Updates member access condition tests

aragon · Nov 29, 2023 · 805bf2f · 805bf2f
1 parent 27786ae
commit 805bf2f
Show file tree

Hide file tree

Showing 2 changed files with 391 additions and 371 deletions.
diff --git a/packages/contracts/src/MemberAccessExecuteCondition.sol b/packages/contracts/src/MemberAccessExecuteCondition.sol
@@ -19,13 +19,26 @@ contract MemberAccessExecuteCondition is PermissionCondition {
     }
 
     function getSelector(bytes memory _data) public pure returns (bytes4 selector) {
-        // Slices are only supported for bytes calldata
+        // Slices are only supported for bytes calldata, not bytes memory
         // Bytes memory requires an assembly block
         assembly {
             selector := mload(add(_data, 32))
         }
     }
 
+    function decodeGrantRevokeCalldata(
+        bytes memory _data
+    ) public pure returns (bytes4 sig, address who, address where, bytes32 permissionId) {
+        // Slicing is only supported for bytes calldata, not bytes memory
+        // Bytes memory requires an assembly block
+        assembly {
+            sig := mload(add(_data, 32))
+            who := mload(add(_data, 36))
+            where := mload(add(_data, 68))
+            permissionId := mload(add(_data, 100))
+        }
+    }
+
     /// @notice Checks whether the current action wants to grant membership on the predefined address
     function isGranted(
         address _where,
@@ -35,8 +48,8 @@ contract MemberAccessExecuteCondition is PermissionCondition {
     ) external view returns (bool) {
         (_where, _who, _permissionId);
 
-        bytes4 _requestedFuncSig = getSelector(_data);
-        if (_requestedFuncSig != IDAO.execute.selector) {
+        // Is execute()?
+        if (getSelector(_data) != IDAO.execute.selector) {
             return false;
         }
 
@@ -47,19 +60,20 @@ contract MemberAccessExecuteCondition is PermissionCondition {
 
         // Check actions
         if (_actions.length != 1) return false;
-        _requestedFuncSig = getSelector(_actions[0].data);
+
+        // Decode the call being requested (both have the same parameters)
+        (
+            bytes4 _requestedSelector,
+            address _requestedWhere,
+            ,
+            bytes32 _requestedPermission
+        ) = decodeGrantRevokeCalldata(_actions[0].data);
 
         if (
-            _requestedFuncSig != PermissionManager.grant.selector &&
-            _requestedFuncSig != PermissionManager.revoke.selector
+            _requestedSelector != PermissionManager.grant.selector &&
+            _requestedSelector != PermissionManager.revoke.selector
         ) return false;
 
-        // Decode the call being requested (both have the same parameters)
-        (, address _requestedWhere, , bytes32 _requestedPermission) = abi.decode(
-            _actions[0].data,
-            (bytes4 /*funcSig*/, address /*where*/, address /*who*/, bytes32 /*perm*/)
-        );
-
         if (_requestedWhere != targetContract) return false;
         else if (_requestedPermission != MEMBER_PERMISSION_ID) return false;