refactor: uses L2Migration.s.sol and simplifies migration script
#11177
Conversation
…ctivate` function As far as I can see, this interface was not defined correctly and had an argument too much.
…ctors bash file Left two TODO comments.
arthurgousset
changed the title
L2Migration.s.sol and simplifies migration script
arthurgousset
changed the title
L2Migration.s.sol and simplifies migration scriptL2Migration.s.sol and simplifies migration script
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 10538986 | Triggered | Generic High Entropy Secret | df87e3f | packages/protocol/scripts/foundry/constants.sh | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
packages/protocol/contracts/common/interfaces/ICeloDistributionSchedule.sol
Show resolved
Hide resolved
packages/protocol/scripts/foundry/create_and_migrate_anvil_l2_devchain.sh
Show resolved
Hide resolved
packages/protocol/scripts/foundry/create_and_migrate_anvil_l2_devchain.sh
Outdated
Show resolved
Hide resolved
| uint256 l2StartTime = 1721909903 - 5; // Arbitrarily 5 seconds before last black | ||
| FixidityLib.Fraction memory communityRewardFraction = FixidityLib.newFixedFraction(1, 100); // 0.01 | ||
| FixidityLib.Fraction memory carbonOffsettingFraction = FixidityLib.newFixedFraction(1, 1000); // 0.001 | ||
| address carbonOffsettingPartner = 0x22579CA45eE22E2E16dDF72D955D6cf4c767B0eF; |
There was a problem hiding this comment.
you can query this from the current chain in EpochRewards contract
There was a problem hiding this comment.
I managed to fetch communityRewardFraction and carbonOffsettingFraction from the EpochRewards.sol contract. I implemented a new interface for this:
But couldn't quite work out how to get the carbonOffsettingPartner address, because it's a public variable, and it doesn't have an explicit getter function. I didn't know exactly how to define that in the interface.
So for now I left the carbonOffsettingPartner address hard-coded:
celo-monorepo/packages/protocol/migrations_sol/MigrationL2.s.sol
Lines 32 to 34 in fe05490
There was a problem hiding this comment.
you'l have to add the getter to IEpochRewards and implement the function on EpochRewards.
There was a problem hiding this comment.
I'm not sure we'll need to implement a getter in EpochRewards.sol, because public state variables like this automatically have getter functions:
Public state variables differ from internal ones only in that the compiler automatically generates getter functions for them, which allows other contracts to read their values.
Source: docs.soliditylang.org
I couldn't find a way to reference this "automatic" getter in the IEpochRewards.sol interface. Without a matching function in the interface, I wasn't able to call this function. A simple way around this would be to import the implementation (EpochRewards.sol) instead of the interface (IEpochRewards.sol) since we'll have all contracts on Solidity >0.8. I think the only reason I'm using an interface is because the implementation is on 0.5 and the interface is on 0.8.
For now, I propose to merge this hard-coded and then a future PR can implement a fix for this if necessary.
refactor: uses
|
| Severity Level | Results | |
|---|---|---|
| Contracts | Critical High Medium Low Note Total |
2 3 0 15 41 61 |
| Dependencies | Critical High Medium Low Note Total |
0 0 0 0 0 0 |
For more details view the full report in OpenZeppelin Code Inspector
Description
MigrationL2.s.solfor everything that can be done as a transaction) and a bash script (create_and_migrate_anvil_l2_devchain.shfor everything that requires "admin-like" priviledges).FROM_ACCOUNT_PRIVATE_KEYconstant, which was assigned the anvil default private key that triggered false positives by gitguardian.Other changes
activatemethod signature inICeloDistributionSchedule.solinterface.DEPLOYER_ACCOUNTconstant inconstants.solto avoid redefining the same variable.setupUsingRegistry()function to simplify script readability (no new feature, just cleaning up script).Tested
Tested L2 migration script ✅
(in a separate terminal) Check that
proxyAdminAddresshas bytecode ✅$ cast rpc eth_getCode \ 0x4200000000000000000000000000000000000018 \ latest \ --rpc-url=http://127.0.0.1:8546 "0x608060405234801561001057600080fd5b506...(in a separate terminal) Check that
isL2()istrueonCeloDistributionSchedule.sol. ✅For context, we can call
isL2()onCeloDistributionSchedule.soland other core contracts because they inherit fromIsL2Check.solSince this is only refactoring and there are no new features, the best test for this is to check if the L2 migrations work as before.
Related issues
constants.shto avoid false positive gitguardian alerts #11172Backwards compatibility
Yes, no new features, only refactors existing migrations.
Documentation
No.