You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Wanna confirm the expected behaviour for access control and benefactor / beneficiary address changes.
The updateBenefactor() / updateBeneficiary() can only be called by BENEFACTOR_OWNER_ROLE / BENEFICIARY_OWNER_ROLE respectively, but this strictly updates the benefactor / beneficiary variables. Access control updates: revoking the OWNER and TERMINATOR roles of the old address, and granting them to the new one, is handled by the public grantRole() / revokeRole() / renounceRole() methods. (edited)
For (4), the concern I have is operational: when there's a change to BENEFICIARY / BENEFACTOR by either party, might miss revoking the old and / or granting the new either the BENEFACTOR_OWNER_ROLE / BENEFICIARY_OWNER_ROLE and TERMINATOR roles. Also, it takes another step from the multisig to execute, so there's a bit of a delay.
For (4), the concern I have is operational: when there's a change to BENEFICIARY / BENEFACTOR by either party, might miss revoking the old and / or granting the new either the BENEFACTOR_OWNER_ROLE / BENEFICIARY_OWNER_ROLE and TERMINATOR roles. Also, it takes another step from the multisig to execute, so there's a bit of a delay.
I see your concern. Good callout. I'll add a comment for these methods specifically calling out the 2-tx flow necessary to using these methods correctly.
I think that we will live with the known operational complexity to avoid adding contract-change scope at this point.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR incorporates feedback from the second smart contract escrow audit conducted by spearbit:
--- FROM SPEARBIT ---
Redundant contractTerminated check, will be checked in release()
https://github.com/base-org/contracts/blob/b49add823005826521b5b8d8cf8a7a292420f0bd/src/smart-escrow/SmartEscrow.sol#L186
https://github.com/base-org/contracts/blob/b49add823005826521b5b8d8cf8a7a292420f0bd/src/smart-escrow/SmartEscrow.sol#L155-L157
if (_start >= _end) revert StartTimeAfterEndTime(_start, _end);
Technically redundant as it will be covered by the checks:
if (_cliffStart < _start) and if (_cliffStart >= _end)
which enforces _start <= _cliffStart < end
https://github.com/base-org/contracts/blob/b49add823005826521b5b8d8cf8a7a292420f0bd/src/smart-escrow/SmartEscrow.sol#L160-L165
Likewise, the check below is technically redundant
if ((_end - _start) < _vestingPeriodSeconds) {
revert VestingPeriodExceedsContractDuration(_vestingPeriodSeconds);
}
because it will be covered by this check:
if ((_end - _start) % _vestingPeriodSeconds != 0)
Wanna confirm the expected behaviour for access control and benefactor / beneficiary address changes.
The updateBenefactor() / updateBeneficiary() can only be called by BENEFACTOR_OWNER_ROLE / BENEFICIARY_OWNER_ROLE respectively, but this strictly updates the benefactor / beneficiary variables. Access control updates: revoking the OWNER and TERMINATOR roles of the old address, and granting them to the new one, is handled by the public grantRole() / revokeRole() / renounceRole() methods. (edited)