search

gnosisguild / zodiac-safe-app

https://gnosis-safe.io/app/share/safe-app?appUrl=https://zodiac.gnosisguild.org/&chainId=5
GNU Lesser General Public License v3.0
26 stars 28 forks source link

Stop notifying when Proposals are Submitted, only notify when Answers are submitted #213

Closed greenlucid closed 1 year ago

greenlucid commented 1 year ago

Reality Module allows anyone to propose a hash authorizing many transactions to be submitted. Other than gas, there is no cost involved with this action.

The module will only accept proposals whose linked reality.eth question is answered as correctly voted in Snapshot. In order to do this, a bond needs to be placed, which will be considered the intended cost to attack the governor.

The way notifications are currently setup, notifications are launched whenever the hash is proposed. This is an action that any actor could do, and do it for free, so it leaves the door for anyone to pollute the notification system.

Making sense of current setup

  1. Notification Channels are created, with notificationChannelIds returned
  2. An "Autotask" is created, whose job is deploying a new Sentinel watching the Reality.eth contract with the required questionId, whenever a proposal happens. It receives the notificationChannelIds.
  3. The "master" Sentinel is created, linked to the autotask above, and it also receives the notificationChannelIds.

Assessing original intention

It appears that the purpose of watching for the LogNewAnswer event was, to notify when the most important action happened, that is, whenever a bond is placed to assert a hash is correct.

Issues

There are two problems:

  1. Any malicious actor can pollute the notification space of a DAO by proposing hashes, free of charge.
  2. There are default alertThresholds that limit the amount of notifications that can be generated per window of time, and they might be too low.

In practice, this 2nd point meant that, when testing and creating a proposal and placing the first bond immediately, you only got a notification for the first action.

Solution

This PR makes ProposalQuestionCreated stop notifying, and it adds an explicitly lax alertThreshold in the LogNewAnswer autotask (notify up to two times every 5min window)

Links

alertThreshold https://docs.openzeppelin.com/defender/sentinel-api-reference#create-endpoint

vercel[bot] commented 1 year ago

@greenlucid is attempting to deploy a commit to the Gnosis Guild Team on Vercel.

A member of the Team first needs to authorize it.