Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(protocol): fix governor bravo vulnerability #15947

Merged
merged 4 commits into from
Feb 20, 2024
Merged

fix(protocol): fix governor bravo vulnerability #15947

merged 4 commits into from
Feb 20, 2024

Conversation

adaki2004
Copy link
Contributor

@adaki2004 adaki2004 commented Feb 20, 2024
edited
Loading

So one (valid) argument to upgrade contracts to OZ 4.8.3 is the vulnerability described here:
https://github.com/taikoxyz/taiko-mono/security/dependabot/114

But moving to a newer version could be troublesome, as we saw (with breaking changes, not working deployment scripts) so here i'm cherry-picking the v4.8.3 patch.

This way we can still be (safely) compatible with compound.

@adaki2004 adaki2004 changed the title fix(protocol): fix governor bravo vulnerability fix(protocol): fix governor bravo vulnerability v1 Feb 20, 2024
@adaki2004 adaki2004 changed the title fix(protocol): fix governor bravo vulnerability v1 fix(protocol): fix governor bravo vulnerability Feb 20, 2024
@adaki2004
Copy link
Contributor Author

adaki2004 commented Feb 20, 2024
edited
Loading

@dantaik Removing GovernorCompatibilityBravoUpgradeable not advisable - as it implements some functions of IGovernorUpgradeable what GovernorUpgradeable does not implement.. So we would see more headache doing that.

@dantaik dantaik mentioned this pull request Feb 20, 2024
Closed
@adaki2004 adaki2004 requested a review from dantaik February 20, 2024 12:29
@dantaik dantaik enabled auto-merge February 20, 2024 12:36
@dantaik dantaik added this pull request to the merge queue Feb 20, 2024
Merged via the queue into main with commit a631be6 Feb 20, 2024
6 checks passed
@dantaik dantaik deleted the fix_governor_bravo_issue branch February 20, 2024 13:00
@github-actions github-actions bot mentioned this pull request Feb 20, 2024
Merged
@taiko-kitty taiko-kitty mentioned this pull request Mar 1, 2024
Closed
@taiko-kitty taiko-kitty mentioned this pull request Mar 29, 2024
Closed
This was referenced Apr 5, 2024
Closed
Closed
@taiko-kitty taiko-kitty mentioned this pull request Apr 25, 2024
Closed
@taiko-kitty taiko-kitty mentioned this pull request May 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidtaikocha davidtaikocha davidtaikocha approved these changes

@dantaik dantaik dantaik approved these changes

@Brechtpd Brechtpd Awaiting requested review from Brechtpd

@dionysuzx dionysuzx Awaiting requested review from dionysuzx

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adaki2004 @dantaik @davidtaikocha