Closed m-chrzan closed 4 months ago
Generated at commit: e345bfe5e7310d43315590d1ddd04e2378389c40
🚨 Report Summary
Severity Level Results Contracts Critical High Medium Low Note Total 1 0 0 10 30 41 Dependencies Critical High Medium Low Note Total 0 0 0 2 30 32
For more details view the full report in OpenZeppelin Code Inspector
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
npm/body-parser@1.19.1 | network | +8 |
345 kB | dougwilson |
npm/express@4.17.2 | environment, filesystem, network Transitive: eval | +19 |
925 kB | dougwilson |
npm/foreach@2.0.5 | None | 0 |
8.66 kB | manuelstofer |
npm/is-core-module@2.8.1 | None | 0 |
25.8 kB | ljharb |
npm/merkle-patricia-tree@4.2.3 | Transitive: environment, filesystem | +52 |
8.21 MB | holgerd77 |
npm/nan@2.18.0 | None | 0 |
429 kB | kkoopa |
npm/rlp@2.2.7 | None | 0 |
62.9 kB | ralxz |
npm/send@0.17.2 | filesystem, network | +3 |
61 kB | dougwilson |
npm/serve-static@1.14.2 | Transitive: filesystem, network | +4 |
86 kB | dougwilson |
npm/truffle@5.11.5 | Transitive: environment, eval, filesystem, network, shell, unsafe | +446 |
172 MB |
🚮 Removed packages: npm/@celo/base@2.3.0, npm/@ethereumjs/block@4.1.0, npm/@ethereumjs/blockchain@6.1.0, npm/@ethereumjs/tx@4.0.2, npm/accepts@1.3.8, npm/body-parser@1.20.1, npm/destroy@1.2.0, npm/express@4.18.2, npm/finalhandler@1.2.0, npm/foreach@2.0.6, npm/is-core-module@2.11.0, npm/merkle-patricia-tree@4.2.4, npm/minimist@1.2.7, npm/nan@2.16.0, npm/negotiator@0.6.3, npm/node-gyp-build@4.3.0, npm/on-finished@2.4.1, npm/send@0.18.0, npm/serve-static@1.15.0, npm/web3-core@1.8.1
What is the purpose of having standalone smart contract as a pauser ?
You're right, now that I think about it, I don't think it's necessary and could be simplified to put all the functionality in the MultiSig. I think this architecture was necessary when I had some different ideas about how to disable the MultiSig executing proposals and unpausing before, but shouldn't be necessary anymore.
I guess the one argument for keeping the separate contract would be for better modularity (e.g. if in the future we'd want to swap out our custom MultiSig for something like a Gnosis Safe).
Description
Adds a mechanism for pausing the protocol to prevent/mitigate damages in case of an exploit.
The basic design is as follows:
pauser
is the address that is permissioned to pause/unpause the contract.paused
is a boolean indicating whether or not the contract is paused.onlyWhenNotPaused
modifier.pauser
address in Pausable contracts. It can only be called by the MultiSig.pauseContracts
andunpauseContracts
, which pause/unpause a list of contracts.pauseContracts
can be called by any MultiSig signer to immediately pause the chosen contracts.unpauseContracts
can be called by Governance (via referendum or hotfix) to immediately unpause chosen contracts.TODO: add pausing to other protocol contracts.TODO: add pausing-related events.Tested
Unit tests.
Other changes
Set unlimited timeout for GroupHealth tests, as they started timing out in GitHub Actions.
Cleaned up some tests to use the named
owner
account and to explicitly specify the caller with.connect()
.Vote needed some extra cleanup, as it used the production
"core"
fixture, differently than other contract unit tests. Updated to use a new test deployment.Related issues