Add Rollback template to setup templates #149
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stevieraykatz
changed the title
There was a problem hiding this comment.
Overall onboard! These small changes might make it clearer, but at your discretion @stevieraykatz
| // but both txs will be signed ahead of time. Need to explicitly override the nonce to | ||
| // ensure that the correct nonce is used in the sign, simulate and execution steps. | ||
| function _getNonce(IGnosisSafe) internal override view returns (uint256 nonce) { | ||
| nonce = vm.envUint("ROLLBACK_NONCE"); |
There was a problem hiding this comment.
Suggested change
| nonce = vm.envUint("ROLLBACK_NONCE"); | |
| nonce = vm.envUint("EXPECTED_NONCE"); |
Comment on lines
+40
to
+42
| // This transaction expects that there will be a `Pause` transaction before this one | ||
| // but both txs will be signed ahead of time. Need to explicitly override the nonce to | ||
| // ensure that the correct nonce is used in the sign, simulate and execution steps. |
There was a problem hiding this comment.
Suggested change
| // This transaction expects that there will be a `Pause` transaction before this one | |
| // but both txs will be signed ahead of time. Need to explicitly override the nonce to | |
| // ensure that the correct nonce is used in the sign, simulate and execution steps. | |
| // This transaction expects that there will be a `Pause` transaction before this one | |
| // but both txs will be signed ahead of time. Need to explicitly override the nonce to | |
| // ensure that the correct nonce is used in the sign, simulate and execution steps. | |
| // Note that dynamically calculating the nonce will lead to errors in signature sorting, | |
| // hence the use of an envvar to fix the nonce to a static value. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
TLDR; this PR implements an example script which shows that a rollback transaction should explicitly set the nonce returned by
_getNonce()using an .env var. Hopefully this template will help avoid issues seen below.Full context:
In executing
mainnet/2024-03-05-pause-unpause-testwe ran into an issue wherein the signatures were being incorrectly ordered by the execution call. This was leading to reverts since the Safe requires that signatures are arranged in address-ascending order.The root cause was traced back to the fact that
_getNoncewas being overwritten by the following:This was fine for signing and simulating the transaction because these occurred before the preceding
Pausetransaction had been submitted. But when it came time to execute the transaction, this nonce increment was used in the execution context causing thehashused byecrecoverto differ from the correcthash. In turn, this lead to invalid addresses being returned which were then used to sort the signatures incorrectly.