Skip to content

fix: shadowed-local warnings + zero-commitment policy actor note + style + optimizations#33

Merged
chunter-cb merged 2 commits into
mainfrom
fix/policymanager-note-and-shadowed-locals
Jul 13, 2026
Merged

fix: shadowed-local warnings + zero-commitment policy actor note + style + optimizations#33
chunter-cb merged 2 commits into
mainfrom
fix/policymanager-note-and-shadowed-locals

Conversation

@chunter-cb

@chunter-cb chunter-cb commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator
  • Shadowed locals (solc warnings). Renamed locals that shadowed a declaration in scope: unlocksAtunlockTime in getLockStatus, and policyTargettarget in _authenticate (shadowed the named return) and _authenticateK1 (shadowed the sibling function-body local). Pure renames — no behavior change.
  • Zero-commitment policy actor. Added an inline note to PolicyManager.execute() / _enforceExternal() explaining that a SCOPE_POLICY actor with a zero commitment is valid per the spec (gating is the scope bit, not the commitment value) but is treated as ungated by this reference manager, because a real binding commits to nonzero keccak256 params. Matches the note already in the policies README.
  • README wording. Sharpened the SCOPE_POLICY example: combining SENDER adds no authority the protocol will honor (the README already said "SHOULD NOT", not "MUST NOT").

Test plan

  • forge build — clean, no "declaration shadows" warnings.
  • forge test — 355 passed, 0 failed.

… actors

- Rename local `unlocksAt`/`policyTarget` variables that shadowed named
  returns (getLockStatus, _authenticate) and an outer-scope local
  (_authenticateK1), clearing the solc "declaration shadows" warnings. Pure
  renames, no behavior change.
- Add an inline note to PolicyManager.execute/_enforceExternal clarifying
  that a zero-commitment SCOPE_POLICY actor is valid per the spec (gating is
  the scope bit, not the commitment) but is treated as ungated by this
  reference manager, since a real binding commits to nonzero keccak256 params.
- Sharpen the README SCOPE_POLICY example to state that combining SENDER adds
  no authority the protocol will honor.
* style: pin compiler version, dedupe policy/self helpers, positive-framing comments

- Pin deployed contracts (AccountConfiguration, accounts, canonical
  authenticators) to solc 0.8.36 and bump foundry.toml to match, so the
  pragma equals the build compiler and CREATE2-derived addresses stay
  reproducible; interfaces/examples keep open pragmas.
- Extract _writePolicySlots, _disableInlineSelf, _resolveExplicitActor,
  and _policyTargetFor to remove duplicated policy-slot writes and
  actor-resolution logic across the auth/authorize/revoke paths.
- Flatten _slicePolicy with an early return; rename the "ACTOR ELEVATED
  SCOPES" divider to "ACTOR SCOPE BITS" and reword the ERC-1271 note to
  positive framing (no phantom SIGNER bit).
- Refresh stale NatSpec ("written iff" -> "non-zero only when",
  ActorConfig fields, SCOPE_NONCE) to match the merged EIP.

* style: use @notice for error NatSpec in example policy contracts

Per Coinbase style guide 3.B.1 (errors minimally need @notice). Convert
@dev error docs to @notice in SessionPolicy and PolicyManager, and add
@notice to the four previously-undocumented PolicyManager errors.
@chunter-cb chunter-cb merged commit 9fccb5e into main Jul 13, 2026
5 checks passed
@chunter-cb chunter-cb changed the title fix: shadowed-local warnings + zero-commitment policy actor note fix: shadowed-local warnings + zero-commitment policy actor note + style + optimizations Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant