Open SidestreamColdMelon opened 6 months ago
https://docs.google.com/spreadsheets/
Rely
events
https://github.com/makerdao/pe-checklists/blob/1aa58eeb9044ac332df4351b80e9b9755454972f/spell/spell-reviewer-mainnet-checklist.md?plain=1#L92Most used services are not lock-in (e.g.: git, ipfs, xlsx, messaging) to circumvent their offline/compromised state we can just pre-define their alternatives. Less portable are spreadsheet comments, github PR reviews and discord channels as they have additional permissions attached to them. The most centralized services that does not have easily interchangeable alternatives are etherscan.io
and tenderly.co
.
Pre-define alternative services / communication channels. Applicable to:
Where possible, use local tools instead of services. Explicitly mark service-based checks as additional/non-blocking. Applicable to:
Replace non-portable linked resources (PR comments / issues / releases / wikis and other information stored outside git) with git or ipfs. Applicable to:
Use on-chain registry of the team + attestations for the most security-crucial operations. Applicable to:
First specific issue for etherscan is created: https://github.com/makerdao/pe-checklists/issues/31
I am making a few comments below in order to move forward with this. I think each topic should be taken into consideration separately in a different issue/thread.
https://docs.google.com/spreadsheets/ => we can use excel compatible formats that can be stored on cloud or ipfs and then opened locally. It is of low severity since different people can create a sheet and it is hard to have censorship.
http://github.com => Alternative options: Gitlab, Bitbucket etc. We should keep local copies in case the Maker account gets suspended e.g. techops making a local copy once a day.
https://ipfs.io/ => Alternative options Arweave,Swarm etc. Pretty decentralized with good availability.
https://etherscan.io/ => no good alternative. Blockscout or sourceify not widely used and without the same features.
https://discord.com/ = > https://signal.org/ or telegram? Create communication channels.
https://signal.org/ => use also telegram? We can share emergency emails for all governance facilitators and spell casters/revierwers.
https://tenderly.co/ => There is no other alternative replacement since the testenets are deprecated.
Foundry = > Hard to replace. Low severity.
Goal
Checklists do not enforce processes that are blocked in case a single service is down
Context
Recently, spell team experienced downtime of etherscan, which caused a multi-hour delay in the spell handover and later confusion among delegates on why contract is not verified on etherscan. The delay was resolved by unanimous agreement within the spell team to proceed with an alternative verifier service and later still use etherscan to verify contract and resolve the confusion. Another reason to not depend on a single service is of course security: it's much easier to compromise a single crucial service documented in the process, than try to attack multiple independent services at the same time.
In order to prepare to such events, we should 1) evaluate existing dependencies 2) evaluate potential circumventions 3) proceed with removing dependencies one-by-one.
Todo