I fixed all serious vulnerabilities found inside the DAO and made all modifications we discussed on slack. Compare coverage before vs after. All tests are passing in both mocked mode and fhevm mode, however few tests are only run in mocked mode: those were we needed to fast forward time by several days to test the timelock mostly, because we had to use the hardhat cheat codes in this case.
The only contract not 100% covered is Comp because there is a branch that could never be reached, and two functions are almost duplicated: getPriorVotes and getMyPriorVotes while we already have 100% branch coverage for getMyPriorVotes.
There is still the open question of wether I should re-introduce the castVoteBySig function, but for this we would need to add the ability in fhevmjs to interface correctly with the ZKPOK Rust library in order to be able to delegate the ciphertext to a custom tx.origin address. What's your opinion on this @immortal-tofu ?
Another open question is wether I should add virtual modifiers to the functions inside the different contracts, to make it easily extendable and customizable like I did for the EncryptedERC20, wdyt ?
I fixed all serious vulnerabilities found inside the DAO and made all modifications we discussed on slack. Compare coverage before vs after. All tests are passing in both mocked mode and fhevm mode, however few tests are only run in mocked mode: those were we needed to fast forward time by several days to test the timelock mostly, because we had to use the hardhat cheat codes in this case.
The only contract not 100% covered is Comp because there is a branch that could never be reached, and two functions are almost duplicated:
getPriorVotes
andgetMyPriorVotes
while we already have 100% branch coverage forgetMyPriorVotes
.There is still the open question of wether I should re-introduce the
castVoteBySig
function, but for this we would need to add the ability infhevmjs
to interface correctly with the ZKPOK Rust library in order to be able to delegate the ciphertext to a customtx.origin address
. What's your opinion on this @immortal-tofu ? Another open question is wether I should addvirtual
modifiers to the functions inside the different contracts, to make it easily extendable and customizable like I did for the EncryptedERC20, wdyt ?