Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compliance + Test #149

Merged
merged 8 commits into from
Feb 22, 2024
Merged

Compliance + Test #149

merged 8 commits into from
Feb 22, 2024

Conversation

aaronmgdr
Copy link
Member

Description

Adds the @celo/compliance package to ensure commands which transfer tokens do not work with OFAC sanctioned addresses.

Other changes

As transfer commands did not have tests this adds tests for basic case and for non compliant case.

Tested

New Tests.

Related issues

Backwards compatibility

yep

Documentation

n/a

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Feb 21, 2024
edited
Loading

🦋 Changeset detected

Latest commit: aeb6303

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@celo/celocli Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@aaronmgdr aaronmgdr marked this pull request as ready for review February 21, 2024 13:59
@aaronmgdr aaronmgdr requested a review from a team as a code owner February 21, 2024 13:59
@socket-security Socket Security
Copy link

socket-security bot commented Feb 21, 2024
edited
Loading

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@celo/[email protected] None 0 55.1 kB app-tooling

View full report↗︎

arthurgousset
arthurgousset reviewed Feb 21, 2024
View reviewed changes
packages/cli/src/utils/helpers.ts Outdated
Comment on lines 58 to 64
// SANCTIONED_ADDRESSES is so well typed that if you call includes with a string it gives a type error.
// same if you make it a set or use indexOf so concat it with an empty string to give type without needing to ts-ignore
const SANCTIONED_SET = new Set([''].concat(SANCTIONED_ADDRESSES))

export function isSanctioned(address: string) {
return SANCTIONED_SET.has(address)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way to implement this using the recommended API call option, instead of the discouraged NPM import?

My thinking is:

If we use the NPM import option

  1. we will have to release a patch version of the CLI every time a new version of @celo/compliance is released.
  2. users will have to update their CLI installation to the latest version to benefit from the OFAC update.

If we use the API call option:

  1. we won't have to release new versions of the CLI for every OFAC update
  2. users won't have to upgrade their CLI to benefit from the OFAC update (if they are above the minimum version that has the OFAC feature)

One downside from the API call option is that the CLI has to make a network call to fetch the latest addresses from https://celo-org.github.io/compliance/ofac.sanctions.json every time a check is performed. Unless we include caching mechanism, which might be overkill.

What do you think?

Copy link
Member Author

@aaronmgdr aaronmgdr Feb 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah not loving making a call every request . but also not sure how to implement caching. it seems the way to persist something when building a cli is to save a file that seems like way overkill

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in the end i decided we could at least make it so that only 1 request per cli invocation is required by storing the result in memory.

nicolasbrugneaux
nicolasbrugneaux approved these changes Feb 22, 2024
View reviewed changes
Copy link
Contributor

@nicolasbrugneaux nicolasbrugneaux left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall looks good, can't help but wonder if there was a way to remove all .isNotSanctioned(kit.defaultAccount) at a more "root" level, so it applies to all commands but can't think of it right now

@aaronmgdr aaronmgdr merged commit ae51ca8 into master Feb 22, 2024
18 checks passed
@aaronmgdr aaronmgdr deleted the aaronmgdr/comply branch February 22, 2024 12:50
This was referenced Feb 22, 2024
Merged
Merged
@github-actions github-actions bot mentioned this pull request Feb 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arthurgousset arthurgousset arthurgousset left review comments

@nicolasbrugneaux nicolasbrugneaux nicolasbrugneaux approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

celocli ofac enforcement
3 participants
@aaronmgdr @nicolasbrugneaux @arthurgousset