Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve security of the onlyGovernance modifier #3147

Merged
merged 22 commits into from Feb 18, 2022

Conversation

Amxx
Copy link
Collaborator

@Amxx Amxx commented Jan 28, 2022

This addresses a potential issue where a timelock used by a governor having multiple proposers could result in some of these proposers attacking the timelock.

PR Checklist

  • Tests
  • Documentation
  • Changelog entry

Comment on lines 56 to 57
require(_msgSender() == _executor(), "Governor: onlyGovernance");
_governanceCall[msg.data].decrement();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should put this in an internal function to optimize bytecode size.

contracts/governance/Governor.sol Outdated Show resolved Hide resolved
@frangio frangio mentioned this pull request Feb 14, 2022
1 task
contracts/governance/Governor.sol Outdated Show resolved Hide resolved
contracts/governance/Governor.sol Outdated Show resolved Hide resolved
@frangio frangio changed the title Improve security of the onlyGovernance modifier through self-call authorization. Improve security of the onlyGovernance modifier Feb 18, 2022
Copy link
Contributor

@frangio frangio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is good to merge IMO.

@Amxx Amxx merged commit af7ec04 into OpenZeppelin:master Feb 18, 2022
@Amxx Amxx deleted the experimantal/Governor/authorizeRelay branch February 18, 2022 20:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants