Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(contracts): OZ-L1-L07 Lack of Logs on Sensitive Actions #623

Merged
merged 4 commits into from Jul 20, 2023
Merged

fix(contracts): OZ-L1-L07 Lack of Logs on Sensitive Actions #623

merged 4 commits into from Jul 20, 2023

Conversation

zimpha
Copy link
Member

@zimpha zimpha commented Jul 7, 2023

Purpose or design rationale of this PR

This PR fix the bug (L-07 Lack of Logs on Sensitive Actions) reported by OpenZeppelin. The following are the details:

In the FeeVault contract, the owner role can change the minimum value to withdraw, the recipient, and messenger address. However, none of the functions emit an event. Although these functions will not interfere with users' actions, it could be useful to log the changes for debugging unexpected behaviors or potential hacks.

Moreover, the DeployToken event is defined in the IScrollStandardERC20Factory interface but it is never emitted in the deployL2Token function of the ScrollStandardERC20Factory contract. Consider adding events to such functions.

PR title

Your PR title must follow conventional commits (as we are doing squash merge for each PR), so it must start with one of the following types:

  • build: Changes that affect the build system or external dependencies (example scopes: yarn, eslint, typescript)
  • ci: Changes to our CI configuration files and scripts (example scopes: vercel, github, cypress)
  • docs: Documentation-only changes
  • feat: A new feature
  • fix: A bug fix
  • perf: A code change that improves performance
  • refactor: A code change that doesn't fix a bug, or add a feature, or improves performance
  • style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
  • test: Adding missing tests or correcting existing tests

Deployment tag versioning

Has tag in common/version.go been updated?

  • No, this PR doesn't involve a new deployment, git tag, docker image tag
  • Yes

Breaking change label

Does this PR have the breaking-change label?

  • No, this PR is not a breaking change
  • Yes

@zimpha zimpha self-assigned this Jul 7, 2023
@github-actions
Copy link

github-actions bot commented Jul 7, 2023
edited

LCOV of commit 9325506 during Contracts #1117

Summary coverage rate:
  lines......: 51.3% (893 of 1740 lines)
  functions..: 68.1% (203 of 298 functions)
  branches...: no data found

Files changed coverage rate: n/a

@zimpha zimpha added the enhancement New feature or request label Jul 7, 2023
Thegaram
Thegaram previously approved these changes Jul 7, 2023
View reviewed changes
contracts/src/libraries/FeeVault.sol Outdated Show resolved Hide resolved
contracts/src/libraries/FeeVault.sol Outdated Show resolved Hide resolved
contracts/src/libraries/token/IScrollStandardERC20Factory.sol Outdated Show resolved Hide resolved
@HAOYUatHZ HAOYUatHZ merged commit ff4a9e1 into develop Jul 20, 2023
3 checks passed
@HAOYUatHZ HAOYUatHZ deleted the fix/lack_of_logs_on_sensitive_actions branch July 20, 2023 08:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Thegaram Thegaram Thegaram approved these changes

Assignees

@zimpha zimpha

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@zimpha @Thegaram @HAOYUatHZ