aragonOS icon indicating copy to clipboard operation
aragonOS copied to clipboard

Published 20 hours ago verified publisher icon aragon

Kill switch: provide emergency upgrade path

Open facuspagnuolo opened this issue 5 years ago • 0 comments

Fixes #523 Follow up #518

This PR provides an entry point in the Kernel that a new way to access the setApp functionality, but only when the app address that is requested to be updated is disallowed in the kill-switch instance of a DAO. It also implements a new role called APP_MANAGER_EMERGENCY_ROLE , obviously different than the APP_MANAGER_ROLE, since it is supposed to be used from a separate flow. For example, if the APP_MANAGER_ROLE app has been kill-switched, then the APP_MANAGER_EMERGENCY_ROLE app is allowed to perform an upgrade of the APP_MANAGER_ROLE app.

We could use this new entry point from the voting app to provide all the DAOs a way to bypass the root of authority chain in case any of its components gets kill-switched. Ofc, as explained in the issue linked, there is a list of minimum components we will need whitelist to make that happen (Kernel, ACL, Kill switch, Voting app, ...). But note that with this entry point we can now make sure we don't need the full chain whitelisted.

facuspagnuolo avatar Jun 11 '19 00:06 facuspagnuolo