Gate rounds voting by delegated Gnars votes#114
Closed
xSatori wants to merge 6 commits into
Closed
Conversation
Align timeline markers and progress, move winner count into the awards section, and refine winner and prize presentation on round detail pages.
Blocker fixes for the Rounds feature (stacked on feat/rounds): #1 Signature verification — the write path (request/submit/vote) was non-functional for all users. The client signs via thirdweb account.signMessage, which returns an ERC-1271/6492 smart-account signature (every wallet is AA-wrapped, sponsorGas:true), but the server verified with viem's offline EOA-only verifyMessage utility (no client), which can't validate contract signatures. Move verification to a server-only module using viem's public-client verifyMessage Action with the Base serverPublicClient. Forms now bind the signed message to the active (smart) account address (the actual signer) instead of the EOA view address, so the embedded wallet matches the signature. r4topunk#2 Admin PII leak — /rounds/admin was an ungated Server Component that fetched round requests (requester name + email) and passed them as props to a client component whose isAdmin check only hides DOM, so the RSC payload shipped emails to every visitor. Requests now load client-side from a new signature-gated POST /api/rounds/admin/requests route that verifies an approved-admin signature before returning PII. The admin dashboard signs with the admin EOA (allowlist is EOA-keyed) when available. r4topunk#4 Typecheck — annotate the implicit-any row mapper in services/rounds.ts (now tsc-clean once pg is installed). Also: document ROUNDS_DATABASE_URL / DATABASE_URL in env.example, and add unit tests covering the signing-message/digest contract that keeps client and server in agreement. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Closes the missing admin write path (review finding r4topunk#3): nothing wrote the `rounds` table, so listPublicRounds always returned empty and the submit/vote loop was unreachable. Now an approved admin can turn a pending round request into a live round directly from the dashboard. - services/rounds.ts: approveRoundRequest() — transactional; builds a published+active round (and round_awards) from the request's already- validated fields, marks the request approved. Slug collisions resolve to the next free `${slug}-${n}`. rejectRoundRequest() marks it rejected. - validation.ts: resolveRoundSlug() — pure, unit-tested slug de-duplication. - POST /api/rounds/admin/request-review — admin-gated (isRoundAdminAddress + signature whose payload binds requestId + decision, so an admin list/auth signature can't be replayed as an approval). - RoundsAdminDashboard: Approve/Reject buttons on pending requests, shared signed-auth helper, refresh after approve. - Tests: resolveRoundSlug (base/collision/fallback). 78 passed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
@xSatori is attempting to deploy a commit to the r4to's projects Team on Vercel. A member of the Team first needs to authorize it. |
Contributor
Author
|
Closing this PR because the branch included the earlier rounds commit stack after upstream merged rounds via a squash commit. Reopened as a clean PR based on current |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this addresses
This PR upgrades rounds voting so future round votes are gated by delegated Gnars DAO governance voting power. A connected wallet now needs at least 1 delegated Gnars DAO vote from the Gnars token contract before it can vote in any rounds strategy.
Code to review
src/services/round-voting-power.tsDAO_ADDRESSES.tokenwithserverPublicClient.readContract.getVotes(address)rather thanbalanceOf.0on RPC/read failure so voting is blocked instead of granted.src/services/rounds.tsgetRoundVotingPowerto gate every strategy behind delegated Gnars votes.one_per_walletreturns1only when delegated voting power is positive.fixed_per_walletreturnsround.votesPerWalletonly when delegated voting power is positive.one_per_nftnow returns delegated governance voting power.src/app/api/rounds/[slug]/voting-power/route.tsGET /api/rounds/[slug]/voting-power?wallet=....walletAddress,votingPower,usedVotes, andremainingVotes.src/components/rounds/RoundDetailView.tsxremainingVotesfor allocation limits and submit enablement.0voting power.Regression coverage
src/services/round-voting-power.test.tssrc/app/api/rounds/[slug]/voting-power/route.test.tssrc/components/rounds/RoundDetailView.test.tsxTest plan
pnpm test11test files passed86tests passed1todopnpm lint0errors<img>usage outside the rounds filesReview notes
The main behavior to review is the mapping between delegated governance votes and each rounds voting strategy, especially
one_per_nft, which now uses delegated Gnars DAO voting power directly instead of the previous safe one-wallet fallback.