Blog | Home | GitHub | LinkedIn | Twitter | Medium

Elliot Friedman, Builder, Smart Contract Engineer

TVL: $2,178,650,365  |  Total Transactions: 2,254,490 |  Deployed Smart Contracts: 67 |  Hack Losses: $0.00

Introducing Forge Proposal Simulator

Introducing Forge Proposal Simulator Elliot

Elliot Follow 2 min read ยท Jan 17, 2024

-- Listen

Listen Share

Share

Decentralized governance is a significant benefit of blockchain technology, and it is changing the way software is built and organizations are structured. However, trusted signers have often lacked secure tools to engage with proposals, and human error in governance interactions has caused many bugs. To address these challenges, Solidity Labs has created a framework that enables developers and signers to extensively test their proposals, thereby eliminating an entire category of bugs.

Decentralized governance is a significant benefit of blockchain technology, and it is changing the way software is built and organizations are structured. However, trusted signers have often lacked secure tools to engage with proposals, and human error in governance interactions has caused many bugs. To address these challenges, Solidity Labs has created a framework that enables developers and signers to extensively test their proposals, thereby eliminating an entire category of bugs. The Forge Proposal Simulator (FPS) simplifies the process of creating and interacting with governance proposals. Additionally, it ensures that every protocol modification undergoes rigorous checks through an integration test suite, confirming the protocol's integrity from proposal creation to execution. This tool provides another layer of security, giving stakeholders, developers, and signers the confidence that their proposals have been adequately tested. By relying on code and the existing test suite, governance becomes safer for all.

The Forge Proposal Simulator (FPS) simplifies the process of creating and interacting with governance proposals. Additionally, it ensures that every protocol modification undergoes rigorous checks through an integration test suite, confirming the protocol's integrity from proposal creation to execution. This tool provides another layer of security, giving stakeholders, developers, and signers the confidence that their proposals have been adequately tested. By relying on code and the existing test suite, governance becomes safer for all. To demonstrate the potential of this tool, let's consider a governance model that relies on a Gnosis Safe account to secure a protocol. Once a proposal has successfully passed through community voting, it becomes essential to take action and update the protocol. However, if the proposal incorrectly modifies a protocol parameter, it can create further problems. To prevent this, developers can use the framework's ability to leverage your existing test suite, which validates the proposal's integrity and execution, ensuring that the protocol remains secure. As a result, this provides yet another layer to the security stack.

To demonstrate the potential of this tool, let's consider a governance model that relies on a Gnosis Safe account to secure a protocol. Once a proposal has successfully passed through community voting, it becomes essential to take action and update the protocol. However, if the proposal incorrectly modifies a protocol parameter, it can create further problems. To prevent this, developers can use the framework's ability to leverage your existing test suite, which validates the proposal's integrity and execution, ensuring that the protocol remains secure. As a result, this provides yet another layer to the security stack. This solution has been carefully designed to provide developers with the necessary flexibility and power to create proposals. Based on our experience working with many protocols, each with its own governance models, we have identified secure ways for structuring proposal development and testing. These steps include deploying contracts, interacting with newly deployed contracts (e.g transferring ownership from the deployer to a multisignature address), generating calldata to send to target contracts (e.g., changing a protocol parameter), and finally, validating the protocol state after the proposal is executed. The design is loosely coupled, making it easy to integrate into any governance model and proposal type, regardless of whether the Openzeppelin Timelock Controller, Gnosis Safe, or any other permissioned access system is used.

This solution has been carefully designed to provide developers with the necessary flexibility and power to create proposals. Based on our experience working with many protocols, each with its own governance models, we have identified secure ways for structuring proposal development and testing. These steps include deploying contracts, interacting with newly deployed contracts (e.g transferring ownership from the deployer to a multisignature address), generating calldata to send to target contracts (e.g., changing a protocol parameter), and finally, validating the protocol state after the proposal is executed. The design is loosely coupled, making it easy to integrate into any governance model and proposal type, regardless of whether the Openzeppelin Timelock Controller, Gnosis Safe, or any other permissioned access system is used. To get started, take a look at our proposal documentation, view the code on github and the example repository. This project was born out of our own struggles to test and validate governance proposals and deployment scripts, and we believe it can assist in making your protocol more secure.

To get started, take a look at our proposal documentation , view the code on github and the example repository . This project was born out of our own struggles to test and validate governance proposals and deployment scripts, and we believe it can assist in making your protocol more secure.