Closed adlerjohn closed 3 years ago
Hey @adlerjohn, thanks for reaching out! Definitely, I want to continuously improve the quality of l2s descriptions and data.
I decided to go with "low" because I didn't find any obvious way to read the actually deployed source code. Now I see that probably the reason is usage of a language that is not supported by etherscan, is that correct?
Anyway, since you're here, can you answer if the contract has an upgrade or update mechanism that could be used to steal funds locked in the bridge? Or is there any other "escape hatch" in the current impl?
Btw. can you help me to understand the current state of Fuel? What's the main fault of the lack of adoption? (lack of wallets? marketing?).
Cheers!
the reason is usage of a language that is not supported by etherscan, is that correct?
That's right, the Fuel contracts are written in Yul+. You can find them here https://github.com/FuelLabs/fuel.
if the contract has an upgrade or update mechanism that could be used to steal funds locked in the bridge? Or is there any other "escape hatch" in the current impl?
No. You can go through all the code to be sure, but if you trust we're not obfuscating anything you can easily see that there are no functions in the ABI that allow upgrading or pausing: https://github.com/FuelLabs/fuel/blob/2ca18a536dfa8717e743138a4463347b3f2574dd/src/Fuel.yulp (the ones with case sig"...
are external functions).
This repo might be of use to you: https://github.com/adlerjohn/rollups-admin-keys.
can you help me to understand the current state of Fuel?
That's probably a question better reserved for our community Discord (link is in our contract repo above).
Thanks, that was very helpful. I decided to make our descriptions of current levels of decentralization a little bit more in-depth.
I bumped Fuel score to "medium" as I am worried that due to the current lack of adoption there are no validators running and optimistic rollups require them to work correctly. I noted "permisonless-ness" of the system and the fact that no one can steal funds by updating code (as long as there are validators).
Thanks again for bringing this up and for making https://github.com/adlerjohn/rollups-admin-keys - it saved me some time.
The "Current level of decentralization" for Fuel is incorrectly described as "Low" for the following reasons.