Descriptor V3 Upgrade
tl;dr: Followup to prop 599's successful audit.
This proposal activates a new version of the Nouns Descriptor contract, which contains one significant improvement: trait updates. The Descriptor is the contract that stores and renders Noun artwork and token metadata.
Auditors summary The code first underwent manual review. This was to identify all flows across the nounsDAO suite that would be altered by the proposed changes. Only cosmetic flows were altered and changes present no risk to core functionality such as minting or governance. Secondary manual review was completed to evaluate any structural security concerns raised by these changes. The functions added were derived from the existing functions used to add additional traits. State-altering functions such as addPage were reused rather than remade, which is a security best practice. The worst security outcomes stem from incorrect trait counts. The addition of the trait length checks before and after updating completely eliminate this form of input error. Contracts were subsequently fork tested to confirm desired functionality and access control were working as intended. No security concerns have been raised by this review
Note: There were a few misrendered traits added through last year's 8/8 trait submissions. Updates for all misrendered traits will be proposed in the coming weeks.
Descriptor V3 Upgrade
tl;dr: Followup to prop 599's successful audit.
This proposal activates a new version of the Nouns Descriptor contract, which contains one significant improvement: trait updates. The Descriptor is the contract that stores and renders Noun artwork and token metadata.
Auditors summary The code first underwent manual review. This was to identify all flows across the nounsDAO suite that would be altered by the proposed changes. Only cosmetic flows were altered and changes present no risk to core functionality such as minting or governance. Secondary manual review was completed to evaluate any structural security concerns raised by these changes. The functions added were derived from the existing functions used to add additional traits. State-altering functions such as addPage were reused rather than remade, which is a security best practice. The worst security outcomes stem from incorrect trait counts. The addition of the trait length checks before and after updating completely eliminate this form of input error. Contracts were subsequently fork tested to confirm desired functionality and access control were working as intended. No security concerns have been raised by this review
Note: There were a few misrendered traits added through last year's 8/8 trait submissions. Updates for all misrendered traits will be proposed in the coming weeks.