feat: Extended PM with permission owner and delegation capabilities

packages/contracts/hardhat.config.ts

@@ -12,13 +12,16 @@ import '@openzeppelin/hardhat-upgrades';
 import * as dotenv from 'dotenv';
 import 'hardhat-deploy';
 import 'hardhat-gas-reporter';
-import {extendEnvironment, HardhatUserConfig} from 'hardhat/config';
+import {extendEnvironment, HardhatUserConfig, task} from 'hardhat/config';
 import type {NetworkUserConfig} from 'hardhat/types';
 import 'solidity-coverage';
 import 'solidity-docgen';
+import util from 'util';
 
 dotenv.config();
 
+const exec = util.promisify(require('child_process').exec);
+
 const ETH_KEY = process.env.ETH_KEY;
 const accounts = ETH_KEY ? ETH_KEY.split(',') : [];
 
@@ -53,6 +56,15 @@ extendEnvironment(hre => {
   hre.testingFork = testingFork;
 });
 
+// Needed to override and extend in order to make coverage work with typechain
+// Without this, it doesn't generate typechains the way we want with custom scripts.
+task('coverage').setAction(async (args, hre, runSuper) => {
+  await exec('yarn typechain:osx');
+  await exec('yarn typechain:osx-versions');
+
+  await runSuper();
+});
+
 const ENABLE_DEPLOY_TEST = process.env.TEST_UPDATE_DEPLOY_SCRIPT !== undefined;
 
 console.log('Is deploy test is enabled: ', ENABLE_DEPLOY_TEST);

packages/contracts/scripts/generate-typechain-osx.ts

@@ -28,7 +28,12 @@ async function generateTypechain(): Promise<void> {
     }
 
     const dirPath = path.dirname(filePath);
-    if (!excludedDirs.has(dirPath)) {
+
+    // Only arrange the contracts' paths in the current 
+    // directory without previous versions.
+    const containsPrefix = Array.from(excludedDirs).some(prefix => dirPath.startsWith(prefix));
+
+    if (!containsPrefix) {
       jsonFiles.push(filePath);
     }
   });

packages/contracts/src/core/dao/DAO.sol

@@ -18,6 +18,7 @@ import {ProtocolVersion} from "@aragon/osx-commons-contracts/src/utils/versionin
 import {VersionComparisonLib} from "@aragon/osx-commons-contracts/src/utils/versioning/VersionComparisonLib.sol";
 import {hasBit, flipBit} from "@aragon/osx-commons-contracts/src/utils/math/BitMap.sol";
 import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
+import {IExecutor, Action} from "@aragon/osx-commons-contracts/src/executors/IExecutor.sol";
 
 import {PermissionManager} from "../permission/PermissionManager.sol";
 import {CallbackHandler} from "../utils/CallbackHandler.sol";
@@ -28,12 +29,14 @@ import {IEIP4824} from "./IEIP4824.sol";
 /// @notice This contract is the entry point to the Aragon DAO framework and provides our users a simple and easy to use public interface.
 /// @dev Public API of the Aragon DAO framework.
 /// @custom:security-contact sirt@aragon.org
+/// @custom:oz-upgrades-unsafe-allow constructor constructor delegatecall
 contract DAO is
     IEIP4824,
     Initializable,
     IERC1271,
     ERC165StorageUpgradeable,
     IDAO,
+    IExecutor,
     UUPSUpgradeable,
     ProtocolVersion,
     PermissionManager,
@@ -117,6 +120,9 @@ contract DAO is
     /// @notice Thrown when a function is removed but left to not corrupt the interface ID.
     error FunctionRemoved();
 
+    /// @notice Thrown when initialize is called after it has already been executed.
+    error AlreadyInitialized();
+
     /// @notice Emitted when a new DAO URI is set.
     /// @param daoURI The new URI.
     event NewURI(string daoURI);
@@ -134,8 +140,16 @@ contract DAO is
         _reentrancyStatus = _NOT_ENTERED;
     }
 
+    /// @notice This ensures that the initialize function cannot be called during the upgrade process.
+    modifier onlyCallAtInitialization() {
+        if (_getInitializedVersion() != 0) {
+            revert AlreadyInitialized();
+        }
+
+        _;
+    }
+
     /// @notice Disables the initializers on the implementation contract to prevent it from being left uninitialized.
-    /// @custom:oz-upgrades-unsafe-allow constructor
     constructor() {
         _disableInitializers();
     }
@@ -155,10 +169,14 @@ contract DAO is
         address _initialOwner,
         address _trustedForwarder,
         string calldata daoURI_
-    ) external reinitializer(3) {
+    ) external onlyCallAtInitialization reinitializer(3) {
         _reentrancyStatus = _NOT_ENTERED; // added in v1.3.0
 
+        // In addition to the current interfaceId, also support previous version of the interfaceId.
+        _registerInterface(type(IDAO).interfaceId ^ IExecutor.execute.selector);
+
         _registerInterface(type(IDAO).interfaceId);
+        _registerInterface(type(IExecutor).interfaceId);
         _registerInterface(type(IERC1271).interfaceId);
         _registerInterface(type(IEIP4824).interfaceId);
         _registerInterface(type(IProtocolVersion).interfaceId); // added in v1.3.0
@@ -198,6 +216,9 @@ contract DAO is
                 _who: address(this),
                 _permissionId: keccak256("SET_SIGNATURE_VALIDATOR_PERMISSION")
             });
+
+            _registerInterface(type(IDAO).interfaceId);
+            _registerInterface(type(IExecutor).interfaceId);
         }
     }
 
@@ -246,18 +267,12 @@ contract DAO is
         _setMetadata(_metadata);
     }
 
-    /// @inheritdoc IDAO
+    /// @inheritdoc IExecutor
     function execute(
         bytes32 _callId,
         Action[] calldata _actions,
         uint256 _allowFailureMap
-    )
-        external
-        override
-        nonReentrant
-        auth(EXECUTE_PERMISSION_ID)
-        returns (bytes[] memory execResults, uint256 failureMap)
-    {
+    ) external override nonReentrant returns (bytes[] memory execResults, uint256 failureMap) {
         // Check that the action array length is within bounds.
         if (_actions.length > MAX_ACTIONS) {
             revert TooManyActions();
@@ -268,14 +283,62 @@ contract DAO is
         uint256 gasBefore;
         uint256 gasAfter;
 
+        bool hasExecutePermission = isGranted(
+            address(this),
+            msg.sender,
+            EXECUTE_PERMISSION_ID,
+            msg.data
+        );
+
         for (uint256 i = 0; i < _actions.length; ) {
+            Action calldata action = _actions[i];
+
+            bool isAllowed = hasExecutePermission;
+            bytes32 permissionId = EXECUTE_PERMISSION_ID;
+
+            // TODO: do we want to have some special way to allow registering permission for `transfer` out of this contract ?
+            // This could be useful as there's no function selector for such scenario and currently, to do transfer, EXECUTE_PERMISSION
+            // is enough, but it could be desirable that some special permission is created and even if member has EXECUTE, still won't be able
+            // to execute withdraw action.
+            if (action.data.length >= 4) {
+                bytes32 id = keccak256(action.data[:4]);
+                Permission storage targetPermission = permissions[permissionHash(action.to, id)];
+
+                if (targetPermission.created) {
+                    isAllowed = isGranted(action.to, msg.sender, id, action.data);
+                    permissionId = id;
+                }
+            }
+
+            if (!isAllowed) {
+                revert Unauthorized(action.to, msg.sender, permissionId);
+            }
+
+            bool success;
+            bytes memory data;
+
             gasBefore = gasleft();
 
-            (bool success, bytes memory result) = _actions[i].to.call{value: _actions[i].value}(
-                _actions[i].data
-            );
+            (success, data) = _actions[i].to.call{value: _actions[i].value}(_actions[i].data);
+
             gasAfter = gasleft();
 
+            if (_actions[i].to == address(this)) {
+                if (!success) {
+                    bytes4 result;
+
+                    assembly {
+                        result := mload(add(data, 32))
+                    }
+
+                    if (result == Unauthorized.selector || result == UnauthorizedOwner.selector) {
+                        gasBefore = gasleft();
+                        (success, data) = _actions[i].to.delegatecall(_actions[i].data);
+                        gasAfter = gasleft();
+                    }
+                }
+            }
+
             // Check if failure is allowed
             if (!hasBit(_allowFailureMap, uint8(i))) {
                 // Check if the call failed.
@@ -297,7 +360,7 @@ contract DAO is
                 }
             }
 
-            execResults[i] = result;
+            execResults[i] = data;
 
             unchecked {
                 ++i;