Modernize codebase #296
Modernize codebase #296
Conversation
petejkim
force-pushed
the
modernize-codebase
branch
4 times, most recently
from
f4e5d21 to
b046934
Compare
Many tests were broken and were only accidentally passing because of rampant misuse of global assignments and test inter-dependencies
petejkim
force-pushed
the
modernize-codebase
branch
from
b046934 to
626553f
Compare
| - yarn install --frozen-lockfile | ||
|
|
||
| script: | ||
| - yarn check --integrity && truffle compile && npm test |
There was a problem hiding this comment.
Did you mean to remove check --integrity? Is it no longer needed?
There was a problem hiding this comment.
Yes, it's deprecated and removed from Yarn 2.x for being unreliable. It also fails when there are cross-platform differences. Since we are not bundling node_modules in this repo, it shouldn't be necessary.
There was a problem hiding this comment.
ok, that makes sense. We were trying to stop openzeppelin-solidity and zos-lib from being modified, but it looks like the lock file is enough to handle this. I guess we never needed check-integritr.y
test/v1/ProxyNegativeTests.js
Outdated
| @@ -96,13 +96,6 @@ async function run_tests(newToken, _accounts) { | |||
| await checkVariables([token], [customVars]); | |||
| }); | |||
|
|
|||
| it("nut007 should fail to call proxy function with non-adminAccount", async () => { | |||
There was a problem hiding this comment.
This test is removed because the ifAdmin modifier for admin() and implementation() are removed due to compilation errors. Those are marked as view functions, but if a non-admin invokes those functions, the modifier could cause a delegate call to the functions with the same name in the implementation contract that may not be read-only (i.e. not view). New versions of Solidity compiler correctly catches this and errors out. Besides there wasn't really a point since those addresses were visible regardless, and the implementation contract should never contain meaningful admin() and implementation() overrides that relies on the modifier to be callable anyway.
This test ensures slot positions are retained post-upgrade by manually checking the use of the slots at expected positions.
petejkim
force-pushed
the
modernize-codebase
branch
from
0c172d2 to
330d9a1
Compare
petejkim
force-pushed
the
modernize-codebase
branch
from
330d9a1 to
abfbe60
Compare
petejkim
force-pushed
the
modernize-codebase
branch
from
8a3beee to
5a3e3b3
Compare
petejkim
force-pushed
the
modernize-codebase
branch
from
5a3e3b3 to
9989702
Compare
petejkim
force-pushed
the
modernize-codebase
branch
from
9989702 to
4c42934
Compare
|
Apologies for all the force-pushes, I was amending commits as I clean up more things. |
| pragma solidity 0.6.8; | ||
|
|
||
| import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; | ||
| import { SafeMath } from "@openzeppelin/contracts/math/SafeMath.sol"; |
There was a problem hiding this comment.
Did you have to switch openzeppelin libraries due to compiler errors? Were there any significant differences for the contracts we use from openzeppelin?
There was a problem hiding this comment.
This was to upgrade to Solidity 0.6. The previous version of OZ was using 0.4. We only use IERC20 which is just an interface and SafeMath for safe uint arithmetic, so no difference other than the language upgrade.
|
|
||
| pragma solidity 0.6.8; | ||
|
|
||
| import { UpgradeabilityProxy } from "./UpgradeabilityProxy.sol"; |
There was a problem hiding this comment.
Why did you copy these 3 proxy related contracts into the source tree instead of using the ones in zos-lib? At a quick glance they look very similar - were there changes you had to make?
There was a problem hiding this comment.
I vendored those files so that I could update the syntax to Solidity 0.6.
There was a problem hiding this comment.
Could you add a github link to the exact version this is copied from? (Also use the commit hash instead of master in the URL)
There was a problem hiding this comment.
There was a problem hiding this comment.
Addressed in 283eca9
contracts/Ownable.sol
Outdated
|
|
||
| /** | ||
| * @title Ownable | ||
| * @dev The Ownable contract from https://github.com/zeppelinos/labs/blob/master/upgradeability_ownership/contracts/ownership/Ownable.sol | ||
| * @dev The Ownable contract from https://github.com/zeppelinos/labs/blob/master/upgradeability_ownership/contracts/ownership/Ownable.sol |
There was a problem hiding this comment.
With the change on 72, this isn't a direct copy anymore. Should update this comment to reflect that. (Also the exact commit hash should be used instead of master for future proofing.)
There was a problem hiding this comment.
I just left the URL untouched. I can have it updated
There was a problem hiding this comment.
Addressed in 283eca9
| * @dev throws if called by any account other than the pauser | ||
| */ | ||
| modifier onlyPauser() { | ||
| require(msg.sender == pauser, "Pausable: caller is not the pauser"); |
There was a problem hiding this comment.
I think this convention of prefixing the error message e.g. Pausable: is redundant, especially as tooling improves. This convention could also be tough to stay consistent with as the number of contracts grows.
There was a problem hiding this comment.
Just following the convention in OpenZeppelin repo for now. Do you suggest we remove the prefix altogether? Many other contracts, such as Uniswap V2 also follow the same convention.
There was a problem hiding this comment.
I think its fine to keep the prefix and match the existing conventions.
| bool _newBool, | ||
| address _newAddress, | ||
| uint256 _newUint | ||
| ) public { |
There was a problem hiding this comment.
Since access permissions aren't locked down, we must ensure upgrades are only invoked through upgradeToAndCall (and not upgradeTo), to prevent an attacker from calling initV2. It may be worth locking this down with an only modifier to be safe.
There was a problem hiding this comment.
This was an existing test, didn't touch it, but I agree.
There was a problem hiding this comment.
I thought about removing removeTo altogether, but turns out that would break a ton of existing tests, and we may want removeTo for upgrades that don't require any initialization. I think the upgrade instructions should be documented very well and be very explicit.
|
|
||
| pragma solidity 0.6.8; | ||
|
|
||
| import { UpgradeabilityProxy } from "./UpgradeabilityProxy.sol"; |
There was a problem hiding this comment.
Could you add a github link to the exact version this is copied from? (Also use the commit hash instead of master in the URL)
| }, | ||
| "repository": { | ||
| "type": "git", | ||
| "url": "git+https://github.com/centrehq/centre-tokens.git" | ||
| }, | ||
| "keywords": [], | ||
| "author": "", | ||
| "license": "ISC", | ||
| "license": "MIT", |
There was a problem hiding this comment.
Why this? They're equivalent, except that ISC removes a couple of words.
There was a problem hiding this comment.
Because the license text in the source files and the LICENSE file is MIT not ISC
| const util = require("util"); | ||
| const abi = require("ethereumjs-abi"); | ||
| const _ = require("lodash"); | ||
| const BN = require("bn.js"); |
There was a problem hiding this comment.
I see a bunch of tests were moved. Is BigNumber -> BN the only difference?
There was a problem hiding this comment.
Diff can be seen here: 7172076#diff-dab0d1598c750386404320ffdffcb4c5
petejkim
force-pushed
the
modernize-codebase
branch
from
bab078a to
283eca9
Compare
Note: Requires Node v12 (LTS)