-
Notifications
You must be signed in to change notification settings - Fork 11.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add named return parameters and _checkSelector
function to AccessManager
#4624
Add named return parameters and _checkSelector
function to AccessManager
#4624
Conversation
|
if (roleId == PUBLIC_ROLE) { | ||
revert AccessManagerLockedRole(roleId); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note to self and others: this is removed because the public role is not grantable according to the logic of _grantRole
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given that the public role is indeed not grantable, does it make sens to set the grant delay ? IMO it send the wrong signal that you can set a delay, and emit the corresponding event, when you know the delay will never be enforced.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps documentation is fine for the case of granting a delay to the PUBLIC_ROLE, I wouldn't add an extra check for a case that is low likely to happen
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO it send the wrong signal that you can set a delay, and emit the corresponding event, when you know the delay will never be enforced
This is an interesting point, but this is the grant delay for a role that every account automatically has. Observing RoleGrantDelayChanged
for such a role should provide no information. I can't think of any incorrect conclusion someone could draw from this event.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't think of any incorrect conclusion someone could draw from this event.
I can imagine someone thinking that new user (if that means anything) are in the grant role with a delay. For example that when a create a new seedphrase/private key (or when I create a new account smart contract) I'll get in the public group after a delay.
Sure that makes no sens, but I'm pretty sure some people out these will believe that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that in _setRoleAdmin
and _setRoleGuardian
we don't allow setting the admin/guardian for the PUBLIC_ROLE
. I'm not sure why that would be forbiden, but setting the grantDelay would be authorized.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After a sync we agreed to keep the initial PUBLIC_ROLE check in _setGrantDelay
and make no changes to other functions. I'm reverting this change and pushing an update.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, with a minor comment.
What do we do with: openzeppelin-contracts/contracts/governance/extensions/GovernorTimelockAccess.sol Line 195 in 2472e51
|
In
|
In the governor whe should definitelly not revert. We don't know where the proposed call is going. Could be calling a fallback function, or a custom contract that doesn't use 4 bytes selectors. Maybe we should do
|
My opinion is:
|
yes |
In For the case of I'd rather panic as well. |
The operation will not be ignored, as far as I can tell. We would just never ask the AccessManager about that operation, and it would be executed directly on the target. |
Improvements after #4613
The
_checkSelector
function is added to keep consistency of the way the calldata selector is consumed.PR Checklist
npx changeset add
)