Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: govDAO: Use GetOrigCaller() to be able to run proposals using MsgRun #2556

Merged
merged 2 commits into from
Jul 9, 2024
Merged

fix: govDAO: Use GetOrigCaller() to be able to run proposals using MsgRun #2556

merged 2 commits into from
Jul 9, 2024

Conversation

ajnavarro
Copy link
Contributor

@ajnavarro ajnavarro commented Jul 9, 2024
edited
Loading

Fixed that and also improve details rendering adding an extra space.

@ajnavarro ajnavarro requested review from a team as code owners July 9, 2024 13:46
@ajnavarro ajnavarro requested review from deelawn and thehowl and removed request for a team July 9, 2024 13:46
@github-actions github-actions bot added the 🧾 package/realm Tag used for new Realms or Packages. label Jul 9, 2024
@ajnavarro ajnavarro requested review from zivkovicmilos and removed request for a team, deelawn and thehowl July 9, 2024 13:46
thehowl
thehowl previously requested changes Jul 9, 2024
View reviewed changes
Copy link
Member

@thehowl thehowl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

using getorigcaller here means that a malicious contract in the middle can perform actions on the DAO on behalf of the OrigCaller

we are, in fact, considering removing GetOrigCaller entirely

if the issue we're trying to tackle is using MsgRun with a closure, we should fix that one instead

@ajnavarro ajnavarro force-pushed the dev/ajnavarro/feature/govDAO-hotfix branch from 3b412e4 to cf28bc5 Compare July 9, 2024 15:07
@ajnavarro
fix: Markdowns were not generating correct links.
9d0a13c 
Fixed that and also improve details rendering adding an extra space.

Signed-off-by: Antonio Navarro Perez <[email protected]>
@ajnavarro ajnavarro force-pushed the dev/ajnavarro/feature/govDAO-hotfix branch from cf28bc5 to 9d0a13c Compare July 9, 2024 15:08
@ajnavarro ajnavarro changed the title fix: Use GetOrigCaller() to assert membership fix: Markdowns were not generating correct links. Jul 9, 2024
@ajnavarro ajnavarro requested a review from thehowl July 9, 2024 15:09
@ajnavarro
Copy link
Contributor Author

ajnavarro commented Jul 9, 2024
edited
Loading

@thehowl Got it, thanks for the heads up. Removed the GetOrigCaller(), left the other markdown changes.

Going back to using GetOrigCaller(). Added a warning to change when MsgRun can persist the code that is going out of the main function scope.

@ajnavarro ajnavarro changed the title fix: Markdowns were not generating correct links. fix: govDAO: Markdowns were not generating correct links. Jul 9, 2024
@ajnavarro
Add back GetOrigCaller()
084b82a 
Signed-off-by: Antonio Navarro Perez <[email protected]>
@ajnavarro ajnavarro changed the title fix: govDAO: Markdowns were not generating correct links. fix: govDAO: Use GetOrigCaller() to be able to run proposals using MsgRun Jul 9, 2024
@zivkovicmilos zivkovicmilos dismissed thehowl’s stale review July 9, 2024 17:03

We discussed internally, and the change is alright as a patch. Dismissing so we can merge quickly 🙏

@zivkovicmilos zivkovicmilos merged commit a7fd05b into master Jul 9, 2024
10 checks passed
@zivkovicmilos zivkovicmilos deleted the dev/ajnavarro/feature/govDAO-hotfix branch July 9, 2024 17:04
gfanton pushed a commit to gfanton/gno that referenced this pull request Jul 23, 2024
@ajnavarro @gfanton
fix: govDAO: Use GetOrigCaller() to be able to run proposals using Ms…
2872263 
…gRun (gnolang#2556)

Fixed that and also improve details rendering adding an extra space.

---------

Signed-off-by: Antonio Navarro Perez <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zivkovicmilos zivkovicmilos zivkovicmilos approved these changes

@thehowl thehowl Awaiting requested review from thehowl

Assignees

@ajnavarro ajnavarro

Labels
🧾 package/realm Tag used for new Realms or Packages.
Projects
💪 Bounties & Worx
Status: Done
🧙‍♂️gno.land core team
Archived in project
Milestone
🏗4️⃣ test4.gno.land
Development

Successfully merging this pull request may close these issues.
3 participants
@ajnavarro @thehowl @zivkovicmilos