Sovereign Audit remediations #359
Open
+1,193
−120
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ignasirv
requested review from
invocamanman,
krlosMata and
laisolizq
as code owners
contracts/v2/newDeployments/PolygonRollupManagerNotUpgraded.sol
Outdated
Show resolved
Hide resolved
ignasirv
force-pushed
the
feature/audit-remediations
branch
3 times, most recently
from
450cd7e to
d4e4bad
Compare
ignasirv
force-pushed
the
feature/audit-remediations
branch
from
d4e4bad to
eac43cd
Compare
|
invocamanman
reviewed
Dec 2, 2024
| @@ -16,6 +14,10 @@ contract GlobalExitRootManagerL2SovereignChain is | |||
| // globalExitRootUpdater address | |||
| address public globalExitRootUpdater; | |||
|
|
|||
| // globalExitRootRemover address | |||
| // In case of initializing a chain with Full execution proofs, this address should be set to zero, otherwise, some malicious sequencer could insert invalid global exit roots, claim, go back and the execution would be correctly proved. | |||
There was a problem hiding this comment.
this comment might not be right?¿ we coudl have a timelock or multisig for it, ( could improve the comment with it)
There was a problem hiding this comment.
What do you mean? I understood that in case of a FEP chain, this address has to be zero. Indeed, if it's not zero can be a multisig but what happens with the comment?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The following PR implements de remediations for the audit.
It also fixes a security issue found aposteriori of the audit:
To avoid this behavior, the following remediations have been implemented:
unsetMultipleClaimedBitmapto unset claims from the bitmap has been implemented -> IMPORTANT to audit with careful, it makes tricky bit operations. Can only be called by bridgeManagersetSovereignTokenAddresshas been removed for bytecode length performance improvementPolygonZkEVMBRidgeV2has been overwritten. They have been overwritten without some checks only necessary for bridges that are being deployed on L1, which is not the case.