L2 Governance

[shahthepro]

If you made a contract change, make sure to complete the checklist below before merging it in master.

Refer to our documentation for more details about contract security best practices.

Contract change checklist:

• Code reviewed by 2 reviewers.
• Copy & paste code review security checklist below this checklist.
• Unit tests pass
• Slither tests pass with no warning
• Echidna tests pass if PR includes changes to OUSD contract (not automated, run manually on local)

[github-actions]

	Warnings
⚠️	👀 This PR needs at least 2 reviewers

Generated by 🚫 dangerJS against edf9614

[codecov]

Codecov Report

Attention: Patch coverage is 71.18644% with 51 lines in your changes are missing coverage. Please review.

Project coverage is 61.55%. Comparing base (e62e925) to head (1805822).

❗ Current head 1805822 differs from pull request most recent head edf9614. Consider uploading reports for the commit edf9614 to get more accurate results

Files	Patch %	Lines
...contracts/governance/MainnetGovernanceExecutor.sol	26.00%	37 Missing ⚠️
contracts/contracts/governance/L2Governance.sol	88.88%	13 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1991      +/-   ##
==========================================
- Coverage   61.86%   61.55%   -0.31%     
==========================================
  Files          58       59       +1     
  Lines        2916     3015      +99     
  Branches      758      777      +19     
==========================================
+ Hits         1804     1856      +52     
- Misses       1109     1155      +46     
- Partials        3        4       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pandadefi]

Proposals have a value field. If the field is meant to be used, some ETH needs to be transferred to the controller. The TimelockController has the default receive() external payable {}; ETH could be transferred to the TimelockController before execution, or ETH needs to be transferred on this call. I want to ensure that not sending ETH here is the intended behavior.

[shahthepro]

This is an oversight on my part, We so far never had any proposal that needed a value to be set. But it's good to have it working. Will update the code

[shahthepro]

Have made the execute method payable and to forward the msg.value to the TimelockController

[pandadefi]

Is this necessary since you also have queueL2Proposal and cancelL2Proposal and for now L2Governance only accepts these two message types?

[shahthepro]

I assume you mean the sendCommandToL2 and not this internal function? I can get rid of that, yeah

[pandadefi]

Yes, commented at the wrong place.

[shahthepro]

Have removed that sendCommandToL2. Also, removed the InvalidGovernanceCommand check and error since those are not user-input now

[pandadefi]

It might be advisable to verify the status of the Chainlink bridge it might be cursed and not processing messages see here.

This step may not be essential and can only be an issue in a rare case where a proposal already queued must be canceled and is about to be executable.

[shahthepro]

Will do. However, even if a CANCEL_PROPOSAL_COMMAND is sent by a compromised bridge, it'll not be immediately executable, since it has to go through the timelock

[pandadefi]

The operation is immediately canceled on a cancel call.
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/governance/TimelockController.sol#L334-L344

[shahthepro]

Ah, you're right. My bad, I got confused

[shahthepro]

This is done. execute and _ccipRecieve both now check if the Chainlink's ARM contract has cursed set

[pandadefi]

You might want to add a view function that returns the result of getFee to query before sending a command to make sure you have enough ETH in the contract for execution.

[shahthepro]

Have added a getCCIPFees method that takes the same params as _sendCommandToL2 but returns the fee amount