From b57ebb95565c0d8a02b6b8576c73f17e2f48bbd0 Mon Sep 17 00:00:00 2001 From: zkbenny Date: Wed, 19 Jun 2024 13:58:32 +0800 Subject: [PATCH 1/7] fix cvf-2 --- contracts/interfaces/IERC20MergeToken.sol | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contracts/interfaces/IERC20MergeToken.sol b/contracts/interfaces/IERC20MergeToken.sol index f4e105a..1d58739 100644 --- a/contracts/interfaces/IERC20MergeToken.sol +++ b/contracts/interfaces/IERC20MergeToken.sol @@ -3,8 +3,10 @@ pragma solidity 0.8.23; interface IERC20MergeToken { /// @notice Mint merge token + /// @dev The caller must be the portal contract function mint(address _receiver, uint256 _amount) external; /// @notice Burn merge token + /// @dev The caller must be the portal contract function burn(address _from, uint256 _amount) external; } From bb04f08df2f8b8a2e19923ad9715fe261146215f Mon Sep 17 00:00:00 2001 From: zkbenny Date: Wed, 19 Jun 2024 14:37:42 +0800 Subject: [PATCH 2/7] fix cvf-26 --- contracts/merge/MergeTokenPortal.sol | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contracts/merge/MergeTokenPortal.sol b/contracts/merge/MergeTokenPortal.sol index 97a0cc0..aa21cb5 100644 --- a/contracts/merge/MergeTokenPortal.sol +++ b/contracts/merge/MergeTokenPortal.sol @@ -110,10 +110,10 @@ contract MergeTokenPortal is IMergeTokenPortal, UUPSUpgradeable, OwnableUpgradea /// @notice Add source token function addSourceToken(address _sourceToken, address _mergeToken, uint256 _depositLimit) external onlyOwner { + require(_sourceToken != address(0) && _mergeToken != address(0), "Invalid token address"); bool isSupported = sourceTokenInfoMap[_sourceToken].isSupported; require(!isSupported, "Source token is already supported"); require(!isMergeTokenSupported[_mergeToken][_sourceToken], "Merge token is already supported"); - require(_sourceToken != address(0) && _mergeToken != address(0), "Invalid token address"); require(_sourceToken != _mergeToken, "Should not Match"); uint8 _sourceTokenDecimals = IERC20MetadataUpgradeable(_sourceToken).decimals(); uint8 _mergeTokenDecimals = IERC20MetadataUpgradeable(_mergeToken).decimals(); From ae192f465ec2d147a9beb0e964975dbab3fa1a46 Mon Sep 17 00:00:00 2001 From: zkbenny Date: Wed, 19 Jun 2024 14:40:05 +0800 Subject: [PATCH 3/7] fix cvf-27 --- contracts/merge/MergeTokenPortal.sol | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/contracts/merge/MergeTokenPortal.sol b/contracts/merge/MergeTokenPortal.sol index aa21cb5..ba6e18d 100644 --- a/contracts/merge/MergeTokenPortal.sol +++ b/contracts/merge/MergeTokenPortal.sol @@ -150,9 +150,11 @@ contract MergeTokenPortal is IMergeTokenPortal, UUPSUpgradeable, OwnableUpgradea SourceTokenInfo storage tokenInfo = sourceTokenInfoMap[_sourceToken]; require(tokenInfo.isSupported, "Source token is not supported"); - tokenInfo.isLocked = _isLocked; + if (tokenInfo.isLocked != _isLocked) { + tokenInfo.isLocked = _isLocked; - emit SourceTokenStatusUpdated(_sourceToken, _isLocked); + emit SourceTokenStatusUpdated(_sourceToken, _isLocked); + } } /// @notice Set deposit limit @@ -161,9 +163,11 @@ contract MergeTokenPortal is IMergeTokenPortal, UUPSUpgradeable, OwnableUpgradea require(tokenInfo.isSupported, "Source token is not supported"); require(_limit >= tokenInfo.balance, "Invalid Specification"); - tokenInfo.depositLimit = _limit; + if (tokenInfo.depositLimit != _limit) { + tokenInfo.depositLimit = _limit; - emit DepositLimitUpdated(_sourceToken, _limit); + emit DepositLimitUpdated(_sourceToken, _limit); + } } /// @notice Grant security council role From e01340eb8c76628c34fad369735813d385cc044f Mon Sep 17 00:00:00 2001 From: zkbenny Date: Wed, 19 Jun 2024 14:41:27 +0800 Subject: [PATCH 4/7] fix cvf-28 --- contracts/interfaces/IERC20MergeToken.sol | 2 +- contracts/interfaces/IMergeTokenPortal.sol | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contracts/interfaces/IERC20MergeToken.sol b/contracts/interfaces/IERC20MergeToken.sol index 1d58739..09b7a58 100644 --- a/contracts/interfaces/IERC20MergeToken.sol +++ b/contracts/interfaces/IERC20MergeToken.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: MIT -pragma solidity 0.8.23; +pragma solidity ^0.8.0; interface IERC20MergeToken { /// @notice Mint merge token diff --git a/contracts/interfaces/IMergeTokenPortal.sol b/contracts/interfaces/IMergeTokenPortal.sol index 318b297..e52b5e0 100644 --- a/contracts/interfaces/IMergeTokenPortal.sol +++ b/contracts/interfaces/IMergeTokenPortal.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: MIT -pragma solidity 0.8.23; +pragma solidity ^0.8.0; interface IMergeTokenPortal { event DepositToMerge( From 3da3d141d39ce76f57062902d611ab669e8db818 Mon Sep 17 00:00:00 2001 From: zkbenny Date: Wed, 19 Jun 2024 14:43:08 +0800 Subject: [PATCH 5/7] fix cvf-36 --- contracts/governance/IGovernance.sol | 4 ---- 1 file changed, 4 deletions(-) diff --git a/contracts/governance/IGovernance.sol b/contracts/governance/IGovernance.sol index 0d02ae3..3dff46c 100644 --- a/contracts/governance/IGovernance.sol +++ b/contracts/governance/IGovernance.sol @@ -47,14 +47,10 @@ interface IGovernance { function scheduleTransparent(Operation calldata _operation, uint256 _delay) external; - // function scheduleShadow(bytes32 _id, uint256 _delay) external; - function cancel(bytes32 _id) external; function execute(Operation calldata _operation) external payable; - // function executeInstant(Operation calldata _operation) external payable; - function hashOperation(Operation calldata _operation) external pure returns (bytes32); function updateDelay(uint256 _newDelay) external; From 111ff57c63bf537b5250f32dc6a4104b757a3d63 Mon Sep 17 00:00:00 2001 From: zkbenny Date: Wed, 19 Jun 2024 14:44:29 +0800 Subject: [PATCH 6/7] fix cvf-38 --- contracts/governance/IGovernance.sol | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contracts/governance/IGovernance.sol b/contracts/governance/IGovernance.sol index 3dff46c..e77e7c9 100644 --- a/contracts/governance/IGovernance.sol +++ b/contracts/governance/IGovernance.sol @@ -67,7 +67,7 @@ interface IGovernance { event OperationExecuted(bytes32 indexed _id); /// @notice Emitted when the security council address is changed. - event ChangeSecurityCouncil(address _securityCouncilBefore, address _securityCouncilAfter); + event ChangeSecurityCouncil(address indexed _securityCouncilBefore, address indexed _securityCouncilAfter); /// @notice Emitted when the minimum delay for future operations is modified. event ChangeMinDelay(uint256 _delayBefore, uint256 _delayAfter); From 7c9d4059fd783689bef0efaa26a24064c36e301c Mon Sep 17 00:00:00 2001 From: zkbenny Date: Wed, 19 Jun 2024 14:45:49 +0800 Subject: [PATCH 7/7] fix cvf-41 --- contracts/governance/Governance.sol | 31 ----------------------------- 1 file changed, 31 deletions(-) diff --git a/contracts/governance/Governance.sol b/contracts/governance/Governance.sol index 0c011b4..40e2a5c 100644 --- a/contracts/governance/Governance.sol +++ b/contracts/governance/Governance.sol @@ -132,18 +132,6 @@ contract Governance is IGovernance, Ownable2Step { emit TransparentOperationScheduled(id, _delay, _operation); } - /// @notice Propose "shadow" upgrade, upgrade data is not publishing on-chain. - /// @notice The owner will be able to execute the proposal either: - /// - With a `delay` timelock on its own. - /// - With security council instantly. - /// @dev Only the current owner can propose an upgrade. - /// @param _id The operation hash (see `hashOperation` function) - /// @param _delay The delay time (in seconds) after which the proposed upgrade may be executed by the owner. - // function scheduleShadow(bytes32 _id, uint256 _delay) external onlyOwner { - // _schedule(_id, _delay); - // emit ShadowOperationScheduled(_id, _delay); - // } - /*////////////////////////////////////////////////////////////// CANCELING CALLS //////////////////////////////////////////////////////////////*/ @@ -180,25 +168,6 @@ contract Governance is IGovernance, Ownable2Step { emit OperationExecuted(id); } - /// @notice Executes the scheduled operation with the security council instantly. - /// @dev Only the security council may execute an operation instantly. - /// @param _operation The operation parameters will be executed with the upgrade. - // function executeInstant(Operation calldata _operation) external payable onlySecurityCouncil { - // bytes32 id = hashOperation(_operation); - // // Check if the predecessor operation is completed. - // _checkPredecessorDone(_operation.predecessor); - // // Ensure that the operation is in a pending state before proceeding. - // require(isOperationPending(id), "Operation must be pending before execution"); - // // Execute operation. - // _execute(_operation.calls); - // // Reconfirming that the operation is still pending before execution. - // // This is needed to avoid unexpected reentrancy attacks of re-executing the same operation. - // require(isOperationPending(id), "Operation must be pending after execution"); - // // Set operation to be done - // timestamps[id] = EXECUTED_PROPOSAL_TIMESTAMP; - // emit OperationExecuted(id); - // } - /// @dev Returns the identifier of an operation. /// @param _operation The operation object to compute the identifier for. function hashOperation(Operation calldata _operation) public pure returns (bytes32) {