Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Oct 8, 2024. It is now read-only.

sky-ecosystem/ds-pause

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

129 Commits
lib
lib
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
readme.md
readme.md
 
 
shell.nix
shell.nix
 
 

Repository files navigation

ds-pause

delegatecall based proxy with an enforced delay

ds-pause allows authorized users to schedule function calls that can only be executed once some predetermined waiting period has elapsed. The configurable delay attribute sets the minimum wait time.

ds-pause is designed to be used as a component in a governance system, to give affected parties time to respond to decisions. If those affected by governance decisions have e.g. exit or veto rights, then the pause can serve as an effective check on governance power.

Plans

A plan describes a single delegatecall operation and a unix timestamp eta before which it cannot be executed.

A plan consists of:

  • usr: address to delegatecall into
  • tag: the expected codehash of usr
  • fax: calldata to use
  • eta: first possible time of execution (as seconds since unix epoch)

Each plan has a unique id, defined as keccack256(abi.encode(usr, tag, fax, eta))

Operations

Plans can be manipulated in the following ways:

  • plot: schedule a plan
  • exec: execute a plan
  • drop: cancel a plan

Invariants

A break of any of the following would be classified as a critical issue. Please submit bug reports to [email protected].

high level

  • There is no way to bypass the delay
  • The code executed by the delegatecall cannot directly modify storage on the pause
  • The pause will always retain ownership of it's proxy

admin

  • authority, owner, and delay can only be changed if an authorized user plots a plan to do so

plot

  • A plan can only be plotted if its eta is after block.timestamp + delay
  • A plan can only be plotted by authorized users

exec

  • A plan can only be executed if it has previously been plotted
  • A plan can only be executed once it's eta has passed
  • A plan can only be executed if its tag matches extcodehash(usr)
  • A plan can only be executed once
  • A plan can be executed by anyone

drop

  • A plan can only be dropped by authorized users

Identity & Trust

In order to protect the internal storage of the pause from malicious writes during plan execution, we perform the actual delegatecall operation in a seperate contract with an isolated storage context (DSPauseProxy). Each pause has it's own individual proxy.

This means that plan's are executed with the identity of the proxy, and when integrating the pause into some auth scheme, you probably want to trust the pause's proxy and not the pause itself.

Example Usage

// construct the pause

uint delay            = 2 days;
address owner         = address(0);
DSAuthority authority = new DSAuthority();

DSPause pause = new DSPause(delay, owner, authority);

// plot the plan

address      usr = address(0x0);
bytes32      tag;  assembly { tag := extcodehash(usr) }
bytes memory fax = abi.encodeWithSignature("sig()");
uint         eta = now + delay;

pause.plot(usr, tag, fax, eta);
// wait until block.timestamp is at least now + delay...
// and then execute the plan

bytes memory out = pause.exec(usr, tag, fax, eta);

Tests

About

Schedule function calls that can only be executed once some delay has elapsed

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

8 stars

Watchers

1 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Solidity 97.7%
  • Nix 1.7%
  • Makefile 0.6%