Contracts first version

[bingen]

First version of contracts and tests.
Fixes #1

[izqui]

WIP review

[izqui]

We should index entryIds

[bingen]

Btw, there already was an issue for this, #12 , I just forgot ;-) I'm going to add it to the description so it's closed automatically.

[izqui]

We may run into issues with lockIds changing as when you remove a lock in the staking app the ids can change: https://github.com/aragon/aragon-apps/blob/b968e3ec9ab70cf6cfbfa5ebca8a58460669e7d1/future-apps/staking/contracts/Staking.sol#L173-L178

If a user has an unrelated lock with id = 0 and then creates a lock for creating a challenge with id = 1, if the lock 0 gets unlocked before the challenge is resolved, lock 1 will be lock 0 and unlocking will fail as there is no lock 1.

I think this issue may apply to PLCR voting as well. We may need to rethink how locks get stored in the Staking app.

[bingen]

Yes, since lock ids are exposed to the outside world, they should be immutable.

[bingen]

Created aragon/aragon-apps#406 for this

[izqui]

Even though we can be fairly sure that the staking app is not malicious and it is not going to re-enter, we can have this check after the staking.getLock(msg.sender, lockId) to make sure the storage is correct after the external call.

Ideally we would do a STATICCALL but it is too cumbersome in this version of solidity.

[izqui]

Why do we require a having a lock for this case if the challenge is immediately resolved?

[bingen]

Good point!

[izqui]

This amount is never checked (it is just saved in the Challenge struct) so I assume there is no minimum amount to stake in order to challenge. Couldn't this become a spam issue in which someone can just challenge all applications without having to stake and risk virtually any money?

[bingen]

It's checked inside _checkLock.

[izqui]

Totally missed it, 👍

[izqui]

Why not store the target address directly here?

[izqui]

It would be better to just mload(target), shift the required bits and mstore that. Otherwise we are reading from unknown memory and that's a little scary.

[bingen]

I don't get why we are reading from unknown memory, but my assembly understanding is limited yet. Anyway, you are right, this way is too messy, I did it as you say, just shifting the address, way better. Thanks!

[izqui]

If this function can only be used for unchallenged applications, I would rename to signal that: registerUnchallengedApplication(bytes32 entryId)

[izqui]

Is there a way to remove an entry once registered and recover the deposit?

[bingen]

Good point, not right now. This possibility doesn't appear in any of the documents (white paper, requirements or specs) as far as I remember, but I think it makes total sense. I'll add it, but also pinging @lkngtn so he is aware of this use case.

[izqui]

Also an issue with staking, but it would be more descriptive if the function signature referenced the fact that the unlock is partial: staking.partialUnlockAndMove(...)

[izqui]

I think it would be cleaner if the curation app just took all the tokens from the challenger or applicant onresolveChallenge(...). This way we don't need to modify the lock every time, being more efficient.

Also in terms of the user that lost some tokens, I think it is better to remove them from their account ASAP as there is no way they are going to recover them.

[bingen]

Completely agreed. Plus:

• It would solve the TODO 3 lines below about that truncating issue.
• It would follow the same logic as our PLCR

[bingen]

Fixes #12 (per review).

[bingen]

Fixes #4
Closes #5

[izqui]

This is quite dangerous if there are any challenges open, as they don't have a reference to the voting app, but rely on the global voting instance. I would remove the ability to hot swap the voting app after initialization.

[bingen]

Good catch!!

[izqui]

Note: currently PLCR is not executing scripts https://github.com/aragonlabs/plcr/pull/1/files#r207182982

[izqui]

The end date should be when the voting ends, but since we don't have any guarantee that resolveChallenge(...) will be called at that point, the lock shouldn't have an end date to avoid someone pulling the tokens deposited for the challenge before it can be resolved.

[izqui]

We should have special logic for whether the application was already in the registry or the challenge is done during the applyStageLen period. This isn't causing a crash because the registry doesn't care whether an entry was present in the registry before attempting to delete it: https://github.com/aragonlabs/registry/pull/3/files#r207185327

[bingen]

Yes, actually I think that's the reason I was not doing those checks on Registry app: it was making things easier here, as the operation would become "idempotent", i.e., it doesn't matter what's the state, the result will always be the desired (in this case, having the entry out of the registry).

[izqui]

If the application enters the registry we shouldn't remove its lock

[izqui]

Removing both application and challenge from storage once resolved is going to make it real hard to get historical data from the app. This would be a major change to how data is stored here, but let's think about it.

[izqui]

Should emit an event as PLCR does when tokens are claimed

[izqui]

Every time an application is registered or removed, the curation app should emit an event. With the current state in which we remove application and challenge data right away, it would be very hard for observers of the contract what is going on

[izqui]

Please log when any of the params change.

[izqui]

We should consider all the cases in which locks are created to the curation app that may result in tokens getting locked forever, for example, locking tokens to create an application or challenge and being frontrun in the action. We need a mechanism to unlock when the locks haven't been used.

Comment on the topic for PLCR: https://github.com/aragonlabs/plcr/pull/1/files#r206916590

[bingen]

Yes, another related example: #16
Right now nobody is winning the Vote, so tokens are being locked.