Merge pull request #77 from endaoment/audit-c01-addendum

Audit Item C01 Addendum
endaoment · Aug 8, 2020 · f5c32d2 · f5c32d2
2 parents d5860cb + fb42a7c
commit f5c32d2
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 23 deletions.
diff --git a/contracts/Fund.sol b/contracts/Fund.sol
@@ -113,19 +113,18 @@ contract Fund is Administratable {
    * @param  description The address of the Owner.
    * @param  value The value of the grant in base units.
    * @param  recipient The address of the recieving organization's contract.
-   * @param  orgFactoryContractAddress Address of the orgFactory Contract.
    */
   function createGrant(
     string calldata grantId,
     string calldata description,
     uint256 value,
-    address recipient,
-    address orgFactoryContractAddress
+    address recipient
   ) public onlyAddressOrAdminOrRole(manager, fundFactoryContract.endaomentAdmin(), IEndaomentAdmin.Role.REVIEWER) {
     require(!isEqual(grantId, ""), "Fund: Must provide a grantId");
     require(!isEqual(description, ""), "Fund: Must provide a description");
+    EndaomentAdmin endaomentAdmin = EndaomentAdmin(fundFactoryContract.endaomentAdmin());
     require(
-      checkRecipient(recipient, orgFactoryContractAddress) == true,
+      checkRecipient(recipient, endaomentAdmin.getRoleAddress(IEndaomentAdmin.Role.ORG_FACTORY)) == true,
       "Fund: Recipient contract was not created by the OrgFactory and is not allowed."
     );
     require(
@@ -154,13 +153,13 @@ contract Fund is Administratable {
     string calldata grantId,
     string calldata description,
     uint256 value,
-    address recipient,
-    address orgFactoryContractAddress
+    address recipient
   ) public onlyAddressOrAdminOrRole(manager, fundFactoryContract.endaomentAdmin(), IEndaomentAdmin.Role.REVIEWER) {
     require(!isEqual(grantId, ""), "Fund: Must provide a grantId");
     require(!isEqual(description, ""), "Fund: Must provide a description");
+    EndaomentAdmin endaomentAdmin = EndaomentAdmin(fundFactoryContract.endaomentAdmin());
     require(
-      checkRecipient(recipient, orgFactoryContractAddress) == true,
+      checkRecipient(recipient, endaomentAdmin.getRoleAddress(IEndaomentAdmin.Role.ORG_FACTORY)) == true,
       "Fund: Recipient contract was not created by the OrgFactory and is not allowed."
     );
     require(

diff --git a/test/Fund.test.js b/test/Fund.test.js
@@ -191,7 +191,6 @@ describe("Fund", function () {
       "test grant",
       1,
       org.logs[0].args.newAddress,
-      orgFactory.address,
       { from: manager }
     );
 
@@ -222,16 +221,16 @@ describe("Fund", function () {
 
     // Should revert if anyone besides the manager, admin, or reviewer calls the function
     await expectRevert(
-      this.fund.createGrant(grantId, "test grant", 1, org.logs[0].args.newAddress, orgFactory.address, { from: pauser } ),
+      this.fund.createGrant(grantId, "test grant", 1, org.logs[0].args.newAddress, { from: pauser } ),
       "Administratable: only REVIEWER can access"
     );
     await expectRevert(
-      this.fund.createGrant(grantId, "test grant", 1, org.logs[0].args.newAddress, orgFactory.address, { from: newManager } ),
+      this.fund.createGrant(grantId, "test grant", 1, org.logs[0].args.newAddress, { from: newManager } ),
       "Administratable: only REVIEWER can access"
     );
     // Should revert if no description is given
     await expectRevert(
-      this.fund.createGrant(grantId, "", 1, org.logs[0].args.newAddress, orgFactory.address, { from: manager } ),
+      this.fund.createGrant(grantId, "", 1, org.logs[0].args.newAddress, { from: manager } ),
       "Fund: Must provide a description"
     );
   });
@@ -257,7 +256,6 @@ describe("Fund", function () {
       "test grant",
       1,
       org.logs[0].args.newAddress,
-      orgFactory.address,
       { from: manager }
     );
 
@@ -267,7 +265,6 @@ describe("Fund", function () {
       "update to grant",
       3, 
       org.logs[0].args.newAddress,
-      orgFactory.address,
       { from: manager }
     )
 
@@ -299,16 +296,16 @@ describe("Fund", function () {
 
     // Should revert if anyone besides the manager calls the function
     await expectRevert(
-      this.fund.createGrant(grantId, "test grant", 1, org.logs[0].args.newAddress, orgFactory.address, { from: pauser } ),
+      this.fund.createGrant(grantId, "test grant", 1, org.logs[0].args.newAddress, { from: pauser } ),
       "Administratable: only REVIEWER can access"
     );
     await expectRevert(
-      this.fund.createGrant(grantId, "test grant", 1, org.logs[0].args.newAddress, orgFactory.address, { from: newManager } ),
+      this.fund.createGrant(grantId, "test grant", 1, org.logs[0].args.newAddress, { from: newManager } ),
       "Administratable: only REVIEWER can access"
     );
     // Should revert if no description is given
     await expectRevert(
-      this.fund.updateGrant(grantId, "", 1, org.logs[0].args.newAddress, orgFactory.address, { from: manager } ),
+      this.fund.updateGrant(grantId, "", 1, org.logs[0].args.newAddress, { from: manager } ),
       "Fund: Must provide a description"
     );
   });
@@ -333,7 +330,6 @@ describe("Fund", function () {
       "test grant",
       1,
       org.logs[0].args.newAddress,
-      orgFactory.address,
       { from: manager }
     );
 
@@ -361,11 +357,11 @@ describe("Fund", function () {
 
     // Should revert if anyone besides the manager calls the function
     await expectRevert(
-      this.fund.createGrant(grantId, "test grant", 1, org.logs[0].args.newAddress, orgFactory.address, { from: pauser } ),
+      this.fund.createGrant(grantId, "test grant", 1, org.logs[0].args.newAddress, { from: pauser } ),
       "Administratable: only REVIEWER can access"
     );
     await expectRevert(
-      this.fund.createGrant(grantId, "test grant", 1, org.logs[0].args.newAddress, orgFactory.address, { from: newManager } ),
+      this.fund.createGrant(grantId, "test grant", 1, org.logs[0].args.newAddress, { from: newManager } ),
       "Administratable: only REVIEWER can access"
     );
   });
@@ -384,7 +380,6 @@ describe("Fund", function () {
       "test grant",
       100,
       org.logs[0].args.newAddress,
-      orgFactory.address,
       { from: manager }
     );
 
@@ -420,7 +415,6 @@ describe("Fund", function () {
       "test grant",
       100,
       org.logs[0].args.newAddress,
-      orgFactory.address,
       { from: manager }
     );
 
@@ -458,7 +452,6 @@ describe("Fund", function () {
       "test grant",
       100,
       org.logs[0].args.newAddress,
-      orgFactory.address,
       { from: manager }
     );
 
@@ -480,7 +473,6 @@ describe("Fund", function () {
       "test grant",
       100,
       org.logs[0].args.newAddress,
-      orgFactory.address,
       { from: manager }
     );
     const badUuid = uuidv4();