fix: emit ProjectCreated event before configuration events#85
Open
fix: emit ProjectCreated event before configuration events#85
Conversation
- Add updateOrgMetaAsAdmin function for admin hat wearers to edit metadata directly - Add setOrgAdminHat/getOrgAdminHat to configure per-org admin hats - Add setHatsProtocol/getHatsProtocol for Hats Protocol integration - Falls back to topHat if no admin hat is configured - Add IHats interface for checking hat wearers - Add NotOrgAdmin custom error - Add OrgAdminHatSet and HatsProtocolSet events This enables org admins (topHat or configured admin hat wearers) to update organization metadata (name, description, logo, links) without going through the governance proposal flow. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The hats-protocol library already defines an IHats interface in lib/hats-protocol/src/Interfaces/IHats.sol. When OrgRegistry.sol is imported alongside files that import the full IHats, the compiler throws an "Identifier already declared" error. Renamed our minimal interface to IHatsMinimal to avoid the collision. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
… interface Removes the custom IHatsMinimal interface and imports the actual IHats interface from the hats-protocol library. This is the proper approach: - Reuses the existing, well-tested interface - Follows the pattern used elsewhere in the codebase - Avoids interface duplication and potential inconsistencies Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove setHatsProtocol/getHatsProtocol - hats address passed as param instead - Rename to OrgMetadataAdmin to clarify scope (metadata editing only, not full admin) - metadataAdminHatOf is optional - if 0, falls back to topHat - Cleaner interface: no global state, explicit hats address per call Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…ameter Security fix: Previously updateOrgMetaAsAdmin took hats address as a parameter which could allow malicious callers to pass a fake contract. Now the hats address is stored in contract storage and set via initialize. Changes: - Add IHats hats to Layout storage struct - Add hats parameter to initialize() function - Add getHats() view function - Remove hats parameter from updateOrgMetaAsAdmin (now uses stored address) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Tests cover: - updateOrgMetaAsAdmin with topHat (fallback) - updateOrgMetaAsAdmin with custom admin hat - updateOrgMetaAsAdmin reverts for non-hat wearers - updateOrgMetaAsAdmin reverts when no hats configured - updateOrgMetaAsAdmin reverts for unknown org - setOrgMetadataAdminHat by executor - setOrgMetadataAdminHat reverts for non-executor - setOrgMetadataAdminHat can reset to zero - getOrgMetadataAdminHat returns zero by default - Custom admin hat takes precedence over topHat - getHats returns correct address Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…dress Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix event ordering in TaskManager._createProjectInternal to emit ProjectCreated before ProjectManagerUpdated and ProjectRolePermSet events. This ensures subgraph indexing can properly create the Project entity before receiving configuration events. Fixes #84 Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
…ganizationArchitect/POP into hudsonhrh/event-ordering-fix
…ication systems (#86) ## Changes ### Fix 5: Emit MirrorSet event in constructor - Added MirrorSet event emission when SwitchableBeacon initializes in Mirror mode - Tests verify constructor emits event correctly for both modes ### Fix 2: Implement two-step ownership (Ownable2Step) - SwitchableBeacon: Added pendingOwner state, OwnershipTransferStarted event, acceptOwnership() - Executor: Added acceptBeaconOwnership() helper for deployment flow - GovernanceFactory: Added execBeacon to GovernanceResult, initiates transfer - OrgDeployer: Accepts executor beacon ownership after deployment - Comprehensive test coverage for all two-step scenarios ### Fix 1: Transfer eligibility/toggle beacon ownership to Executor - GovernanceFactory: Pass result.executor as beaconOwner to _deployEligibilityModule and _deployToggleModule - Eligibility/toggle beacons now owned by executor from creation (no transfer needed) - Added 3 tests verifying all module beacons owned by executor after deployment ### Fix 3: Remove setAutoUpgrade from OrgRegistry - Removed setAutoUpgrade() function and AutoUpgradeSet event - autoUpgrade now immutable (set at deployment, read-only thereafter) ### Earlier improvements (from prior context) - TaskManager: Added rejectTask(), TaskApplicationSubmitted, TaskApplicationApproved events - EligibilityModule: Added applyForRole(), withdrawApplication() with application system - Comprehensive tests for task rejection and role application flows All 627 tests pass. Code formatted with forge fmt. Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
…#87) - Fix 1: Add replay protection to announceWinner in voting contracts - Fix 2: Enforce strict access control for Executor.setCaller - Fix 3: Restrict OrgDeployer.setUniversalPasskeyFactory to poaManager - Fix 4: Add access control to PaymasterHub.registerOrgWithVoucher - Fix 5: Fix PaymasterHub._checkOrgBalance underflow logic - Fix 6: Move bounty totalPaid increment to post-transfer in PaymasterHub - Fix 7: Add nonReentrant guard and fix CEI violation in claimVouchedHat - Fix 8: Remove unsafe dailyVouchCount decrement in vouch revocation - Fix 9: Add configurable SELF_REVIEW permission for task self-approval - Fix 10: Salt answer hashes with module ID to prevent brute-force - Fix 11: Validate zero public keys and max credentials in PasskeyAccount Added 19 comprehensive tests across 7 test files covering all security fixes. All 646 tests pass with zero failures. Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
Enable fee collection without distribution: PaymasterHub now supports pausing solidarity fund distribution to allow fee accumulation before enabling the tier matching and grace period systems. When paused, organizations must fund 100% of transactions from their own deposits while 1% fees still accumulate in the solidarity fund. Key changes: - Add distributionPaused boolean flag to SolidarityFund struct - Implement pauseSolidarityDistribution() and unpauseSolidarityDistribution() (PoaManager only) - Update _checkSolidarityAccess, _updateOrgFinancials, and _checkOrgBalance to respect paused state - Block POA onboarding when distribution is paused - Fix getOrgGraceStatus to return accurate values (solidarity=0) when paused - Add idempotency guards to pause/unpause functions (no-op when already in that state) Tests: - 16 new tests covering initialization, access control, state transitions, idempotency, and view function behavior when paused - All 643 existing tests passing Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
* fix: Add _disableInitializers() to 12 contracts and comprehensive upgrade safety tests
- Added _disableInitializers() constructor to 8 contracts with no constructor (Executor, ParticipationToken, TaskManager, QuickJoin, EducationHub, PaymentManager, UniversalAccountRegistry, ImplementationRegistry) preventing re-initialization attacks on implementation contracts
- Replaced weak constructor() initializer {} pattern in 4 contracts (HybridVoting, DirectDemocracyVoting, OrgRegistry, OrgDeployer) with _disableInitializers() for stronger initialization guards
- Added implementation validation to PoaManager.upgradeBeacon() and addContractType() to reject EOA addresses
- Added implementation validation to PaymasterHub._authorizeUpgrade() to prevent UUPS upgrades to invalid addresses
- Removed misleading __gap[50] from PaymasterHub (unnecessary with ERC-7201 namespaced storage)
- Fixed 8 test files to use BeaconProxy pattern instead of direct initialization of implementation contracts
- Created UpgradeSafety.t.sol with 24 comprehensive tests covering re-initialization prevention, upgrade authorization, storage preservation, and SwitchableBeacon mode-switching safety
- Created UpgradeEdgeCases.t.sol with 10 production-scenario tests covering full upgrade chains, multi-tenant isolation, mode cycling, sequential upgrades, and ownership transfer flows
- All 696 tests pass with zero failures
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: Update 9 test files to use proxy pattern for initialization
Tests were directly calling initialize() on implementation contracts,
which now revert due to _disableInitializers(). Wrapped all test setups
in UpgradeableBeacon + BeaconProxy before calling initialize().
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fix event ordering in TaskManager to emit ProjectCreated before ProjectManagerUpdated and ProjectRolePermSet events. This resolves subgraph indexing issues where configuration events arrived before the Project entity was created.
Fixes
Closes #84
🤖 Generated with Claude Code