Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[delta-audit] bonding: Provide votes only for registered Ts and their Ds #625

Merged
merged 8 commits into from
Sep 26, 2023
Merged

[delta-audit] bonding: Provide votes only for registered Ts and their Ds #625

merged 8 commits into from
Sep 26, 2023

Conversation

victorges
Copy link
Member

@victorges victorges commented Sep 19, 2023
edited
Loading

What does this pull request do? Explain your changes. (required)
This fixes another issue from the audit regarding voting power provided to delegators. The specific issue is when a delegator has a bond with an account that is not a "registered transcoder" (delegateAddress == self && bondedAmount > 0).

This can happen when bonding to a random account that is not a transcoder, when the transcoder unbonds or gets slashed 100%. The main problem created from this is that the transcoder would then have 0 voting power, while the delegators would still hold on to their delegated voting power, messing up vote overriding on GovenorCountingOverridable. Even with the #626 fix, there would still be a problem in case bondedAmount == 0 but still delegateAddress == self (can happen in the slash case).

Specific updates (required)

  • Update BondingVotes to not give voting power to delegators to non-transcoders (transcoder defined as self-delegate a non 0 amount)
  • Add tests

How did you test each of these updates (required)
yarn test with pending devnet deploy

Does this pull request close any open issues?
Fixes:

Checklist:

  • README and other documentation updated
  • All tests using yarn test pass

@victorges victorges force-pushed the vg/fix/c4-audit-istranscoder branch 3 times, most recently from 7153787 to 4a9a2fc Compare September 19, 2023 19:30
@victorges victorges changed the title [delta-audit] bonding,treasury: Fix checks for whether an account is a transcoder [PoC][delta-audit] Fix checks for whether an account is a transcoder Sep 20, 2023
@victorges victorges changed the title [PoC][delta-audit] Fix checks for whether an account is a transcoder [delta-audit] bonding: Give votes only to registered transcoders and their delegators Sep 21, 2023
@victorges victorges changed the title [delta-audit] bonding: Give votes only to registered transcoders and their delegators [delta-audit] bonding: Votes only for registered transcoders and their delegators Sep 21, 2023
@victorges victorges changed the title [delta-audit] bonding: Votes only for registered transcoders and their delegators [delta-audit] bonding: Votes only for RegisteredTranscoders and their delegators Sep 21, 2023
@victorges victorges changed the title [delta-audit] bonding: Votes only for RegisteredTranscoders and their delegators [delta-audit] bonding: Votes only for registered Ts and their Ds Sep 21, 2023
@victorges victorges changed the title [delta-audit] bonding: Votes only for registered Ts and their Ds [delta-audit] bonding: Provide votes only for registered Ts and their Ds Sep 21, 2023
@victorges victorges marked this pull request as ready for review September 21, 2023 22:13
@yondonfu yondonfu self-requested a review September 22, 2023 13:10
yondonfu
yondonfu reviewed Sep 22, 2023
View reviewed changes
contracts/bonding/BondingVotes.sol Show resolved Hide resolved
contracts/bonding/BondingVotes.sol Outdated Show resolved Hide resolved
@yondonfu
Copy link
Member

yondonfu commented Sep 22, 2023
edited
Loading

Not sure if this is already addressed elsewhere, but making a note that there is also a conditional in _handleVoteOverrides() of GovernorCountingOverridable that does not implement the complete registered transcoder check. This doesn't seem to cause any issues in that function at the moment given the changes in this PR, but could be a good idea to add some clarifications there. A few options come to mind:

a. Update IVotes.delegatedAt() to return (address, bool) where the bool value indicates whether the delegate is a registered transcoder
b. Update the comments around the referenced conditional explaining why checking if the address == delegate is sufficient + safe despite there not being a complete registered transcoder check since _weight = 0 and _voter.deductions = 0 if the address is not a registered transcoder

EDIT: I think #626 kind of addresses this, but a bit more info with b) might still be helpful for a future reader.

@victorges
Copy link
Member Author

victorges commented Sep 22, 2023
edited
Loading

@yondonfu Regarding not having a full check on _handleVoteOverrides(), honestly I decided to skip it to avoid another call to votes(delegate) when casting a vote, which could significantly increase the gas costs for a delegator to vote. I think the a idea would solve this gas cost issue, tho I think it diverges from IERC5805.delegates so would feel a bit weird (could be a better-named getBondingState() instead then we make a single call?)

My rationale in the new version of the code is:

  • GovernorCountingOverridable expects a single invariant: self-delegating accounts should have a voting power >= than the sum of all its delegators (only requirement for overriding logic to work properly)
    • This is why I also removed any "isTranscoder" terms from there. It only cares about self-delegation now
  • BondingVotes implements that invariant, since when the delegate is self-delegate but has no bondedAmount, everyone gets 0 voting power

So it'd be an "implementation detail" for the IVotes implementation provided. I agree it's very worth to document it on GovernorCountingOverridable tho as it could be confusing. I'll do just that but not change any of the implementation, if you think that's ok. If you have a strong preference for a or some other solution lmk tho!

@JeffCX JeffCX mentioned this pull request Sep 23, 2023
Open
@yondonfu
Copy link
Member

I agree it's very worth to document it on GovernorCountingOverridable tho as it could be confusing. I'll do just that but not change any of the implementation, if you think that's ok

Sounds reasonable.

This was referenced Sep 25, 2023
Closed
Closed
@victorges victorges force-pushed the vg/fix/c4-audit-istranscoder branch 4 times, most recently from 8847356 to f61b348 Compare September 26, 2023 00:57
@victorges
Copy link
Member Author

victorges commented Sep 26, 2023
edited
Loading

Just realized tests are failing after the merge. Brb.

@victorges
Copy link
Member Author

Fixed!

yondonfu
yondonfu requested changes Sep 26, 2023
View reviewed changes
contracts/bonding/BondingVotes.sol Outdated Show resolved Hide resolved
contracts/bonding/BondingVotes.sol Outdated Show resolved Hide resolved
@victorges
Copy link
Member Author

@yondonfu Fixed

@victorges victorges merged commit e1f8b36 into delta Sep 26, 2023
3 checks passed
@victorges victorges deleted the vg/fix/c4-audit-istranscoder branch September 26, 2023 18:50
victorges added a commit that referenced this pull request Sep 27, 2023
@victorges
[delta-audit] bonding: Provide votes only for registered Ts and their…
8ec22f0 
… Ds (#625)

* bonding: Make consistent checks for isTranscoder

* bonding: Add tests for isRegisteredTranscoder logic

* treasury: Improve docs in vote overriding extension

* bonding: Rename getBondingStateAt for accuracy

* bonding: Fix BondingVotes test

* bonding: Fix retval ordering in docs
victorges added a commit that referenced this pull request Oct 11, 2023
@victorges
[delta-audit] bonding: Provide votes only for registered Ts and their…
dd9f1bf 
… Ds (#625)

* bonding: Make consistent checks for isTranscoder

* bonding: Add tests for isRegisteredTranscoder logic

* treasury: Improve docs in vote overriding extension

* bonding: Rename getBondingStateAt for accuracy

* bonding: Fix BondingVotes test

* bonding: Fix retval ordering in docs
victorges added a commit that referenced this pull request Oct 11, 2023
@victorges
[delta-audit] bonding: Provide votes only for registered Ts and their…
c279f34 
… Ds (#625)

* bonding: Make consistent checks for isTranscoder

* bonding: Add tests for isRegisteredTranscoder logic

* treasury: Improve docs in vote overriding extension

* bonding: Rename getBondingStateAt for accuracy

* bonding: Fix BondingVotes test

* bonding: Fix retval ordering in docs
victorges added a commit that referenced this pull request Oct 11, 2023
@victorges
[delta-audit] bonding: Provide votes only for registered Ts and their…
a16c5dc 
… Ds (#625)

* bonding: Make consistent checks for isTranscoder

* bonding: Add tests for isRegisteredTranscoder logic

* treasury: Improve docs in vote overriding extension

* bonding: Rename getBondingStateAt for accuracy

* bonding: Fix BondingVotes test

* bonding: Fix retval ordering in docs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yondonfu yondonfu yondonfu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@victorges @yondonfu