feat: implement Indexing Agreements #1134
Conversation
feat: implement Indexing Agreements
🚨 Report Summary
For more details view the full report in OpenZeppelin Code Inspector |
matiasedgeandnode
force-pushed
the
ma/indexing-payments-003
branch
10 times, most recently
from
b0f7e7f to
ae910c4
Compare
matiasedgeandnode
force-pushed
the
ma/indexing-payments-003
branch
from
b53a31a to
d0a4db2
Compare
matiasedgeandnode
force-pushed
the
ma/indexing-payments-003
branch
from
32252c4 to
de6b7a1
Compare
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
matiasedgeandnode
force-pushed
the
ma/indexing-payments-003
branch
from
f4ea27a to
8776a18
Compare
matiasedgeandnode
force-pushed
the
ma/indexing-payments-003
branch
7 times, most recently
from
753442f to
7ba3dd1
Compare
matiasedgeandnode
force-pushed
the
ma/indexing-payments-003
branch
from
65f7f1d to
ef651a6
Compare
packages/subgraph-service/contracts/libraries/IndexingAgreement.sol
Outdated
Show resolved
Hide resolved
packages/horizon/contracts/data-service/utilities/ProvisionManager.sol
Outdated
Show resolved
Hide resolved
packages/horizon/contracts/payments/collectors/RecurringCollector.sol
Outdated
Show resolved
Hide resolved
packages/horizon/contracts/payments/collectors/RecurringCollector.sol
Outdated
Show resolved
Hide resolved
packages/horizon/contracts/payments/collectors/RecurringCollector.sol
Outdated
Show resolved
Hide resolved
packages/horizon/contracts/payments/collectors/RecurringCollector.sol
Outdated
Show resolved
Hide resolved
packages/horizon/contracts/payments/collectors/RecurringCollector.sol
Outdated
Show resolved
Hide resolved
packages/horizon/contracts/payments/collectors/RecurringCollector.sol
Outdated
Show resolved
Hide resolved
| wrapper.collectorAgreement.serviceProvider, | ||
| address(_getSubgraphService()) | ||
| ); | ||
| require(provision.tokens != 0, DisputeManagerZeroTokens()); |
There was a problem hiding this comment.
This check means we can't slash delegators (if delegation slashing is enabled some day) in a case of multiple disputes where the indexer is already fully slashed. So maybe use a different check or check if there's nonzero delegation?
There was a problem hiding this comment.
This condition is also present in _createQueryDisputeWithAttestation and _createIndexingDisputeWithAllocation. Should we fix those instances as well?
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
There was a problem hiding this comment.
It sounds reasonable. I looked at previous audits to see if this was discussed but did not find anything.
Fixed it for Indexing and query fee disputes here: d89440a (#1183)
Going to include it in the fix review OZ is going to do for us.
There was a problem hiding this comment.
I'll port the fix...
There was a problem hiding this comment.
rebase on top of Tommy's fix, port fix to indexing feees and let Trust know about this change.
|
|
||
| import { IndexingAgreement } from "./IndexingAgreement.sol"; | ||
|
|
||
| library UnsafeDecoder { |
There was a problem hiding this comment.
And I'm not sure I see the benefit of implementing these separately from Decoder.sol, is there a size/performance improvement?
There was a problem hiding this comment.
naming could use some improvement. It's "unsafe" in the sense that it reverts with a generic error.
There was a problem hiding this comment.
Decoder and UnsafeDecoder are two separate libs, because:
Decoderis a lib to reduce size in the service.try / catchcan only be used on external function call.- A lib can't call itself externally.
All of these together resulted in the two separate implementations. Maybe there is a better way to do it that I'm missing?
There was a problem hiding this comment.
im confused by this as well, cant we put everything into a Decoder library that has only external functions?
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
There was a problem hiding this comment.
I think the benefit of catching and re throwing is that we can be more descriptive with the error. iirc abi.decode tends to fail with Reverted without reason. I don't mind either approach but I think if we try/catch we could combine both libraries into a single one.
There was a problem hiding this comment.
I believe we can't combine both libraries into one. As I mentioned before try / catch needs to call an external function and a library can't call it's own external functions. I'd prefer to keep the custom errors because the amount of time I spent debugging Reverted without reason dwarfs the added complexity of having two libs. Would be very happy to find a better name for either lib though.
There was a problem hiding this comment.
Find a new name. Decoder is too generic. Unsafe sounds dangerous. Maybe IndexingAgreementDecoder
packages/subgraph-service/contracts/libraries/IndexingAgreement.sol
Outdated
Show resolved
Hide resolved
matiasedgeandnode
force-pushed
the
ma/indexing-payments-003
branch
from
ef651a6 to
aac9682
Compare
matiasedgeandnode
force-pushed
the
ma/indexing-payments-003
branch
from
5ebb424 to
7dee19f
Compare
This comment was marked as resolved.
This comment was marked as resolved.
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
matiasedgeandnode
force-pushed
the
ma/indexing-payments-003
branch
from
6765c56 to
f0d158f
Compare
|
ok, NatSpec added, |
Included in the changes is a markdown file with a TODO
Additional reading: Indexing Payments technical specification v0.1