Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proofs: Basic DelayedWETH Capability Expansion #12174

Open
Tracked by #12172
smartcontracts opened this issue Sep 27, 2024 · 0 comments · May be fixed by #12728
Open
Tracked by #12172

Proofs: Basic DelayedWETH Capability Expansion #12174

smartcontracts opened this issue Sep 27, 2024 · 0 comments · May be fixed by #12728
Labels
T-evm-safety Team: EVM Safety

Comments

@smartcontracts
Copy link
Contributor

smartcontracts commented Sep 27, 2024
edited
Loading

Summary

Slightly expands the response capabilities within DelayedWETH to minimize the number of actions needed to quickly respond and the blast radius of these responses.

Context

The DelayedWETH contract acts as a holding contract for the bonded ETH submitted by any participant in a DisputeGame contract. As of the Granite upgrade, each implementation of the DisputeGame uses its own DelayedWETH contract. Each DelayedWETH contract is Ownable and is subject to a number of safety net actions by the owner address (holding balances from specific addresses or removing all ETH held in the DelayedWETH contract). DelayedWETH is additionally subject to the Superchain-wide pause mechanism within the SuperchainConfig. Bonds cannot be retrieved by game participants if the Superchain pause is active.

Problem Statement

Existing security mechanisms within the DelayedWETH contract are inconvenient and slow down the incident response process. Specifically:

  • The DelayedWETH.hold(address target) function creates an approval from the target address to the owner address. Since the target can simply remove this approval, hold MUST be triggered alongside a transferFrom in the same transaction. This adds unnecessary complexity to something that could simply be a single transaction.
  • The various security mechanisms inside of DelayedWETH can only be triggered by the System Owner which has a slow SLA. The Deputy Guardian can act to trigger the Superchain-wide pause, but this is highly disruptive to the entire Superchain ecosystem.

Additionally, it should be noted that all ETH inside a DelayedWETH contract is pooled together regardless of which games are using the contract. We currently mitigate this by using one DelayedWETH contract per game type, but this expands the number of contracts that the System Owner and Guardian roles must manage by at least 2 per additional chain. However, the modifications required to appropriately address this issue are sufficiently extensive that they are considered out of scope for this proposal.

Project Updates

  • [2024-09-27] Draft design document is available here.
  • [2024-09-27] Draft design document is being actively reviewed.
  • [2024-10-28] Design document has been approved and merged.

Resources
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T-evm-safety Team: EVM Safety
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ct): Proofs - Basic DelayedWETH Capability Expansion ScopeLift/optimism
1 participant
@smartcontracts