search

l2beat / l2beat

L2BEAT is an analytics and research website about Ethereum layer two (L2) scaling solutions.
https://l2beat.com
MIT License
499 stars 422 forks source link

Fuel "Current level of decentralization" incorrect #29

Closed adlerjohn closed 3 years ago

adlerjohn commented 3 years ago

The "Current level of decentralization" for Fuel is incorrectly described as "Low" for the following reasons.

Test deployment on mainnet? no verified source on etherscan

  1. Fuel was the first optimistic rollup to be deployed to mainnet, and was deployed in 2020.
  2. The source code can be deterministically compiled and verified against the bytecode on the Ethereum blockchain. Verifying code through a centralized block explorer does not decentralized make. We provide a helper script here: https://github.com/FuelLabs/fuel/blob/2ca18a536dfa8717e743138a4463347b3f2574dd/package.json#L30 that can be used with just a bit of elbow grease.
krzkaczor commented 3 years ago

Hey @adlerjohn, thanks for reaching out! Definitely, I want to continuously improve the quality of l2s descriptions and data.

I decided to go with "low" because I didn't find any obvious way to read the actually deployed source code. Now I see that probably the reason is usage of a language that is not supported by etherscan, is that correct?

Anyway, since you're here, can you answer if the contract has an upgrade or update mechanism that could be used to steal funds locked in the bridge? Or is there any other "escape hatch" in the current impl?

Btw. can you help me to understand the current state of Fuel? What's the main fault of the lack of adoption? (lack of wallets? marketing?).

Cheers!

adlerjohn commented 3 years ago

the reason is usage of a language that is not supported by etherscan, is that correct?

That's right, the Fuel contracts are written in Yul+. You can find them here https://github.com/FuelLabs/fuel.

if the contract has an upgrade or update mechanism that could be used to steal funds locked in the bridge? Or is there any other "escape hatch" in the current impl?

No. You can go through all the code to be sure, but if you trust we're not obfuscating anything you can easily see that there are no functions in the ABI that allow upgrading or pausing: https://github.com/FuelLabs/fuel/blob/2ca18a536dfa8717e743138a4463347b3f2574dd/src/Fuel.yulp (the ones with case sig"... are external functions).

This repo might be of use to you: https://github.com/adlerjohn/rollups-admin-keys.

can you help me to understand the current state of Fuel?

That's probably a question better reserved for our community Discord (link is in our contract repo above).

krzkaczor commented 3 years ago

Thanks, that was very helpful. I decided to make our descriptions of current levels of decentralization a little bit more in-depth.

I bumped Fuel score to "medium" as I am worried that due to the current lack of adoption there are no validators running and optimistic rollups require them to work correctly. I noted "permisonless-ness" of the system and the fact that no one can steal funds by updating code (as long as there are validators).

Thanks again for bringing this up and for making https://github.com/adlerjohn/rollups-admin-keys - it saved me some time.