check that diamond storage is untouched after each pr

[zgorizzo69]

best would be to add a gh action to make sure that we haven't messed with the diamond storage

[PhantomCracker]

/start

[ubiquibot]

Skipping /start since the issue is already assigned

[PhantomCracker]

Hello @zgorizzo69 ,
Can you help with something? I have 2 questions:

1. where can i find the diamond storage?
2. is there a backup for diamond storage?

I am thinking of checking the diamond storage before creating a PR and after

[ubiquibot]

Do you have any updates @PhantomCracker? If you would like to release the bounty back to the DevPool, please comment /unassign

[PhantomCracker]

This is work in progress

[0x4007]

Hello @zgorizzo69 , Can you help with something? I have 2 questions:

1. where can i find the diamond storage?
2. is there a backup for diamond storage?

I am thinking of checking the diamond storage before creating a PR and after

Perhaps @rndquu might be able to help with this question.

[PhantomCracker]

Hello @zgorizzo69 , Can you help with something? I have 2 questions:

1. where can i find the diamond storage?
2. is there a backup for diamond storage?

I am thinking of checking the diamond storage before creating a PR and after

Perhaps @rndquu might be able to help with this question.

I did it in another way so we are good now, thank you!

[0x4007]

I just realized that a week to create a single .yml file seems very steep.

I will need to lower the time estimate to a day if the current assignee is unable to complete.

[PhantomCracker]

I will try to finish as fast as possible.

[PhantomCracker]

Need to test a few more things here and I will come back with updated PR

[Arjuna2022]

name: Check Diamond Storage
on:
pull_request:
branches:
- main
jobs:
check_diamond_storage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Check Diamond Storage Hash
run: |
echo "Checking diamond storage hash..."
before_hash=$(sha256sum diamond_storage)
git merge --no-ff main
after_hash=$(sha256sum diamond_storage)
if [ "$before_hash" != "$after_hash" ]; then
echo "Diamond storage has been tampered with!"
else
echo "Diamond storage has not been tampered with."
fi
Hello everyone, i was wondering if this code helps i got here from build box. very inexpericeind so any advice would be kind helpfull.

[ubiquibot]

Available commands

- /assign: Assign the origin sender to the issue automatically.
- /unassign: Unassign the origin sender from the issue automatically.
- /help: List all available commands.
- /payout: Disable automatic payment for the issue.
- /multiplier: Set bounty multiplier (for treasury)
- /allow: Set access control. (Admin Only)
- /wallet: <WALLET_ADDRESS | ENS_NAME>: Register the hunter's wallet address. 
  ex1: /wallet 0xf39fd6e51aad88f6f4ce6ab8827279cfffb92266 
  ex2: /wallet vitalik.eth

@Arjuna2022

[rndquu]

name: Check Diamond Storage on: pull_request: branches: - main jobs: check_diamond_storage: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Check Diamond Storage Hash run: | echo "Checking diamond storage hash..." before_hash=$(sha256sum diamond_storage) git merge --no-ff main after_hash=$(sha256sum diamond_storage) if [ "$before_hash" != "$after_hash" ]; then echo "Diamond storage has been tampered with!" else echo "Diamond storage has not been tampered with." fi Hello everyone, i was wondering if this code helps i got here from build box. very inexpericeind so any advice would be kind helpfull.

this issue is already taken by the other bounty hunter, pls find an issue with no assignee

[0x4007]

name: Check Diamond Storage
on:
pull_request:
branches:

• main
  jobs:
  check_diamond_storage:
  runs-on: ubuntu-latest
  steps:
• uses: actions/checkout@v2
• name: Check Diamond Storage Hash
  run: |
  echo "Checking diamond storage hash..."
  before_hash=$(sha256sum diamond_storage)
  git merge --no-ff main
  after_hash=$(sha256sum diamond_storage)
  if [ "$before_hash" != "$after_hash" ]; then
  echo "Diamond storage has been tampered with!"
  else
  echo "Diamond storage has not been tampered with."
  fi
  Hello everyone, i was wondering if this code helps i got here from build box. very inexpericeind so any advice would be kind helpfull.

I think that a fully GitHub Action implementation makes a lot more sense actually vs what we have going on in the associated pull request. I'm just unsure if it makes sense to throw an error on CI if changes happen. I don't think the pull request reviewers should be expected to manually check the CI logs every time before merging.

[PhantomCracker]

Hei @pavlovcik,
I can throw an error if changes happen if this is required.
Regarding github action or script, it will be a long action if we write everything there and it will be harder to read.
Like this, we use best practices for this type of issue/feature.

[0x4007]

It might be best to post a comment in the pull request so that we don't need to dig through the CI logs, similar to what we do already for the deployments.

[rndquu]

This issue is really tricky

We have a diamond contract which includes all the facets.

Each facet has a struct (example) which is used as a storage in a unique slot (example).

So on each PR we should check that:

• state variables in storage structs are not modified
• now new state variables are added in the beginning or middle of storage structs (we can add new state variables only to the end of a storage struct in order not to allow a storage collision)
• check that the same rules are also applied to the AppStorage (which occupies slot 0 in all of the facets)
• make sure that newly added facets are also checked accordingly

So there should be a script that fetches storage layouts from all of the facets (perhaps via forge inspect) and compares the structure in the PR with the structure in the development branch

[ubiquibot]

Releasing the bounty back to dev pool because the allocated duration already ended!
Last activity time: Fri Jun 16 2023 06:57:46 GMT+0000 (Coordinated Universal Time)

[PhantomCracker]

/start

[gitcoindev]

Thanks @rndquu @molecula451 @pavlovcik this was a significant effort not only for me but also for you, checking, testing and commenting took a lot of time.

Now it seems that the bot was overwhelmed by all of this, seeing this number of comments and did not trigger any comment nor triggered any incentives . I hope we can get this fixed and make the bot generate all incentives correctly.

[0x4007]

We are texting in the group chat about it now t.me/ubiquitydao

Please know that this is a priority for us to address this

We are scrambling for a fix now

Thanks for your contributions and your patience.

[ubiquibot]

Permit generation skipped because wallet private key is not set

If you enjoy the DevPool experience, please follow Ubiquity on GitHub and star this repo to show your support. It helps a lot!

[ubiquibot]

Task Assignee Reward

[ CLAIM 800 WXDAI ]

0x7e92476D...A5566653a

If you've enjoyed your experience in the DevPool, we'd appreciate your support. Follow Ubiquity on GitHub and star this repo. Your endorsement means the world to us and helps us grow!

We are excited to announce that the DevPool and UbiquiBot are now available to partners! Our ideal collaborators are globally distributed crypto-native organizations, who actively work on open source on GitHub, and excel in research & development. If you can introduce us to the repository maintainers in these types of companies, we have a special bonus in store for you!

[ubiquibot]

Task Creator Reward

zgorizzo69: [ CLAIM 5.7 WXDAI ]

[gitcoindev]

Thanks @rndquu ! I guess the same approach can be used with #775

[molecula451]

also looks like it missed lot of the conversational rewars, looks like couldn't handle many commenting?. Would be nice see it re-triggered @rndquu

[PhantomCracker]

Congratulations @gitcoindev for finishing this issue! Pretty hard one :)

[rndquu]

also looks like it missed lot of the conversational rewars, looks like couldn't handle many commenting?. Would be nice see it re-triggered @rndquu

We will re-trigger when the bot is switched back to the main prod branch. Right now the bot's prod deployment is on a commit without proper conversation rewards.

[molecula451]

@rndquu i think we should try to re-trigger conversational rewards here, i think the bot is reacting to those on your calls, there were helpful comment here to reach the goal (which after a couple of days) the PR was nice

[rndquu]

@rndquu i think we should try to re-trigger conversational rewards here, i think the bot is reacting to those on your calls, there were helpful comment here to reach the goal (which after a couple of days) the PR was nice

I don't really want to re-trigger anything because rewards generation is kind of unpredicted right now. Let's wait for a stable bot's release.