Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add OPCM upgrades FMA #173

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

feat: Add OPCM upgrades FMA #173

wants to merge 7 commits into from

Conversation

maurelian
Copy link
Contributor

@maurelian maurelian commented Nov 29, 2024

FMA associated with OPCM Upgrades.

@mds1 mds1 requested a review from blmalone December 2, 2024 22:54
Copy link
Contributor

@blmalone blmalone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm working my way through this, got to FM1. Will continue soon.

security/fma-l1-upgrades.md Outdated Show resolved Hide resolved
security/fma-l1-upgrades.md Outdated Show resolved Hide resolved
security/fma-l1-upgrades.md Outdated Show resolved Hide resolved
security/fma-l1-upgrades.md Show resolved Hide resolved
Copy link
Contributor

@blmalone blmalone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

few questions mostly for my understanding.


1. The use of spacer variables in L1 contracts to prevent storage collisions.
2. The use of storage layout lock files tracked in git to detect breaking changes.
3. The use of off-chain checks in the `superchain-ops` scripts to ensure that getters
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you talking about a check that looks something like this?

When we eventually use op-deployer for upgrades, are we still going to be using the same superchain-ops setup? i.e.

  • Write a script and VALIDATIONS.md file
  • Inside the script, we will call upgrade() on the target opcm.
  • Inside the post check function in the script we will perform necessary validation.

Am I right in saying we will continue to use the same superchain-ops process once we upgrade to opcm?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you talking about a check that looks something like this?

Yes.

Am I right in saying we will continue to use the same superchain-ops process once we upgrade to opcm?

I think this is an open question, and one that the upgrades team will need to make together. I know there are significant changes to the ops repo planned, so that will have an impact here.

security/fma-l1-upgrades.md Show resolved Hide resolved
security/fma-l1-upgrades.md Outdated Show resolved Hide resolved
security/fma-l1-upgrades.md Outdated Show resolved Hide resolved
security/fma-l1-upgrades.md Show resolved Hide resolved
security/fma-l1-upgrades.md Show resolved Hide resolved
security/fma-l1-upgrades.md Show resolved Hide resolved
security/fma-l1-upgrades.md Outdated Show resolved Hide resolved
#### **Mitigations:**

1. Define the correct upgrade path in the `superchain-registry`.
2. Enforce the correct upgrade path in `op-deployer` which is the official interface for upgrading OP Chains.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if it would be useful to have a solidity script in superchain-ops that helps with double checking the OPCM address is correct for the current version by using a library like: https://github.com/memester-xyz/surl

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In addition the the op-deployer check, this would add some defense in depth.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting idea. One of the main open gaps is to clarify how superchain-ops fits into the flow and where the line is between it and op-deployer.

security/fma-l1-upgrades.md Show resolved Hide resolved
@blmalone blmalone self-requested a review December 4, 2024 21:40
Copy link
Contributor

@blmalone blmalone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, not hitting approve just yet as I know you're still working on this.


#### **Detection:**

This is detected whenever and however it is detected.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea it seems like you're calling out the complexity of the process here. Detection of a fault might be accidentally upgrading to the wrong version. In that case, we hope that we have some defense in depth against this. Employing some of the techniques you mentioned earlier in the doc i.e. checking superchain-registry ordering of OPCMs before execution of the upgrade.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exactly. I think this might be too fuzzy of a failure mode and it's already covered by "FM4: Failure to follow upgrade path". How do you feel about removing it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's fine to remove. Like you said, it's covered in FM4.

security/fma-l1-upgrades.md Show resolved Hide resolved
security/fma-l1-upgrades.md Outdated Show resolved Hide resolved
security/fma-l1-upgrades.md Outdated Show resolved Hide resolved
security/fma-l1-upgrades.md Outdated Show resolved Hide resolved
security/fma-l1-upgrades.md Outdated Show resolved Hide resolved
security/fma-l1-upgrades.md Outdated Show resolved Hide resolved
security/fma-l1-upgrades.md Show resolved Hide resolved
@maurelian maurelian changed the title feat: Add L1 upgrades fma feat: Add OPCM upgrades FMA Dec 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants