aragon / osx Goto Github PK

Describe the bug
The final step of DAO creation throws the following error:

Error: call revert exception [ See: https://links.ethers.org/v5-errors-CALL_EXCEPTION ] (method="latestRelease()", data="0x", errorArgs=null, errorName=null, errorSignature=null, reason=null, code=CALL_EXCEPTION, version=abi/5.7.0)
    at E.makeError (index.js:224:23)
    at E.throwError (index.js:233:20)
    at z.decodeFunctionResult (interface.js:345:23)
    at $.<anonymous> (index.js:293:48)
    at Generator.next (<anonymous>)
    at o (index.js:5:58)

*NETWORK UNSUPPORTED

To Reproduce (please complete the following information)

1. Go to https://app.aragon.org/#/create
2. Switch your network to Polygon
3. Attempt to deploy a DAO on Polygon with the following parameters

Network: Mainnet
Blockchain: Polygon
Logo:
Name: Oscar's Aragon DAO
Summary: I'm just doing this as a test

Current behavior

The console throws the following error and a dao is not created

*NETWORK UNSUPPORTED
api-stg.vocdoni.net/v2/accounts/0xEe0861faBEdc0BD4E41fe9fE97E6Cd1c7e4B717a:1 
        
        
       Failed to load resource: the server responded with a status of 404 ()
network.tsx:62 *NETWORK UNSUPPORTED
api-stg.vocdoni.net/v2/accounts/0xEe0861faBEdc0BD4E41fe9fE97E6Cd1c7e4B717a:1 
        
        
       Failed to load resource: the server responded with a status of 404 ()
4createDao.tsx:516 Error: call revert exception [ See: https://links.ethers.org/v5-errors-CALL_EXCEPTION ] (method="latestRelease()", data="0x", errorArgs=null, errorName=null, errorSignature=null, reason=null, code=CALL_EXCEPTION, version=abi/5.7.0)
    at E.makeError (index.js:224:23)
    at E.throwError (index.js:233:20)
    at z.decodeFunctionResult (interface.js:345:23)
    at $.<anonymous> (index.js:293:48)
    at Generator.next (<anonymous>)
    at o (index.js:5:58)

Expected behavior

A DAO creation transaction should be created via my Metamask wallet.

System (please complete the following information):

• OS: [e.g. Windows 11 Pro]
• Software version [Google Chrome Version 120.0.6099.71 (Official Build) (64-bit)]
• Metamask [11.7.0]

Describe the bug
I am getting an error on tokenvotingsetup contract that data size is bigger than allowed
(screenshot below)

To Reproduce (please complete the following information)

• Config and flags: completed the deploy checklist and am deploying to goerli (but have run into this on another custom chain as well)
• Steps to reproduce the behavior:
  yard deploy --network goerli

Current behavior
In depth explanation, if required, or a clear and concise description of what actually happens.

Expected behavior
Contract should deploy

System (please complete the following information):

• OS: Windows 10
• Commit hash a362749

I know this does not align with how issues should be opened.Am participating on ETHSafari hackathon, in Kenya and my blockchain of choice is Aragon. I know it will make it seamless to build. But how do I get a test net? Do I use external tools like Rinkeby or Aragon has one?

Situation

Currently, the ACL is intended to control access on the contract level. It is not intended to control user-level permissions.

https://github.com/aragon/zaragoza/blob/58710cc3677db5b04d2d65c53ca6bb6e147e10a7/packages/contracts/contracts/core/acl/ACL.sol#L34-L37

In this design concept, Components such as WhitelistVoting have to manage the user-level permissions themselves inside the Component contract.
https://github.com/aragon/zaragoza/blob/58710cc3677db5b04d2d65c53ca6bb6e147e10a7/packages/contracts/contracts/votings/whitelist/WhitelistVoting.sol#L49

Remark: In WhitelistVoting, users can vote in either every voting or none at all. To allow for controlling access to single votings or have specific user groups, a more complicated permission management would be needed inside WhitelistVoting.

Problem Description

This design is problematic for several reasons: Permission-management for each component

• is dangerous because the responsibility of coding a secure permission management (the most critical component in a DAO) is shifted to less-experienced component developers
• leads to code duplication
• is wasteful in terms of gas (more state to manage, more function calls to control access)
• confusing and hard to manage (a DAO needs to keep track of the permissions in each component)
• is unintuitive from a developer perspective because one would intuitively think that permission management in a DAO is the job of the DAOs ACL

Requirements

We need to be able to manage access for different actors: contracts, users, or groups (of both)

• contract-specific
  • EXAMPLE: Contract A can call specific functions in contract B
• user-specific
  • EXAMPLE: Alice can call specific functions in contract B
• group-specific (both, contracts and users can belong to a group)
  • EXAMPLE: A member of Group ALPHA can execute specific functions in contract B

The access should be granular down to the level of specific objects managed by the smart contract via object identifiers.

• EXAMPLE: Assume a contract managing a range of objects mapping (uint256 => Object) objects. Alice in group ALPHA can execute function bar(uint256 _id, ...) auth(_id, ALPHA) on object with _id=1 but not _id=2.

Moreover, permissions dynamically depending on contract state would be nice to have.

• dynamic/limited permissions
  • EXAMPLE: Members in the executive committee group can withdraw from the DAO until a certain budget limit is reached.

A general requirement is that the developer-facing functions should be clear and self-explanatory in their usage and naming.

Possible Actions

1. Add the functionality to the core ACL by modifying mapping (bytes32 => address) internal authPermissions; and associated functions to be more generic.
2. Leave the ACL as is, but provide the user-level permission-management functionalities (user groups / roles, dynamic permissions) as a specialized DAO component using the ACLOracle
3. Leave everything as is.

The pdf is unavailable in the url:
https://github.com/aragon/osx/blob/develop/audits/AragonOSx-security-audit-report-halborn.pdf

https://github.com/aragon/core/blob/43c69addb2c2aabcd56cc96d83b4b5841a41cb0e/packages/contracts/contracts/factories/DAOFactory.sol#L64

@nivida @brickpop Why don't we have a defined struct for voting config as we have DAOConfigStruct, TokenConfigStruct or MintConfigStruct?

Just asking because having the structs defined creates the correct typing for ethers library using typechain and can be imported in the SDK.

https://github.com/aragon/core/blob/350977517b23e331e1738c03f937a9ca142eb3b4/packages/contracts/contracts/plugin/PluginManager.sol#L10