Releases: aragon/osx
Berlinite Release
Summary
This is a low-priority release containing new features, patches, and low-severity bug fixes. Update at your convenience.
For technical details, see the Aragon OSx contracts changelog.
Audits
Code4rena: link 1, link 2
Halborn: link 1, link 2
Highlights
Reentrancy Protection and Gas Checks for the DAO Executor
In previous versions, the DAO executor was allowed to call itself. Such behavior is commonly found in other executor implementations (e.g., OpenZeppelin Governor or SAFE) too because the permission to execute is given only to trusted and vetted parties and contracts. Because DAOs created through the Aragon App frontend use audited contracts developed by Aragon itself and DAO proposals are subject to review, there is no risk exposure for Aragon OSx DAOs that have been created so far. However, since 3rd-party plugins will be easily installable to the DAO in the future, we followed the suggestion by Code4rena and added reentrancy protection to the DAO executor. Additionally, we have added checks to ensure that failure of the last action of a proposal cannot be intentionally caused by providing insufficient gas when it is explicitly allowed to fail is used.
Although rated as medium findings in the Code4rena audit report we believe that the risk exposure for DAOs is low.
Protocol Versioning for OSx Contracts
OSx contracts that changed compared to v1.0.0 now have an on-chain semantic versioning number indicating the OSx protocol version the contract is associated with. This number will be displayed on the frontend and help while supporting user requests.
Reworked Proposal Creation Criteria
Holders of governance tokens in the TokenVoting plugin can now create proposals too after they have delegated their tokens to someone else. Moreover, members of the Multisig plugin can now create a proposal in the same block in which they have become a member. Lastly, events emitted during proposal creation now contain the correct information.
Reworked Permission Conditions
The permission manager functionality related to permission conditions now has additional input checks and was slightly optimized. Permission condition contracts are now identifiable through ERC-165 and base contracts are provided for developers to use.
Solidity Compiler Pragma
In the prior release, the contracts were constrained by a stringent pragma, fixed at Solidity version 0.8.17. This limitation posed a hurdle for external developers seeking compatibility with newer Solidity versions. To enhance flexibility, the contracts external developers inherit from now allow inheritance from version 0.8.8 or higher, accommodating a broader range of Solidity versions.
All Changes
The following list contains all changes to the repository hosting also the subgraph and documentation.
- Docs: Various improvements by @Michael-A-Heuer in #304
- fix metadata by @novaknole in #303
- fix: rename osx-contracts to osx by @mathewmeconry in #305
- APP-1896 : Remove duplicated code by @Rekard0 in #307
- Fixing npm package name by @juliettech13 in #300
- feat: ignore tests in @aragon/osx package by @mathewmeconry in #308
- App 1797 subgraph write tests for token membership by @mathewmeconry in #276
- feat: adds blocklist to remove subdomains from indexing by @mathewmeconry in #310
- Docs: Improved doc generation by @Michael-A-Heuer in #315
- Improve the .env mentions by @brickpop in #313
- Docs: Improvements by @Michael-A-Heuer in #320
- exec results by @novaknole in #316
- APP-1935 : Use int for minApprovals by @Rekard0 in #312
- move to dev dependency by @novaknole in #322
- APP-1928: create release entity + metadata by @Rekard0 in #319
- Addressed code4arena findings in the docs by @Michael-A-Heuer in #323
- fix by @novaknole in #318
- coverage tests added by @novaknole in #324
- Documentation fixes by @Michael-A-Heuer in #329
- APP-1920 , APP-1854 : refactor relations by @Rekard0 in #317
- Fix/deployment script by @mathewmeconry in #330
- Feature/docs improvement by @Michael-A-Heuer in #332
- fix: fixes vuln in Multisig Plugin by @mathewmeconry in #338
- fix: makes Permissions in Subgraph mutable. by @mathewmeconry in #335
- Fix 1/64 problem in DAO executor by @Michael-A-Heuer in #333
- Feature/multisig setup build2 by @mathewmeconry in #339
- fix: changelog merge fail by @mathewmeconry in #340
- Placeholder setups and Multisig Build 2 deployment by @Michael-A-Heuer in #336
- Feat/release mumbai by @mathewmeconry in #342
- Fix wrong permission id by @Michael-A-Heuer in #341
- Fix titles by @Michael-A-Heuer in #343
- Feat/fix ens deployment by @mathewmeconry in #344
- Fix storage corruption by @Michael-A-Heuer in #345
- Feat/polygon deployment by @mathewmeconry in #346
- fix: hardhat typescript typing by @mathewmeconry in #347
- App 2085 core deploy upgrade mainnet polygon by @mathewmeconry in #349
- fix: adds missing allowFailureMap parameter to IDAO.Executed event by @mathewmeconry in #351
- OS-331 : Rename executable to potentiallyExecutable by @Rekard0 in #352
- OS-265 : builder testing by @Rekard0 in #327
- Feat/update mumbai by @mathewmeconry in #353
- OS-206: test dao with extended schema (part-1) by @Rekard0 in #354
- OS-365 : map and test delegation by @Rekard0 in #359
- C4 Audit Suggestions by @Michael-A-Heuer in #360
- Changed solc compiler pragma by @Michael-A-Heuer in #348
- OS-385, [M-02] C4arena: Clarifying NatSpec comment for TokenFactory by @Michael-A-Heuer in #362
- Feature/os 399 hardhat upgrades by @Michael-A-Heuer in #364
- Feature: Add indexation of ERC20 wrapper contracts by @josemarinas in #356
- OS-253 : rename proposalId to pluginProposalId by @Rekard0 in #357
- F/ OS-380 npm package versions by @Rekard0 in #361
- Add missing changelog entry by @Michael-A-Heuer in #368
- F/ OS-419 export contract source by @Rekard0 in #370
- Feature/os 389 Membership definition update by @Michael-A-Heuer in #371
- Fix typechain and contracts tests by @Rekard0 in #374
- OS-203 : index DAO URI by @Rekard0 in #378
- feat: updates infura keys used by @mathewmeconry in #376
- Fix documentation generation workflow by @Michael-A-Heuer in #379
- Non-reentrant DAO executor by @Michael-A-Heuer in #355
- Feature: Update membership definition by @josemarinas in #373
- OS-437 : swap IPlugin for PluginInstallation on DAO entity by @Rekard0 in #381
- Fix ProposalCreated event dates by @Michael-A-Heuer in #369
- Refactored
buildMetadataof the plugins by @Michael-A-Heuer in #375 - F/ OS-387 add protocol version by @Rekard0 in #380
- DAOFactory protocol version by @Michael-A-Heuer in #386
- Deploy script for the protocol and plugin upgrades by @Michael-A-Heuer in #384
- DAO ERC-165 tests by @Michael-A-Heuer in #387
- Feature/deploy use artifact by @Michael-A-Heuer in #385
- F/ OS-441 test protocol upgrade by @Rekard0 in #388
- OS-440 : Check & update Subgraph deploy fl...
Contributors
Assets 2
Aventurine
Summary
The initial release of the Aragon OSx protocol!
The Aragon OSx protocol is the foundation layer of the new Aragon stack. It allows users to create, manage, and customize DAOs in a way that is lean, adaptable, and secure.