Governance Service to Audit #3
Conversation
There was a problem hiding this comment.
Left a number of suggestions. Looks like AxelarGovernanceService has some todos, though ofc not opposed to approving before those are complete. Most comments are syntax suggestions, though there are a couple of questions that arose around unstated assumptions I think would be helpful to clear up.
- What scale do we expect to see in the contract mapping fields? In the case of this PR,
AxelarGovernanceService.proposals, though I did see a couple in the gateway contract. - How critical are the
senderAddressmethod parameters throughout the contracts and are there any places where DDOS and by extension impersonation (perhaps two separate concerns) pose critical vulnerabilities to the messaging protocol - How are payments to the gas service accounted for? I ask because I don't see state tracking onchain, so I'm assuming this is a relevant detail for the Axelar network?
|
Quick follow up, I'm wondering about plans for building out a unit testing suite. Np if we just want to align on the initial design and implementation, but it'd be helpful for reviews since I lack the full context around business logic. |
…ntity resource interface for getting sender address through Capability. Adjusting ability for updating dApp capability
…r cannot call the method without permission
| // TODO: Replace update__experimental with tryUpdate() once it's available | ||
| // let deploymentResult = account.contracts.tryUpdate(name: name, code: code) | ||
| // return deploymentResult.success | ||
| account.contracts.update__experimental(name: name, code: code) |
There was a problem hiding this comment.
Just flagging that this should be updated once tryUpdate is available. The commented code should cover the use case based on the planned interface.
Relevant issue: onflow/cadence#2963
|
|
||
|
|
||
| //Get estimated execution time for proposal | ||
| access(all) fun getProposalEta(proposedCode: String, target: Address): UInt64{ |
There was a problem hiding this comment.
I'd also think we'd want to add a getter for Proposals so they can be reivewed. Also, will the hashed proposal values be stored somewhere offchain e.g. on Axelar somewhere. Asking bc I think indexing on the proposed code + target address could obscure the values unless the hashed values are known and meaning assigned elsewhere.
Co-authored-by: Giovanni Sanchez <[email protected]>
Co-authored-by: Giovanni Sanchez <[email protected]>
Co-authored-by: Giovanni Sanchez <[email protected]>
Co-authored-by: Giovanni Sanchez <[email protected]>
Co-authored-by: Giovanni Sanchez <[email protected]>
Co-authored-by: Giovanni Sanchez <[email protected]>
Co-authored-by: Giovanni Sanchez <[email protected]>
Co-authored-by: Giovanni Sanchez <[email protected]>
Co-authored-by: Giovanni Sanchez <[email protected]>
Co-authored-by: Giovanni Sanchez <[email protected]>
No description provided.