Vote on contract upgrades #2

New Issue

Open

opened 2018-03-12 18:57:40 +00:00 by bumi · 9 comments

bumi commented 2018-03-12 18:57:40 +00:00 (Migrated from github.com)

Copy Link

Upgrading tokens is a security risk and requires trust to whoever is able to upgrade to a new version.
We need to define a process on how to upgrade to new releases and implement the specific access controls.

Who should be able to upgrade contracts to a new version?
Will the be some voting required? Should it be some multisig transaction?

Upgrading tokens is a security risk and requires trust to whoever is able to upgrade to a new version. We need to define a process on how to upgrade to new releases and implement the specific access controls. Who should be able to upgrade contracts to a new version? Will the be some voting required? Should it be some multisig transaction?

fsmanuel commented 2018-03-22 01:26:35 +00:00 (Migrated from github.com)

Copy Link

I'm in for a voting! Is the proposal part also a voting? If so what would be the difference? Is it possible to abstract it to have something like a Votable concern? I think we need something like a votable_target a condition who can vote, what is the final state and what should happen if the final state is reached.

Off topic question: Is every call to the contract a transaction that needs gas?

I'm in for a voting! Is the proposal part also a voting? If so what would be the difference? Is it possible to abstract it to have something like a `Votable` concern? I think we need something like a `votable_target` a condition who can vote, what is the final state and what should happen if the final state is reached. Off topic question: Is every call to the contract a transaction that needs gas?

bumi commented 2018-03-22 08:26:35 +00:00 (Migrated from github.com)

Copy Link

Every call to a contract that changes the state is a transaction and costs gas.
Reading data from a contract is free - as it is just accessing the local DB from the connected node.

Voting would for sure be the best. I think the general logic what will be executed is different though. For proposals new tokens will be issued for upgrading the contract some different attribute must be set.
The Votable is a good idea. Maybe we can try that every proposal is its own small contract that implements that logic - need to see how much that would be.
I'd focus on the proposals first though.

Every call to a contract that changes the state is a transaction and costs gas. Reading data from a contract is free - as it is just accessing the local DB from the connected node. Voting would for sure be the best. I think the general logic what will be executed is different though. For proposals new tokens will be issued for upgrading the contract some different attribute must be set. The `Votable` is a good idea. Maybe we can try that every proposal is its own small contract that implements that logic - need to see how much that would be. I'd focus on the proposals first though.

bumi commented 2019-03-31 14:02:19 +00:00 (Migrated from github.com)

Copy Link

doable with aragon (#62 )

doable with aragon (#62 )

raucao commented 2019-04-01 07:53:22 +00:00 (Migrated from github.com)

Copy Link

Even though it's doable with that, this issue is still valid, no? Or do we already have contract upgrade voting implemented in #62?

Even though it's doable with that, this issue is still valid, no? Or do we already have contract upgrade voting implemented in #62?

bumi commented 2019-04-01 08:36:34 +00:00 (Migrated from github.com)

Copy Link

yeah probably you're right.
right now some access role is defined. The deploy account gets that role and we would need to give that one to a voting app. And actually I think we could even use the aragon voting app for that.
Though all this is theory and I have not tested it.

yeah probably you're right. right now some access role is defined. The deploy account gets that role and we would need to give that one to a voting app. And actually I think we could even use the aragon voting app for that. Though all this is theory and I have not tested it.

bumi commented 2019-04-01 08:42:15 +00:00 (Migrated from github.com)

Copy Link

but for the launch I think that is enough?

but for the launch I think that is enough?

raucao commented 2019-04-01 08:43:10 +00:00 (Migrated from github.com)

Copy Link

Yes, of course. Just making sure we keep issues open for the things we plan to implement in the future.

Yes, of course. Just making sure we keep issues open for the things we plan to implement in the future.

👍 1

bumi commented 2019-04-01 08:48:38 +00:00 (Migrated from github.com)

Copy Link

I somehow have added this issue in the launch milestone. I remove the milestone but we keep the issue open.

I somehow have added this issue in the launch milestone. I remove the milestone but we keep the issue open.

raucao added the

feature

label 2022-07-16 15:25:35 +00:00

raucao added the

security

label 2022-10-29 11:54:23 +00:00

raucao commented 2022-10-29 11:55:11 +00:00

Copy Link

refs #171

refs #171

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

new-final-deploy

new-final-deploy-2

reimbursement-export

staging

legacy

addresses/rsk-testnet-raucao-1

ipfs-defaults

deletemewhendone

feature/184-improve_withdrawal

tests/contracts-contribution

tests/contracts-kit

kit/add-vault-app

feature/ipfs_hash_in_add_response

chore/bootstrap-on-travis

chore/remove-direct-aragon-cli-dependency

chore/update-dependencies-1

fix/ipfs-config

apm-hack

wtf/package-lock

feature/contributor-balance

feature/constructor-options

v7.5.0

v7.4.0

v7.3.0

v7.2.0

v7.1.0

v7.0.0

v7.0.1

v7.0.0-beta.0

v6.0.0

v5.5.0

v5.4.0

v5.3.0

v5.2.0

v5.1.1

v5.1.0

v5.0.0

v4.0.2

v4.0.1

v4.0.0

v3.0.2

v3.0.1

v3.0.0

Labels

Clear labels

good first issue

Good for newcomers

ipfs

rsk

scaling

bug

Something is not working

dev environment

Config, builds, CI, deployment, etc.

docs

Documentation

duplicate

This issue or pull request already exists

enhancement

Improving existing functionality

feature

New functionality

idea

Something to consider

invalid

Not a bug

kredits-1

Small contribution

kredits-2

Medium contribution

kredits-3

Large contribution

question

Looking for an answer

release

major

release

minor

release

patch

security

All your base are belong to us

ui/ux

User interface, process design, etc.

wontfix

This won't be fixed

No Label

feature

security

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

bkero bumi fsmanuel galfert greg haythem hueso raucao slvrbckt

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kredits/contracts#2

No description provided.