Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/dao execute bruteforce approach #607

Merged
merged 4 commits into from
Sep 9, 2024
Merged

Feature/dao execute bruteforce approach #607

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e59edfe
after gas benchmarking we noticed this is the cheaper approach
nivida Sep 9, 2024
6058e9f
add isGranted checks in dao
novaknole Sep 9, 2024
4fc4a34
Merge branch 'feature/extended-pm' into feature/dao-execute-bruteforc…
novaknole Sep 9, 2024
4abcc15
fix compilation errors
novaknole Sep 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 41 additions & 11 deletions packages/contracts/src/core/dao/DAO.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,13 +251,7 @@ contract DAO is
bytes32 _callId,
Action[] calldata _actions,
uint256 _allowFailureMap
)
external
override
nonReentrant
auth(EXECUTE_PERMISSION_ID)
returns (bytes[] memory execResults, uint256 failureMap)
{
) external override nonReentrant returns (bytes[] memory execResults, uint256 failureMap) {
// Check that the action array length is within bounds.
if (_actions.length > MAX_ACTIONS) {
revert TooManyActions();
Expand All @@ -268,12 +262,48 @@ contract DAO is
uint256 gasBefore;
uint256 gasAfter;

bool hasExecutePermission = isGranted(
address(this),
msg.sender,
EXECUTE_PERMISSION_ID,
msg.data
);

for (uint256 i = 0; i < _actions.length; ) {
bytes32 id = keccak256(abi.encode(bytes4(_actions[i].data)));

Permission storage targetPermission = permissions[permissionHash(_actions[i].to, id)];

bool isAllowed = targetPermission.created
? isGranted(_actions[i].to, msg.sender, id, _actions[i].data)
: hasExecutePermission;

if (!isAllowed) {
// TODO: revert error
// revert NotPossible();
}
}

for (uint256 i = 0; i < _actions.length; ) {
gasBefore = gasleft();
bool success;
bytes memory data;

(success, data) = _actions[i].to.call{value: _actions[i].value}(_actions[i].data);
if (_actions[i].to == address(this)) {
if (!success) {
bytes4 result;

assembly {
result := mload(add(data, 32))
}

if (result == Unauthorized.selector || result == UnauthorizedOwner.selector) {
(success, data) = _actions[i].to.delegatecall(_actions[i].data);
}
}
}

(bool success, bytes memory result) = _actions[i].to.call{value: _actions[i].value}(
_actions[i].data
);
gasAfter = gasleft();

// Check if failure is allowed
Expand All @@ -297,7 +327,7 @@ contract DAO is
}
}

execResults[i] = result;
execResults[i] = data;

unchecked {
++i;
Expand Down
Loading