From cbea604752bef9ec768e78e45f584a2c1a28bf7e Mon Sep 17 00:00:00 2001 From: "Emmanuel Joseph (JET)" Date: Thu, 10 Oct 2024 04:30:52 +0100 Subject: [PATCH 1/2] perf: slither-analysis --- foundry.toml | 2 +- script/MultiSigEnterpriseVault.s.sol | 2 +- src/MultiSigEnterpriseVault.sol | 2 +- src/components/MultiSigTimelock.sol | 6 +++--- src/components/MultiSigTransaction.sol | 16 +++++++++------- src/components/user/User.sol | 2 +- src/components/user/roles/ExecutorRole.sol | 2 +- src/components/user/roles/OwnerRole.sol | 14 +++++++------- src/components/user/roles/SignerRole.sol | 6 +++--- src/interfaces/IMultiSigTimelock.sol | 2 +- src/interfaces/IMultiSigTransaction.sol | 2 +- src/interfaces/user/IUser.sol | 2 +- src/interfaces/user/roles/IExecutorRole.sol | 2 +- src/interfaces/user/roles/IOwnerRole.sol | 2 +- src/interfaces/user/roles/ISignerRole.sol | 2 +- src/libraries/AddressUtils.sol | 2 +- src/libraries/Counters.sol | 2 +- src/libraries/SafeMath.sol | 2 +- src/utilities/VaultConstants.sol | 2 +- src/utilities/VaultEnums.sol | 2 +- src/utilities/VaultStructs.sol | 2 +- test/MultiSigEnterpriseVault.t.sol | 2 +- test/components/BaseMultiSigTest.t.sol | 2 +- test/components/MultiSigFuzzTest.t.sol | 6 ++---- test/components/MultiSigTimelockTest.t.sol | 2 +- test/components/MultiSigTransactionTest.t.sol | 2 +- test/components/roles/ExecutorRoleTest.t.sol | 2 +- test/components/roles/OwnerRoleTest.t.sol | 2 +- test/components/roles/SignerRoleTest.t.sol | 2 +- test/mocks/MockERC20Token.sol | 2 +- 30 files changed, 49 insertions(+), 49 deletions(-) diff --git a/foundry.toml b/foundry.toml index 0b45836..ede308f 100644 --- a/foundry.toml +++ b/foundry.toml @@ -2,7 +2,7 @@ src = "src" out = "out" libs = ["lib"] -solc = "0.8.27" +solc = "0.8.20" [fmt] tab_width = 2 diff --git a/script/MultiSigEnterpriseVault.s.sol b/script/MultiSigEnterpriseVault.s.sol index 4e50ca9..49c67b0 100644 --- a/script/MultiSigEnterpriseVault.s.sol +++ b/script/MultiSigEnterpriseVault.s.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import {Script, console} from 'forge-std/Script.sol'; import {MultiSigEnterpriseVault} from '../src/MultiSigEnterpriseVault.sol'; diff --git a/src/MultiSigEnterpriseVault.sol b/src/MultiSigEnterpriseVault.sol index 790a20c..264418b 100644 --- a/src/MultiSigEnterpriseVault.sol +++ b/src/MultiSigEnterpriseVault.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import {MultiSigTransaction} from './components/MultiSigTransaction.sol'; import {AddressUtils} from './libraries/AddressUtils.sol'; diff --git a/src/components/MultiSigTimelock.sol b/src/components/MultiSigTimelock.sol index 26b98cd..25df4da 100644 --- a/src/components/MultiSigTimelock.sol +++ b/src/components/MultiSigTimelock.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import '../libraries/Counters.sol'; import {User} from './user/User.sol'; @@ -181,9 +181,9 @@ abstract contract MultiSigTimelock is User, IMultiSigTimelock { ) public validSigner validAction(actionId) pendingAction(actionId) { Action storage action = _actions[actionId]; if (action.signatures.contains(_msgSender())) revert ActionNotApproved(actionId); + if (!action.signatures.add(_msgSender())) revert ActionNotApproved(actionId); action.approvals.increment(); - action.signatures.add(_msgSender()); emit ActionApproved(actionId, _msgSender(), block.timestamp); } @@ -196,9 +196,9 @@ abstract contract MultiSigTimelock is User, IMultiSigTimelock { ) public validSigner validAction(actionId) pendingAction(actionId) { Action storage action = _actions[actionId]; if (!action.signatures.contains(_msgSender())) revert ActionNotApproved(actionId); + if (!action.signatures.remove(_msgSender())) revert ActionNotApproved(actionId); action.approvals.decrement(); - action.signatures.remove(_msgSender()); emit ActionRevoked(actionId, _msgSender(), block.timestamp); } diff --git a/src/components/MultiSigTransaction.sol b/src/components/MultiSigTransaction.sol index aa450f7..1a672b7 100644 --- a/src/components/MultiSigTransaction.sol +++ b/src/components/MultiSigTransaction.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import '../libraries/Counters.sol'; import '../libraries/AddressUtils.sol'; @@ -84,14 +84,16 @@ abstract contract MultiSigTransaction is MultiSigTimelock, IMultiSigTransaction * @inheritdoc IMultiSigTransaction */ function depositToken(address token, uint256 amount) external payable nonReentrant { - uint256 allowance = IERC20(token).allowance(_msgSender(), address(this)); + IERC20 erc20Token = IERC20(token); + uint256 allowance = erc20Token.allowance(_msgSender(), address(this)); if (allowance < amount) { - uint256 remainingAllowance = amount.subtract(allowance); - revert ERC20InsufficientAllowance(_msgSender(), allowance, remainingAllowance); + uint256 neededAllowance = amount.subtract(allowance); + revert ERC20InsufficientAllowance(_msgSender(), allowance, neededAllowance); } - IERC20(token).transferFrom(_msgSender(), address(this), amount); + + SafeERC20.safeTransferFrom(erc20Token, _msgSender(), address(this), amount); emit FundsReceived(_msgSender(), token, amount); } @@ -141,9 +143,9 @@ abstract contract MultiSigTransaction is MultiSigTimelock, IMultiSigTransaction ) public validSigner validTransaction(txId) pendingTransaction(txId) { Transaction storage txn = _transactions[txId]; if (txn.signatures.contains(_msgSender())) revert TransactionNotApproved(txId); + if (!txn.signatures.add(_msgSender())) revert TransactionNotApproved(txId); txn.approvals.increment(); - txn.signatures.add(_msgSender()); emit TransactionApproved(txId, _msgSender(), block.timestamp); } @@ -156,9 +158,9 @@ abstract contract MultiSigTransaction is MultiSigTimelock, IMultiSigTransaction ) public validSigner validTransaction(txId) pendingTransaction(txId) { Transaction storage txn = _transactions[txId]; if (!txn.signatures.contains(_msgSender())) revert TransactionNotApproved(txId); + if (!txn.signatures.remove(_msgSender())) revert TransactionNotApproved(txId); txn.approvals.decrement(); - txn.signatures.remove(_msgSender()); emit TransactionRevoked(txId, _msgSender(), block.timestamp); } diff --git a/src/components/user/User.sol b/src/components/user/User.sol index e862a81..1deaf31 100644 --- a/src/components/user/User.sol +++ b/src/components/user/User.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import '../../libraries/Counters.sol'; import '../../utilities/VaultConstants.sol'; diff --git a/src/components/user/roles/ExecutorRole.sol b/src/components/user/roles/ExecutorRole.sol index b5bc2bf..2920c93 100644 --- a/src/components/user/roles/ExecutorRole.sol +++ b/src/components/user/roles/ExecutorRole.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import {AccessControl} from '@openzeppelin/contracts/access/AccessControl.sol'; import {IExecutorRole} from '../../../interfaces/user/roles/IExecutorRole.sol'; diff --git a/src/components/user/roles/OwnerRole.sol b/src/components/user/roles/OwnerRole.sol index 6b138b5..0ba9381 100644 --- a/src/components/user/roles/OwnerRole.sol +++ b/src/components/user/roles/OwnerRole.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import {AccessControl} from '@openzeppelin/contracts/access/AccessControl.sol'; import {IOwnerRole} from '../../../interfaces/user/roles/IOwnerRole.sol'; @@ -20,26 +20,26 @@ abstract contract OwnerRole is AccessControl, IOwnerRole { /** * @dev Initializes the Owner role and sets the initial owner override timelock. - * @param owner_ The address of the initial owner. + * @param initialOwner The address of the initial owner. * @param initialOwnerOverrideTimelock The initial timelock value for owner override. */ - constructor(address owner_, uint256 initialOwnerOverrideTimelock) { - AddressUtils.requireValidUserAddress(owner_); + constructor(address initialOwner, uint256 initialOwnerOverrideTimelock) { + AddressUtils.requireValidUserAddress(initialOwner); if (initialOwnerOverrideTimelock <= 0) { revert InvalidOwnerOverrideTimelockValue(initialOwnerOverrideTimelock); } // Grant DEFAULT_ADMIN_ROLE to the owner - _grantRole(DEFAULT_ADMIN_ROLE, owner_); + _grantRole(DEFAULT_ADMIN_ROLE, initialOwner); // Now change the admin role of DEFAULT_ADMIN_ROLE to OWNER_ROLE _setRoleAdmin(DEFAULT_ADMIN_ROLE, OWNER_ROLE); // Grant OWNER_ROLE to the owner - _grantRole(OWNER_ROLE, owner_); + _grantRole(OWNER_ROLE, initialOwner); ownerOverrideTimelock = initialOwnerOverrideTimelock; - _owner = owner_; + _owner = initialOwner; } /** diff --git a/src/components/user/roles/SignerRole.sol b/src/components/user/roles/SignerRole.sol index fe4fc4e..3ec8f07 100644 --- a/src/components/user/roles/SignerRole.sol +++ b/src/components/user/roles/SignerRole.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import {EnumerableSet} from '@openzeppelin/contracts/utils/structs/EnumerableSet.sol'; import {AccessControl} from '@openzeppelin/contracts/access/AccessControl.sol'; @@ -83,9 +83,9 @@ abstract contract SignerRole is AccessControl, ISignerRole { ) internal virtual validExecutor { _validateSignerAddress(newSigner); if (isSigner(newSigner)) revert SignerAlreadyExists(newSigner); + if (!_signers.add(newSigner)) revert SignerAlreadyExists(newSigner); _grantRole(SIGNER_ROLE, newSigner); - _signers.add(newSigner); _signerCount.increment(); emit SignerAdded(newSigner); } @@ -99,9 +99,9 @@ abstract contract SignerRole is AccessControl, ISignerRole { address signer ) internal virtual validExecutor { if (!isSigner(signer)) revert SignerDoesNotExist(signer); + if (!_signers.remove(signer)) revert SignerDoesNotExist(signer); _revokeRole(SIGNER_ROLE, signer); - _signers.remove(signer); _signerCount.decrement(); emit SignerRemoved(signer); } diff --git a/src/interfaces/IMultiSigTimelock.sol b/src/interfaces/IMultiSigTimelock.sol index 019fb59..e7dbb17 100644 --- a/src/interfaces/IMultiSigTimelock.sol +++ b/src/interfaces/IMultiSigTimelock.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import {ActionType} from '../utilities/VaultEnums.sol'; diff --git a/src/interfaces/IMultiSigTransaction.sol b/src/interfaces/IMultiSigTransaction.sol index 195c955..a352bd0 100644 --- a/src/interfaces/IMultiSigTransaction.sol +++ b/src/interfaces/IMultiSigTransaction.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; /** * @title IMultiSigTransaction Interface diff --git a/src/interfaces/user/IUser.sol b/src/interfaces/user/IUser.sol index 2086160..f07cdfb 100644 --- a/src/interfaces/user/IUser.sol +++ b/src/interfaces/user/IUser.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; /** * @title IUser Interface diff --git a/src/interfaces/user/roles/IExecutorRole.sol b/src/interfaces/user/roles/IExecutorRole.sol index 715ee91..162f251 100644 --- a/src/interfaces/user/roles/IExecutorRole.sol +++ b/src/interfaces/user/roles/IExecutorRole.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; /** * @title IExecutorRole Interface diff --git a/src/interfaces/user/roles/IOwnerRole.sol b/src/interfaces/user/roles/IOwnerRole.sol index 33d5ebe..8bd5964 100644 --- a/src/interfaces/user/roles/IOwnerRole.sol +++ b/src/interfaces/user/roles/IOwnerRole.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; /** * @title IOwnerRole Interface diff --git a/src/interfaces/user/roles/ISignerRole.sol b/src/interfaces/user/roles/ISignerRole.sol index 45be85e..2a141d7 100644 --- a/src/interfaces/user/roles/ISignerRole.sol +++ b/src/interfaces/user/roles/ISignerRole.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; /** * @title ISignerRole Interface diff --git a/src/libraries/AddressUtils.sol b/src/libraries/AddressUtils.sol index d373772..9cd10c7 100644 --- a/src/libraries/AddressUtils.sol +++ b/src/libraries/AddressUtils.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import '@openzeppelin/contracts/utils/Address.sol'; diff --git a/src/libraries/Counters.sol b/src/libraries/Counters.sol index 8bc74b0..eb8a01b 100644 --- a/src/libraries/Counters.sol +++ b/src/libraries/Counters.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import './SafeMath.sol'; diff --git a/src/libraries/SafeMath.sol b/src/libraries/SafeMath.sol index 5590801..f36ca9a 100644 --- a/src/libraries/SafeMath.sol +++ b/src/libraries/SafeMath.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; /** * @title SafeMath Library diff --git a/src/utilities/VaultConstants.sol b/src/utilities/VaultConstants.sol index 12e6082..75071bc 100644 --- a/src/utilities/VaultConstants.sol +++ b/src/utilities/VaultConstants.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; /// @dev Role identifier for the Owner role in bytes32 bytes32 constant OWNER_ROLE = keccak256('RoleType.OWNER'); diff --git a/src/utilities/VaultEnums.sol b/src/utilities/VaultEnums.sol index 56756d2..4ce66cd 100644 --- a/src/utilities/VaultEnums.sol +++ b/src/utilities/VaultEnums.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; /** * @title Vault RoleType Enum diff --git a/src/utilities/VaultStructs.sol b/src/utilities/VaultStructs.sol index 5500ba9..22dfef6 100644 --- a/src/utilities/VaultStructs.sol +++ b/src/utilities/VaultStructs.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import '@openzeppelin/contracts/utils/structs/EnumerableSet.sol'; import '../libraries/Counters.sol'; diff --git a/test/MultiSigEnterpriseVault.t.sol b/test/MultiSigEnterpriseVault.t.sol index 721f53b..707f399 100644 --- a/test/MultiSigEnterpriseVault.t.sol +++ b/test/MultiSigEnterpriseVault.t.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import {Test, console} from 'forge-std/Test.sol'; import {MultiSigEnterpriseVault} from '../src/MultiSigEnterpriseVault.sol'; diff --git a/test/components/BaseMultiSigTest.t.sol b/test/components/BaseMultiSigTest.t.sol index f973012..a66c094 100644 --- a/test/components/BaseMultiSigTest.t.sol +++ b/test/components/BaseMultiSigTest.t.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import '../MultiSigEnterpriseVault.t.sol'; diff --git a/test/components/MultiSigFuzzTest.t.sol b/test/components/MultiSigFuzzTest.t.sol index a854b56..88a8257 100644 --- a/test/components/MultiSigFuzzTest.t.sol +++ b/test/components/MultiSigFuzzTest.t.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import {IERC20} from '@openzeppelin/contracts/token/ERC20/IERC20.sol'; import {Address} from '@openzeppelin/contracts/utils/Address.sol'; @@ -61,9 +61,7 @@ contract MultiSigFuzzTest is BaseMultiSigTest { && recipient != vaultExecutor && recipient != vaultAddress ); - vm.deal(vaultOwner, 100 ether); - vm.prank(vaultOwner); - Address.sendValue(payable(vaultAddress), 10 ether); + vm.deal(vaultAddress, 100 ether); uint256 initialRecipientBalance = recipient.balance; uint256 initialVaultBalance = vaultAddress.balance; diff --git a/test/components/MultiSigTimelockTest.t.sol b/test/components/MultiSigTimelockTest.t.sol index 14f4617..211c79e 100644 --- a/test/components/MultiSigTimelockTest.t.sol +++ b/test/components/MultiSigTimelockTest.t.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import {ActionType} from '../../src/utilities/VaultEnums.sol'; import './BaseMultiSigTest.t.sol'; diff --git a/test/components/MultiSigTransactionTest.t.sol b/test/components/MultiSigTransactionTest.t.sol index 3ed8af6..8994262 100644 --- a/test/components/MultiSigTransactionTest.t.sol +++ b/test/components/MultiSigTransactionTest.t.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import {IERC20} from '@openzeppelin/contracts/token/ERC20/IERC20.sol'; import {Address} from '@openzeppelin/contracts/utils/Address.sol'; diff --git a/test/components/roles/ExecutorRoleTest.t.sol b/test/components/roles/ExecutorRoleTest.t.sol index 5953771..6f7448b 100644 --- a/test/components/roles/ExecutorRoleTest.t.sol +++ b/test/components/roles/ExecutorRoleTest.t.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import '../../MultiSigEnterpriseVault.t.sol'; import {RoleType} from '../../../src/utilities/VaultEnums.sol'; diff --git a/test/components/roles/OwnerRoleTest.t.sol b/test/components/roles/OwnerRoleTest.t.sol index 1865f64..de940cd 100644 --- a/test/components/roles/OwnerRoleTest.t.sol +++ b/test/components/roles/OwnerRoleTest.t.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import '../../MultiSigEnterpriseVault.t.sol'; import {RoleType} from '../../../src/utilities/VaultEnums.sol'; diff --git a/test/components/roles/SignerRoleTest.t.sol b/test/components/roles/SignerRoleTest.t.sol index 805d355..8cb3f65 100644 --- a/test/components/roles/SignerRoleTest.t.sol +++ b/test/components/roles/SignerRoleTest.t.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import '../../MultiSigEnterpriseVault.t.sol'; diff --git a/test/mocks/MockERC20Token.sol b/test/mocks/MockERC20Token.sol index 45e1ff3..cf1566f 100644 --- a/test/mocks/MockERC20Token.sol +++ b/test/mocks/MockERC20Token.sol @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-3.0 -pragma solidity ^0.8.27; +pragma solidity ^0.8.20; import '@openzeppelin/contracts/token/ERC20/ERC20.sol'; From 6e94713a6296cb4306bd52f34f788a7610248320 Mon Sep 17 00:00:00 2001 From: "Emmanuel Joseph (JET)" Date: Thu, 10 Oct 2024 04:41:56 +0100 Subject: [PATCH 2/2] fix: forge format --- src/components/MultiSigTransaction.sol | 1 - 1 file changed, 1 deletion(-) diff --git a/src/components/MultiSigTransaction.sol b/src/components/MultiSigTransaction.sol index 1a672b7..a2b1628 100644 --- a/src/components/MultiSigTransaction.sol +++ b/src/components/MultiSigTransaction.sol @@ -92,7 +92,6 @@ abstract contract MultiSigTransaction is MultiSigTimelock, IMultiSigTransaction revert ERC20InsufficientAllowance(_msgSender(), allowance, neededAllowance); } - SafeERC20.safeTransferFrom(erc20Token, _msgSender(), address(this), amount); emit FundsReceived(_msgSender(), token, amount); }