Add a variant of the Vesting wallet for updating the beneficiary #264
Conversation
| function updateBeneficiary(address newBeneficiary) external onlyOwner { | ||
| _setBeneficiary(newBeneficiary); | ||
| emit BeneficiaryUpdate(newBeneficiary); | ||
| } |
There was a problem hiding this comment.
Would it make sense to add another function to accept the beneficiary change? That might be a way of avoiding an issue of changing the beneficiary to a centralized exchange wallet (as an example)
There was a problem hiding this comment.
That might be a way of avoiding an issue of changing the beneficiary to a centralized exchange wallet
My understanding is that is exactly what they plan to use. Apparently, coinbase has a thing where the user as a "long lasting" address that can receive assets (including ERC20) ... but I'm not 100% sure it can be use to interract with arbitrary smart contracts.
There was a problem hiding this comment.
Right, I recall someone mention the Coinbase Account, but if that's the purpose then it is okay under the assumption that this VestingWallet is more legally-restricted than code-restricted. Let's just keep this in mind, might be an important detail before making the change.
There was a problem hiding this comment.
Yeah since release is permisionless we can't assume that the beneficiary wallet is able to interact with the smart contract.
|
|
||
| function updateBeneficiary(address newBeneficiary) external onlyOwner { | ||
| _setBeneficiary(newBeneficiary); | ||
| emit BeneficiaryUpdate(newBeneficiary); |
There was a problem hiding this comment.
I'd say this event should be emitted inside of _setBeneficiary instead.
There was a problem hiding this comment.
I wanted to minimize the changes to V1. If the storage was not private I wouldn't have touched it.
There was a problem hiding this comment.
I see. I was thinking of overriding _setBeneficiary in V2:
function _setBeneficiary(address newBeneficiary) override ... {
super._setBeneficiary(newBeneficiary);
emit BeneficiaryUpdate(newBeneficiary);
}
Would you say this is acceptable?
There was a problem hiding this comment.
feels a bit too much to me. It means having two function instead of one in VestingWalletRecovery.
contract VestingWalletRecovery is VestingWalletV1 {
event BeneficiaryUpdate(address newBeneficiary);
function updateBeneficiary(address newBeneficiary) external onlyOwner {
_setBeneficiary(newBeneficiary);
}
function _setBeneficiary(address newBeneficiary) internal virtual override {
super._setBeneficiary(newBeneficiary);
emit BeneficiaryUpdate(newBeneficiary);
}
}vs
contract VestingWalletRecovery is VestingWalletV1 {
event BeneficiaryUpdate(address newBeneficiary);
function updateBeneficiary(address newBeneficiary) external onlyOwner {
_setBeneficiary(newBeneficiary);
emit BeneficiaryUpdate(newBeneficiary);
}
}There was a problem hiding this comment.
I agree with prioritizing fewer code and fewer changes to V1.
Co-authored-by: Ernesto García <[email protected]>
|
I added the "light" version, that would work as a temporary implementation. Let me know what you think. I don't feel its safer, but I like that it doesn't require any change to the V1 implementation to expose the private variable. |
| function changeOwnerAndUpgrade(address newBeneficiary, address newImplementation) external { | ||
| // change ownership |
There was a problem hiding this comment.
Should be "change beneficiary"! Owner is a different entity.
There was a problem hiding this comment.
Similarly the name of the function should be changeBeneficiaryAndUpgrade
| uint256[50] private __gap_3; | ||
| // ERC1967UpgradeUpgradeable | ||
| uint256[50] private __gap_4; | ||
| // VestingWallerV1 |
There was a problem hiding this comment.
| // VestingWallerV1 | |
| // VestingWalletV1 |
| bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; | ||
| event Upgraded(address indexed implementation); | ||
|
|
||
| function changeOwnerAndUpgrade(address newBeneficiary, address newImplementation) external { |
There was a problem hiding this comment.
I think this should either be onlyOwner or the parameters should be immutably set in the constructor. Otherwise there is a possible error where the wallet is upgraded without calling this function and it becomes open to anyone to steal the tokens.
There was a problem hiding this comment.
Yeah, considering it's supposed to be light, then setting immutables at construction sounds better
|
|
||
| function updateBeneficiary(address newBeneficiary) external onlyOwner { | ||
| _setBeneficiary(newBeneficiary); | ||
| emit BeneficiaryUpdate(newBeneficiary); |
There was a problem hiding this comment.
I agree with prioritizing fewer code and fewer changes to V1.
| /** | ||
| * This contract is designed for recovery in case the beneficiary was lost. | ||
| */ | ||
| contract VestingWalletRecovery is VestingWalletV1 { |
There was a problem hiding this comment.
There is also VestingWalletV2. I don't know if any of the affected wallets are using V2 but if so this recovery upgrade would remove V2 features.
This seems like another reason to use the "light" recovery mode. It keeps the wallet in the same version it's at (V1 or V2).
| function updateBeneficiary(address newBeneficiary) external onlyOwner { | ||
| _setBeneficiary(newBeneficiary); | ||
| emit BeneficiaryUpdate(newBeneficiary); | ||
| } |
There was a problem hiding this comment.
Yeah since release is permisionless we can't assume that the beneficiary wallet is able to interact with the smart contract.
| * This contract is designed for recovery in case the beneficiary was lost. | ||
| */ | ||
| contract VestingWalletRecoveryLight { | ||
| /// Storage |
There was a problem hiding this comment.
I think that the storage layout should be that of V2.
|
|
||
| this.vesting = await deployUpgradeable( | ||
| hre, | ||
| 'VestingWallet', |
There was a problem hiding this comment.
This seems to be deploying "V0" of the vesting wallet:
I think it should be VestingWalletV2 ?
There was a problem hiding this comment.
The wallets we are targeting are using V0.
Not that the storage layout described in VestingWalletRecoveryLight is common to V0, V1 and V2.
There was a problem hiding this comment.
Following Fran's comments, I'd rename this file to VestingWalletV1.recovery.test.js. Consistent with the name of the underlying wallet that's being updated.
|
Replaced by OpenZeppelin#1 |
Some beneficiary of vesting wallets have lost access to their keys. This PR add a variant of the VestingWallet.
The admin can upgrade the wallet to that new variant and the use the new
updateBeneficiaryfunction to update the beneficiary address to a new value.