Optimism users need to wait more then 7 days to execute their withdraws during upgrade.
Summary
Bedrock adds the OptimismPortal as the contract that executes withdrawals from L2. Because the old contracts used a different mechanism for proving and executing withdrawals, Users will need to wait more then 7 days to withdraw from L2.
This can be very unexpected and disruptive for users and protocols that built on top of Optimism who rely on the 7 day validation period.
Vulnerability Detail
In the old contracts (pre-bedrock) the 7 day validation period was enforced by relayMessage in the L1CrossDomainMessenger.
New bedrock implementation adds the OptimismPortal contract which initiates the 7 day validation period by providing proof in proveWithdrawalTransaction.
proveWithdrawalTransaction creates a new provenWithdrawal for the withdraw hash and declares the current block.timestamp as the timestamp that will be checked against for the 7 days validation period:
Later the finalizeWithdrawalTransaction checks if 7 days have passed since provenWithdrawals[withdrawHash].timestamp.
provenWithdrawals is set only in the new OptimismPortal (Did not exist before bedrock). It is not aware of how much time has passed in the old validation period. Therefore, users will wait more then 7 days even if they already started their validation period pre-bedrock.
Impact
Protocols and users that are dependent on the Optimism 7 days validation period could be impacted:
Examples:
Protocols that have reward cycles based on yield from L2
Users lending that need funds for account health (in order to not get liquidated)
Users long/short positions that need to get payed at an expected date.
As the withdraw mechanism is different between pre-bedrock and bedrock. It makes send to make the transitions of legacy withdrawals include some of the old logic and new logic.
Consider when migrating withdrawals to add a snapshot of how much time out of the 7 days validation period has passed to the new withdraw format. Then in OptimismPortal compute the _isFinalizationPeriodElapsed with the delta of pre-bedrock validation period progress to bedrock validation progress (maybe only to version=0 messages)
0xdeadbeef
high
Optimism users need to wait more then 7 days to execute their withdraws during upgrade.
Summary
Bedrock adds the
OptimismPortal
as the contract that executes withdrawals from L2. Because the old contracts used a different mechanism for proving and executing withdrawals, Users will need to wait more then 7 days to withdraw from L2.This can be very unexpected and disruptive for users and protocols that built on top of Optimism who rely on the 7 day validation period.
Vulnerability Detail
In the old contracts (pre-bedrock) the 7 day validation period was enforced by
relayMessage
in theL1CrossDomainMessenger
.New bedrock implementation adds the
OptimismPortal
contract which initiates the 7 day validation period by providing proof inproveWithdrawalTransaction
.proveWithdrawalTransaction
creates a newprovenWithdrawal
for the withdraw hash and declares the currentblock.timestamp
as the timestamp that will be checked against for the 7 days validation period:Later the
finalizeWithdrawalTransaction
checks if 7 days have passed sinceprovenWithdrawals[withdrawHash].timestamp
.provenWithdrawals
is set only in the new OptimismPortal (Did not exist before bedrock). It is not aware of how much time has passed in the old validation period. Therefore, users will wait more then 7 days even if they already started their validation period pre-bedrock.Impact
Protocols and users that are dependent on the Optimism 7 days validation period could be impacted: Examples:
Code Snippet
Old method of validating the 7 day period on withdrawals in
relayMessage
uses theinsideFraudProofWindow
: https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts/contracts/L1/messaging/L1CrossDomainMessenger.sol#L295 https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts/contracts/L1/rollup/StateCommitmentChain.sol#L165New method of starting the 7 day validation period: https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/OptimismPortal.sol#L160
7 days finished is validated: https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/OptimismPortal.sol#L243
Tool used
Manual Review
Recommendation
As the withdraw mechanism is different between pre-bedrock and bedrock. It makes send to make the transitions of legacy withdrawals include some of the old logic and new logic.
Consider when migrating withdrawals to add a snapshot of how much time out of the 7 days validation period has passed to the new withdraw format. Then in
OptimismPortal
compute the_isFinalizationPeriodElapsed
with the delta of pre-bedrock validation period progress to bedrock validation progress (maybe only to version=0 messages)