-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: privileged subdaos #NTRN-211 #99
Conversation
729347b
to
46c57f5
Compare
) -> Result<(), ContractError> { | ||
match neutron_msg { | ||
NeutronMsg::AddSchedule { | ||
name: _, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can ignore all the variables with ..
} | ||
} | ||
|
||
fn get_allow_all_count(deps: Deps) -> Result<u64, ContractError> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you ever need to count all allow_all? Simple find
seems enough, instead of iterating over all the strategies.
) -> Result<Response, ContractError> { | ||
set_contract_version(deps.storage, CONTRACT_NAME, CONTRACT_VERSION)?; | ||
|
||
if let Strategy::AllowOnly(_) = msg.initial_strategy { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the only AllowAll allowed as initial strategy, why do you ever need the message param at all? Just set AllowAll for initial address.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i see your point, but I don't think that it's worth the effort.
pub struct ProposalExecuteMessageJSON { | ||
#[serde(rename = "@type")] | ||
pub type_field: String, | ||
pub authority: String, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You never use authority field, i think it's unnecessary field
let typed_proposal: ProposalExecuteMessageJSON = | ||
serde_json_wasm::from_str(proposal.message.as_str())?; | ||
|
||
if typed_proposal.type_field.as_str() == "/neutron.cron.MsgUpdateParams" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could use a const for the message type value.
Ok(strategy) => { | ||
if let Strategy::AllowOnly(_) = strategy { | ||
return Err(ContractError::Unauthorized {}); | ||
} | ||
|
||
Ok(()) | ||
} | ||
Err(_) => Err(ContractError::Unauthorized {}), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's a bit easier to read, from my point of view
Ok(strategy) => { | |
if let Strategy::AllowOnly(_) = strategy { | |
return Err(ContractError::Unauthorized {}); | |
} | |
Ok(()) | |
} | |
Err(_) => Err(ContractError::Unauthorized {}), | |
Ok(Strategy::AllowAll) => Ok(()), | |
_ => Err(ContractError::Unauthorized {}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
didn't even know you could do this. thanks
ParamChangePermission(ParamChangePermission), | ||
UpdateParamsPermission(UpdateParamsPermission), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pls add a comment which describes the difference between two sets of permissions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, awaiting rehearsal
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just in case we'll be making small improvements:
Strategy::AllowOnly(permissions) => { | ||
let mut has_permission = false; | ||
for permission in permissions { | ||
if let Permission::CronPermission(cron_permission) = permission { | ||
has_permission = cron_permission.add_schedule | ||
} | ||
} | ||
|
||
has_permission | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we could just return cron_permission.add_schedule
in the if let Permission::CronPermission(cron_permission) = permission
closure similar to has_param_change_permission
. this would
- shorten the code
- make an instant return on matched value (now we continue iterating over permissions even if we've already matched the respective one)
same in has_cron_remove_schedule_permission
…-refactor-privileged-subdaos
…ivileged-subdaos chore: altered strategy store scheme for chain manager (audit fix) #NTRN-251
Overview
This PR implements the privileged SubDAOs design (look up the Privileged SubDAOs RFC in Notion for full details).
neutron-chain-manager
contract,init-neutrond.sh
script to set theneutron-chain-manager
contract as the chain admin: feat: privileged subdaos #NTRN-211 neutron#434,neutronjsplus
to know the difference between the Neutron DAO and the chain admin: feat: privileged subdaos neutronjsplus#23,Important note: this PR implements an example strategy for new style parameter updates (only Cron module). However, changing the parameters of this module is not going to work until the PR to the core repo is merged and we upgrade the mainnet, because, unfortunately, we forgot to allow querying cron module parameters with stargate, and chain manager really needs to query those params. All other functionality will work without upgrading the chain.
Integration tests
neutron-org/neutron-integration-tests#266
Successful test run: https://github.com/neutron-org/neutron-tests/actions/runs/7919615589
Successful test run (post-review 1): https://github.com/neutron-org/neutron-tests/actions/runs/8055334942
cron
module by a subdao (new style parameter updates),globalfee
module by a subdao (old style style parameter updates).Rehearsal scenario
neutron-chain-manager
contract with the ALLOW_ALLinitial_strategy
for the Neutron DAO core contract,MinimumGasPricesParam
),neutron-chain-manager
contract to the list of chain admins and to remove the Neutron DAO contract from the list of chain admins,MinimumGasPricesParam
, then check that the parameter was actually changed.