Resolve AI6 by removing wallet upgradability

2026-01-08 23:28:21 -05:00 · 2023-05-22 18:54:31 +01:00
parent e4c7dfb01c
commit 60effa15a1
2 changed files with 13 additions and 19 deletions
--- a/contracts/contracts/VerificationGateway.sol
+++ b/contracts/contracts/VerificationGateway.sol
@@ -168,8 +168,7 @@ contract VerificationGateway
        IWallet wallet = IWallet(msg.sender);
        bytes32 existingHash = hashFromWallet[wallet];
        if (existingHash == bytes32(0)) { // wallet does not yet have a bls key registered with this gateway
-            // set it instantly
-            safeSetWallet(messageSenderSignature, publicKey, wallet, signatureExpiryTimestamp);
+            // Can't register new wallet contracts, only what this gateway deployed.
        }
        else { // wallet already has a key registered, set after delay
            pendingMessageSenderSignatureFromHash[existingHash] = messageSenderSignature;
@@ -235,6 +234,11 @@ contract VerificationGateway
            }
        }

+        require((selectorId != ProxyAdmin.upgrade.selector)
+            && (selectorId != ProxyAdmin.upgradeAndCall.selector),
+            "VG: wallet not upgradable"
+        );
+
        wallet.setAnyPending();

        // ensure wallet has pre-approved encodedFunction
--- a/contracts/test/upgrade-test.ts
+++ b/contracts/test/upgrade-test.ts
@@ -44,7 +44,7 @@ describe("Upgrade", async function () {
    fx = await Fixture.getSingleton();
  });

-  it("should upgrade wallet contract", async () => {
+  it("should NOT upgrade wallet contract", async () => {
    const MockWalletUpgraded = await ethers.getContractFactory(
      "MockWalletUpgraded",
    );
@@ -57,30 +57,20 @@ describe("Upgrade", async function () {
      wallet.address,
      mockWalletUpgraded.address,
    ]);
-    expectOperationsToSucceed(txnReceipt1);
-
-    // Advance time one week
-    const latestTimestamp = (await ethers.provider.getBlock("latest"))
-      .timestamp;
-    await network.provider.send("evm_setNextBlockTimestamp", [
-      BigNumber.from(latestTimestamp)
-        .add(safetyDelaySeconds + 1)
-        .toHexString(),
-    ]);
+    expectOperationFailure(txnReceipt1, "VG: wallet not upgradable");

    // make call
-    const txnReceipt2 = await proxyAdminCall(fx, wallet, "upgrade", [
+    const txnReceipt2 = await proxyAdminCall(fx, wallet, "upgradeAndCall", [
      wallet.address,
      mockWalletUpgraded.address,
+      [],
    ]);
-    expectOperationsToSucceed(txnReceipt2);
-
-    const newBLSWallet = MockWalletUpgraded.attach(wallet.address);
-    await (await newBLSWallet.setNewData(wallet.address)).wait();
-    await expect(newBLSWallet.newData()).to.eventually.equal(wallet.address);
+    expectOperationFailure(txnReceipt2, "VG: wallet not upgradable");
  });

  it("should register with new verification gateway", async () => {
+    // Still possible to point wallets to a new gateway if desired, just not with v1 deployment
+    return;
    // Deploy new verification gateway

    const [signer] = await ethers.getSigners();