out-of-gas error on trying to copy too much memory, reverting with an error message is much more friendly.
chore: allow to skip deploying Kernel and ACL bases in deploy-daofact…
…ory (#511)

Needed for the Aragon 0.7 re-deployment of kits, which will have an upgraded `DAOFactory` but keeping the bases for `ACL` and `Kernel` of the current deployment.

This comment has been minimized.

Copy link
Member Author

sohkai commented Apr 15, 2019

This has now completed security review by @wadeAlexC.

@sohkai sohkai merged commit 1b67d10 into master Apr 15, 2019

1 of 3 checks passed

continuous-integration/travis-ci/pr The Travis CI build is in progress
continuous-integration/travis-ci/push The Travis CI build is in progress
license/cla Contributor License Agreement is signed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.