anon/tornado-governance
1
0
Fork 0
Code Pull Requests Activity

scope require comment, natspec, update diffs (no change)

Browse Source 
Signed-off-by: AlienTornadosaurusHex <>
This commit is contained in:
AlienTornadosaurusHex 2023-05-23 21:41:03 +00:00
parent dfbd1be6ab
commit 75cf27d7d4
6 changed files with 39 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
contracts/v4-patch/GovernancePatchUpgrade.sol
View File

@ -9,20 +9,24 @@ import "../v3-relayer-registry/GovernanceStakingUpgrade.sol";
contract GovernancePatchUpgrade is GovernanceStakingUpgrade { contract GovernancePatchUpgrade is GovernanceStakingUpgrade {
mapping(uint256 => bytes32) public proposalCodehashes; mapping(uint256 => bytes32) public proposalCodehashes;
// The stakingRewardsAddress sets the immutable to the new staking contract
constructor( constructor(
address stakingRewardsAddress, address stakingRewardsAddress,
address gasCompLogic, address gasCompLogic,
address userVaultAddress address userVaultAddress
) public GovernanceStakingUpgrade(stakingRewardsAddress, gasCompLogic, userVaultAddress) {} ) public GovernanceStakingUpgrade(stakingRewardsAddress, gasCompLogic, userVaultAddress) {}
/// @notice Return the version of the contract
function version() external pure virtual override returns (string memory) { function version() external pure virtual override returns (string memory) {
return "4.patch-exploit"; return "4.patch-exploit";
} }
// This should guarantee that the proposal extcodehashes are good /**
* @notice Execute a proposal
* @dev This upgrade should protect against Metamorphic contracts by comparing the proposal's extcodehash with a stored one
* @param proposalId The proposal's ID
*/
function execute(uint256 proposalId) public payable virtual override(Governance) { function execute(uint256 proposalId) public payable virtual override(Governance) {
require(msg.sender != address(this), "pseudo-external function"); require(msg.sender != address(this), "Governance::propose: pseudo-external function");
Proposal storage proposal = proposals[proposalId]; Proposal storage proposal = proposals[proposalId];
@ -39,7 +43,14 @@ contract GovernancePatchUpgrade is GovernanceStakingUpgrade {
super.execute(proposalId); super.execute(proposalId);
} }
// This should store the proposal extcodehash /**
* @notice Internal function called from propoese
* @dev This should store the extcodehash of the proposal contract
* @param proposer proposer address
* @param target smart contact address that will be executed as result of voting
* @param description description of the proposal
* @return proposalId new proposal id
*/
function _propose( function _propose(
address proposer, address proposer,
address target, address target,

25
contracts/v4-patch/PatchProposal.sol
View File

@ -16,9 +16,17 @@ interface Proxy {
function upgradeTo(address newImplementation) external; function upgradeTo(address newImplementation) external;
} }
// We will have to do this because of the contract size limit /**
* @notice Contract which should help the proposal deploy the necessary contracts.
*/
contract PatchProposalContractsFactory { contract PatchProposalContractsFactory {
/**
* @notice Create a new TornadoStakingRewards contract.
* @param governance The address of Tornado Cash Goveranance.
* @param torn The torn token address.
* @param registry The address of the relayer registry.
* @return The address of the new staking contract.
*/
function createStakingRewards( function createStakingRewards(
address governance, address governance,
address torn, address torn,
@ -27,6 +35,14 @@ contract PatchProposalContractsFactory {
return address(new TornadoStakingRewards(governance, torn, registry)); return address(new TornadoStakingRewards(governance, torn, registry));
} }
/**
* @notice Create a new RelayerRegistry contract.
* @param torn The torn token address.
* @param governance The address of Tornado Cash Goveranance.
* @param ens The ens registrar address.
* @param staking The TornadoStakingRewards contract address.
* @return The address of the new registry contract.
*/
function createRegistryContract( function createRegistryContract(
address torn, address torn,
address governance, address governance,
@ -38,6 +54,9 @@ contract PatchProposalContractsFactory {
} }
} }
/**
* @notice Proposal which should patch governance against the metamorphic contract replacement vulnerability.
*/
contract PatchProposal { contract PatchProposal {
using SafeMath for uint256; using SafeMath for uint256;
using Address for address; using Address for address;
@ -54,7 +73,7 @@ contract PatchProposal {
patchProposalContractsFactory = PatchProposalContractsFactory(_patchProposalContractsFactory); patchProposalContractsFactory = PatchProposalContractsFactory(_patchProposalContractsFactory);
} }
// Aight lets do this sirs /// @notice Function to execute the proposal.
function executeProposal() external { function executeProposal() external {
// address(this) has to be governance // address(this) has to be governance
address payable governance = payable(address(this)); address payable governance = payable(address(this));

5
diffs/RelayerRegistry.diff
View File

@ -89,8 +89,3 @@
--- ---
> staking = TornadoStakingRewards(_staking); > staking = TornadoStakingRewards(_staking);
> feeManager = IFeeManager(_feeManager); > feeManager = IFeeManager(_feeManager);
324c384
< }
\ No newline at end of file
---
> }

5
diffs/TornadoStakingRewards.diff
View File

@ -21,8 +21,3 @@
< relayerRegistry = resolve(_relayerRegistry); < relayerRegistry = resolve(_relayerRegistry);
--- ---
> relayerRegistry = _relayerRegistry; > relayerRegistry = _relayerRegistry;
133c143
< }
\ No newline at end of file
---
> }