GEN-2786: sunset script #365
Conversation
fedealconada
force-pushed
the
GEN-2786-sunset
branch
from
8e05207 to
0ef4011
Compare
Codecov Report
@@ Coverage Diff @@
## dev #365 +/- ##
=======================================
Coverage 67.28% 67.28%
=======================================
Files 43 43
Lines 1137 1137
Branches 214 214
=======================================
Hits 765 765
Misses 285 285
Partials 87 87 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
| const calculateChecksum = batchFile => { | ||
| const serialized = serializeJSONObject({ | ||
| ...batchFile, | ||
| meta: { ...batchFile.meta, name: null }, |
There was a problem hiding this comment.
why does the name have to be set as null?
There was a problem hiding this comment.
it was just a copy paste to be honest
| (tx.type === "create" || tx.type === "create2") && | ||
| tx.contractAddress !== address, | ||
| ) | ||
| .map(async tx => { |
There was a problem hiding this comment.
tiny nit: doesn't need to be async if we're not using getContractName
| if (Object.values(SENSE_ADMIN_ADDRESSES).includes((await contract.rewardsRecipient()).toLowerCase())) { | ||
| // some contracts were never changed to be trusted by the multisig and remained trusted by the deployer | ||
| if (!(await contract.isTrusted(SENSE_ADMIN_ADDRESSES.multisig))) { | ||
| contract = contract.connect(deployerSigner); |
There was a problem hiding this comment.
It seems like we update the connected contract address, but then it's never used (due to the if else)
|
|
||
| await contract.setIsTrusted(address, false, { gasPrice: boostedGasPrice() }).then(t => t.wait()); | ||
|
|
||
| if (address.toLowerCase() === SENSE_ADMIN_ADDRESSES.multisig.toLowerCase()) { |
There was a problem hiding this comment.
So this will only trigger if address is the SENSE_ADMIN_ADDRESSES, and the address list does include the deployer, right? Since line 188 will continue if the address list doesn't include the deployer.
I might be reading it wrong, but i'd expect this to trigger only if the address list doesn't include the deployer, since otherwise we don't need to use multisig, right?
There was a problem hiding this comment.
i think this was a bit "complex" the way it as. I've simplified it by addin logic to the getTrustedAddresses() so it now returns the trusted addresses array but placing the multisig and deployer (if they are trusted) at the end of the array. If both are trusted, deployer address must be the last one. So, then, when iterating over it, we leave the corresponding deployer to remove trust to itself in last place.
|
|
||
| for (const address of trusted.sense) { | ||
| if (includesDeployer && address === SENSE_ADMIN_ADDRESSES.deployer.toLowerCase()) continue; | ||
| if (!includesDeployer && address === SENSE_ADMIN_ADDRESSES.multisig.toLowerCase()) continue; |
There was a problem hiding this comment.
does address need to be toLowerCase like line 192
There was a problem hiding this comment.
i've polished all the toLowerCase()
| .setIsTrusted(SENSE_ADMIN_ADDRESSES.deployer, false, { gasPrice: boostedGasPrice() }) | ||
| .then(t => t.wait()); | ||
| } else { | ||
| await contract |
There was a problem hiding this comment.
Just to make sure I understand – this will fail on mainnet, right? Since we can't use the multisig signer. But we run it on hardhat and get the multisig txs list there? And do we also run this script on mainnet to get the deployer txs out
There was a problem hiding this comment.
haha, good call, i've just fixed it so we can run it on mainnet (for the deployer ones and skipping the multisig ones)
There was a problem hiding this comment.
Two high-level items that may make sense:
-
Add test scripts to confirm the action results.
-
Separate the remove rewards recipient step and the remove trust step, that way we can remove the recipients, confirm they are removed, and then remove the trust separately. I think it's quite unlikely, but maybe if there were an error in removing the reward recipient, but we remove the trust anyway, the reward recipient it could be stuck.
| "setPermissionless", | ||
| divider.interface.encodeFunctionData("setPermissionless", [true]), | ||
| ), | ||
| ); |
There was a problem hiding this comment.
Does this call it both directly here and add to the multi-sig tx array? Seems like it's one or the other in the other scenarios.
There was a problem hiding this comment.
not sure i follow you, the divider is trusted by multisig, so we need to execute this function from it by adding it to the batch
There was a problem hiding this comment.
My confusion is on line 53 - where the divider is called directly, before adding it to the multi-sig txs. Is that only intended for the instance when we are running this on a fork?
There was a problem hiding this comment.
ohh, yes yes, it was only to test on fork, i've already included the changes to skip if run on mainnet (otherwise it would fail)
|
Also @fedealconada since you're off wed – once you've addressed these comments and are happy with it, feel free to start running the script and generating the multisig json :) (since looks like we have a resolution on what to do w the RLVs in #ops-internal ~) |
good point, it's always good to be safe. just a q: you are saying we run the batch of txs on Gnosis, then sort of run a sanitiy check to ensure everything is right, and then prepare another batch of txs for the trust removal? i've now added (2) and also sanity checks but still generating one batch tx with everything in it. |
you mean i should already run the script to do the |
Yes! Oh, yea I think kenton just meant that we would announce on friday, and he was wanting to get your help before you went on PTO. But! If you'll be able to execute any day it's all good! |
nah, i can run it today then, will do and let you know! |
yes - run a batch to remove reward recipients, sanity check, run a batch to remove trust |
Motivation
Sunset V1
Solution
The script gets all the contracts we've ever deployed from Sense's admin addresses and:
ExtractableReward.solTrust.solContracts with the deployer address trusted don't need to be executed via multisig.
For all the rest of the transactions, the script will output a JSON file with all the txs and its data to execute them using the Gnosis Transaction Builder (batched).