Closed soloseng closed 6 days ago
Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
I'm not 100% sure I understand the original bug, and how this PR fixes it, so not super comfortable approving. But left some nit comments from reading through the PR.
Updated the PR description to make it more clear what the changes are and why they were needed.
Description
Added a check that prevents activating theCeloDistributionSchedule
contract if the distributionSchedule contract address if not set in CELO token contract.Previously, it was expected that the
CeloDistributionSchedule
address would be manually set in theGoldToken
contract by callingsetCeloTokenDistributionSchedule()
. This was expected to be done before callingactivate()
in theCeloDistributionSchedule
. However, theCeloDistributionSchedule
contract did not verify that theCeloDistributionSchedule
address was set in theGoldToken
contract, allowing for theCeloDistributionSchedule
to be incorrectly activated.These new changes get the
CeloDistributionSchedule
address from the registry, instead of setting it in theGoldToken
contract. Hence, no longer requiring that theCeloDistributionSchedule
address be manually set in theGoldToken
contract before activating theCeloDistributionSchedule
contract.Tested
unit tested