AragonAppmust now use at least
pragma solidity 0.4.24.
AragonApps must now be initialized before they can be used to prevent uninitialized contracts that may be maliciously initialized by someone else. Trying to access
authP()protected functionality in uninitialized apps will now revert.
newPinnedAppInstance()to include an initialization payload so the new proxy instance could be created and initialized in one atomic call. The new arguments list for the longer overloads is
(byte32 appId, address appBase, bytes initializePayload, bool setDefault).
AragonApp.getExecutor(bytes)has been renamed
getEVMScriptRegistry()exposed alongside it.
AragonApps are petrified on deployment and can only be used behind a proxy.
AragonApps that use any functionality requiring a Kernel (e.g.
auth(), EVMScripts, or the recovery mechanism) now require the app instance to be connected to a Kernel. Frankly, if you're not using any of this functionality, you probably shouldn't be inheriting from
authP()modifiers could still be invoked if the app instance wasn't connected to a Kernel. This was unexpected and confusing behaviour, possibly leading to dangerous situations, and was removed.
AragonApp.runScript(bytes, bytes, address)requires an application to be initialized, and each EVMScript executor contract now also checks if its caller has been initialized to prevent malicious misuse from unintended users.
DeployDelegateScriptwere found to be insecure and have been removed. Although they were still protected by the ACL, the potential for damage was too high due to the fact that they
delegatecalled into a user-submitted address.
AragonApps now have built-in ETH and token recoverability in case they accidentally receive value. A
transferToVault(address)interface is exposed externally to allow someone to send the tokens held by an app instance to the default vault set in the Kernel.
allowRecoverability(address)hook is exposed to allow overloading in
AragonAppsubclasses to control the recoverability behaviour. For example, if an application is meant to hold tokens or ETH, it should turn off the recoverability behaviour for any accepted tokens so they can't be maliciously transferred to another app, even if it is the default vault.
AppProxyPinned) through a gas-limited
.transfer(). This only applies to proxy instances because you can always declare your own
.transfer(), however, you can use
AragonApp.setDepositable(true)at some point to enable this functionality.
setDepositable(true)upon initialization. A fundraising application, however, would likely only want to enable it for the duration of the fundraising period, so it only calls
setDepositable(true)as the period starts and calls
setDepositable(false)when the period ends.
authP()modifiers now also check for
isInitialized()so you don't have to use both modifiers anymore.
AragonAppnow start their storage directly from storage slot 0 rather than an arbitrary value (in aragonOS 3 it was slot 100), making it much easier to inspect, debug, and swap out proxy implementations. This also makes it much easier for aragonOS to add more functionality in the future without requiring data migrations.
Do you have a question? Leave your comments here at our Discourse forum 👇