graphprotocol / contracts

Contracts repository for The Graph protocol

https://thegraph.com

GNU General Public License v2.0

329 stars 143 forks source link

fix: subgraphService access control (OZ C-04) #990

Closed Maikol closed 1 week ago

openzeppelin-code[bot] commented 1 month ago

fix: subgraphService access control (OZ C-04)

Generated at commit: 0364b4115f233cbff44749652d78c786a853675c

🚨 Report Summary

Severity Level Results

Contracts Critical
High
Medium
Low
Note
Total 2
4
0
16
41
63

Dependencies Critical
High
Medium
Low
Note
Total 0
0
0
0
0
0

For more details view the full report in OpenZeppelin Code Inspector

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	2 4 0 16 41 63
Dependencies	Critical High Medium Low Note Total	0 0 0 0 0 0

tmigone commented 1 month ago

Just realized we also need to ensure resizeAllocation() doesn't allow resizing someone else's allocation 🫤

Maikol commented 1 month ago

Just realized we also need to ensure resizeAllocation() doesn't allow resizing someone else's allocation 🫤

I'll work next on resize on a new PR

pcarranzav commented 4 weeks ago

I'd suggest fixing resizeAllocation on this PR instead of a separate one, otherwise we risk forgetting about it... or make it super super clear that this PR doesn't fully resolve C-04

Edit: just realized it's in #992 - I'd suggest mentioning this in the PR description

Maikol commented 4 weeks ago

@pcarranzav I'll mention it on the other PR, thank you! 👍