mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2026-01-16 18:43:10 -06:00
Code Issues Packages Projects Releases Wiki Activity
2557 commits 57 branches 102 tags 160 MiB
Commit graph

15 commits

Author SHA1 Message Date
Giuseppe Rodriguez 7b947bba55 rename getEntitlements to getEntitlementModules (#1450) 
Co-authored-by: Tak Wai Wong <64229756+tak-hntlabs@users.noreply.github.com>
 2023-02-09 14:56:23 -08:00
Giuseppe Rodriguez d9801a3dbf store channel network id in struct (#1447) 2023-02-08 17:13:08 -08:00
Giuseppe Rodriguez 9a85e1b3c1 Audit Fixes 6 - Code quality checks (#1439) 2023-02-08 14:38:06 -08:00
Giuseppe Rodriguez 6bdd949235 Audit Fixes 5 - Updates to channel based functionality (#1435) 
Fixes HNT-716
Fixes HNT-710
Fixes HNT-708
 2023-02-08 14:09:03 -08:00
Giuseppe Rodriguez 72d43d8baa getter for channels (#1441) 2023-02-08 11:41:38 -08:00
Giuseppe Rodriguez 3757e0f596 Audit Fixes 4 - Upgradeability of Entitlement Modules is controlled by OpenZeppelin owner() and not SpaceOwner NFT holder (#1431) 
Fixes HNT-704
Fixes HNT-715
Fixes HNT-714
Fixes HNT-711
Fixes HNT-706
Fixes HNT-707
 2023-02-07 19:43:32 -08:00
Giuseppe Rodriguez cade6d1de3 Audit Fixes 3 - [M-1] More than one Role can contain the Permissions.Owner permission (#1429) 
Impact: High

Likelihood: Low

According to the discussion with the team, it is expected that in Space
contracts, only one Role can have the Permissions.Owner permission.
Currently, multiple Roles can be created containing this permission.
This is caused by Space.sol’s createRole() function allowing the
OpenZeppelin owner to create new owner-permissioned roles without limit.

Remediations to consider:

Do not allow multiple roles to be created with the ownership permission.
This could be done with something like: if Space.sol’s ownerRoleId is
set, do not allow new roles to be created with the Permissions.Owner
permission.

 Fixes HNT-703 as well
 2023-02-07 19:23:07 -08:00
Giuseppe Rodriguez 7d6ffad2de Audit Fixes 1 - Removes OZ Ownable from Space contract and makes checks for space token ownership to see if caller is space owner (#1424) 
Removing the OpenZeppelin ownership logic, and, checking directly for
the ownership of the Space’s SpaceOwner NFT. The SpaceFactory could be
the owner during the bootstrapping phase, and afterwards, could transfer
the NFT to the proper owner. Doing a direct check like
_spaceOwner().ownerOf(tokenId) == _msgSender() would be safe because
that’s what the owner entitlement is going to check eventually.

---------

Co-authored-by: Kerem Kazan <kerem.kazan@gmail.com>
 2023-02-07 15:57:39 -08:00
Giuseppe Rodriguez b8fd046e51 Updates UserEntitlement to take array of addresses (#1213) 2023-01-13 12:10:38 -08:00
Giuseppe Rodriguez e51eb13a13 0xMacro Updates (#1200) 
Fixes HNT-417, HNT-411, HNT-403, HNT-398, HNT-394
 2023-01-12 11:08:20 -08:00
Giuseppe Rodriguez 6745cd8162 adds multicall and updates create role with entitlements and entitlementdata arguments (#1192) 2023-01-10 19:43:14 -08:00
Tak Wai Wong 3700bcbde4 rename isEntitled to isEntitledToSpace (#1174) 2023-01-06 12:12:35 -08:00
Tak Wai Wong b09cd18803 Rename isEntitled func for channel (#1168) 
Overloaded isEntitled func in ISpace.sol and Space.sol caused the generated client types to turn into string names. Renaming one of them to isEntitledToChannel.
 2023-01-04 14:13:39 -08:00
Giuseppe Rodriguez d04b25996e Space v2 Updates (#1145) 2022-12-28 20:23:01 -08:00
Giuseppe Rodriguez 6aa7e26d52 Space Manager v2 with Upgradeability (#1005) 2022-12-27 18:26:43 -08:00