Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release aragonOS 4.2.0 #505

Merged
merged 15 commits into from
Apr 15, 2019
Merged

Release aragonOS 4.2.0 #505

merged 15 commits into from
Apr 15, 2019

Conversation

sohkai
Copy link
Contributor

@sohkai sohkai commented Apr 5, 2019
edited
Loading

Bytecode diff:

                               CODE DEPOSIT COST    DEPLOYED BYTES     INITIALIZATION BYTES
ACL.json                       38600 more gas       +193               0
APMRegistry.json               4400 more gas        +22                0
AppStub.json                   4000 more gas        +20                0
AppStub2.json                  4000 more gas        +20                0
AppStubConditionalRecovery.js… 4000 more gas        +20                0
AppStubDepositable.json        4000 more gas        +20                0
AragonApp.json                 4000 more gas        +20                0
CallsScript.json               25400 more gas       +127               0
ENSSubdomainRegistrar.json     4000 more gas        +20                0
EVMScriptExecutorMock.json     13200 more gas       +66                0
EVMScriptRegistry.json         37200 more gas       +186               0
EVMScriptRegistryFactory.json  Same                 0                  +313
ExecutionTarget.json           84600 more gas       +423               0
KeccakConstants.json           28400 more gas       +142               0
Kernel.json                    8000 less gas        -40                0
KernelConstantsMock.json       8000 less gas        -40                0
KernelDepositableMock.json     8000 less gas        -40                0
KernelPinnedStorageMock.json   8000 less gas        -40                0
KernelSetAppMock.json          6400 less gas        -32                0
Repo.json                      4000 more gas        +20                0
TestACLInterpreter.json        41200 more gas       +206               0
UnsafeAppStub.json             4000 more gas        +20                0
UnsafeAppStubDepositable.json  4000 more gas        +20                0
UnsafeAragonApp.json           4000 more gas        +20                0
UnsafeAragonAppMock.json       4000 more gas        +20                0
UpgradedKernel.json            8000 less gas        -40                0
VaultMock.json                 4000 more gas        +20                0

Had to fight git a little bit with this PR since I didn't properly remake the dev branch on the last publish 🤦‍♂️. I should also write a bit of documentation in the CONTRIBUTING.md to formalize the steps (never use the rebase merge since dev is the default branch).

@sohkai sohkai requested a review from bingen April 5, 2019 11:39
sohkai and others added 9 commits April 5, 2019 13:51
@sohkai
fix: Use double quotes in contract imports (#494)
ad46b86 
* fix: Use double quotes in contract imports
* fix: add source location of ENS contracts
@sohkai
test: update bytes and address constants (#492)
a59fec6 
Updates the tests to use `EMPTY_BYTES` and `ZERO_ADDR` constants (should move these out to a shared lib sometime).

Also fixes a few instances where we sent an invalid number of hex bytes (usually 1-length bytes like `0x1`; see trufflesuite/ganache#283 (comment)).
@sohkai
ACLSyntaxSugar: fix returning unallocated memory (#495)
d92e53f
@gregzaitsev @sohkai
docs: Add radspec strings to factories (#498)
9cce83c
@sohkai
feat: add ReentrancyGuard (#503)
96c1b59
@sohkai
feat: add ConversionHelpers lib for converting memory types (#501)
6c7da96 
Consolidates all the bytes<>uint256[] conversions into a library.

It's not _too_ costly to add, and hopefully makes us all feel a bit better about this bit 😄.

Also fixes the solidity test runner, which must've broke at some point along the way (due to the assert logs not being decoded properly) 😅.
@izqui @sohkai
chore: Improve APM Repo version creation notice (#502)
2bfd50a
@sohkai
EVMScripts: check byte lengths, avoid returning unallocated memory, a…
446653d 
…nd forward error data (#496)
@sohkai
chore: upgrade ganache-cli to 6.4.2 (#504)
76addef
@coveralls
Copy link

coveralls commented Apr 5, 2019
edited
Loading

Coverage Status

Coverage increased (+0.002%) to 99.542% when pulling 009e0f5 on dev into 27dbf00 on master.

@facuspagnuolo facuspagnuolo mentioned this pull request Apr 8, 2019
Merged
sohkai and others added 5 commits April 9, 2019 10:39
@sohkai
test: fix test parameterization variable binding (#506)
bef0141
@facuspagnuolo
Fix TimeHelpers relative path for Initializable (#507)
28ad69d
@sohkai
ConversionHelpers: check length on bytes to uint256[] (#509)
b6823b5 
There are publicly exposed interfaces that expect `bytes` and immediately turn them into `uint256[]` (e.g. `hasPermission()` in the ACL and Kernel.

There might be some cases where the truncation could lead to Bad Things<sup>TM</sup>, like the ACL being tricked into thinking a contract had permission to do something when it actually didn't. We never use the `bytes` form of `hasPermission()` directly ourselves, so this isn't exploitable, but could be if an external contract decided to.
@sohkai
EVMScriptRunner: handle no return data from executors (#508)
009e0f5 
`EVMScriptRunner` was previously assuming its executor would always return correctly ABI-encoded data of type `bytes`, which are at least 64 bytes in length (32 bytes for position and 32 bytes for actual data).

Although an underflow here would've simply caused an out-of-gas error on trying to copy too much memory, reverting with an error message is much more friendly.
@izqui @sohkai
chore: allow to skip deploying Kernel and ACL bases in deploy-daofact…
d23e28f 
…ory (#511)

Needed for the Aragon 0.7 re-deployment of kits, which will have an upgraded `DAOFactory` but keeping the bases for `ACL` and `Kernel` of the current deployment.
@sohkai sohkai mentioned this pull request Apr 15, 2019
Closed
@sohkai
Copy link
Contributor Author

sohkai commented Apr 15, 2019

This has now completed security review by @wadealexc.

@sohkai sohkai merged commit 1b67d10 into master Apr 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bingen bingen Awaiting requested review from bingen

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sohkai @coveralls @gregzaitsev @izqui @facuspagnuolo