OP Labs / interop-portal

The OP Stack is a decentralized software stack maintained by the Optimism Collective that forms the backbone of blockchains like OP Mainnet and Base. It's designed to be standardized, shared, and open-source, powering the Optimism ecosystem.

The OP Stack consists of various software components that together enable the creation and operation of EVM equivalent rollup blockchains designed to scale Ethereum while remaining maximally compatible with existing Ethereum infrastructure. It's built as a public good for both the Ethereum and Optimism ecosystems

Prize distribution and scoring

• Total Prize Pool: $ 225000

• Rewards for Cantina Dedicated Researcher: $25,000

• The prize distribution has 2 possible triggers:

  • If one or more valid high severity findings are found, the total pot size is $225,000
  • If one or more valid medium severity findings are found, the total pot size is $100,000

• If no High or Medium severity findings are found then $20,000 is dedicated towards low/informational severity findings. These findings here are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.

  • 1st: $8,000
  • 2nd: $5,000
  • 3rd: $3,000
  • 4th: $2,400
  • 5th: $1,600

• Scoring described in the competition scoring page.

• Findings Severities described in detail on our docs page.

Documentation

• https://docs.optimism.io/stack/interop/explainer
• Interop Portal Overview

Scope

AnchorStateRegistry as source of truth

The OptimismPortal is updated to use the AnchorStateRegistry as the source of truth for the validity of Dispute Game instances. This means that the AnchorStateRegistry now decides whether a given Dispute Game is valid and holds important state like the retirement timestamp and the respected game type.

• Design (MERGED)
• Specification (MERGED)
  • Full contract spec
• Implementation (MERGED)

ETHLockbox for every OptimismPortal

The OptimismPortal is updated to use the ETHLockbox contract to store ETH. The ETHLockbox supports multiple OptimismPortal contracts and has a function that allows an admin account to allow new portals to use the lockbox and to migrate funds from one lockbox to another. Migration functions in the OptimismPortal and the ETHLockbox and the overall migration process defined by these functions are in scope for this contest.

• Design (MERGED)
• Specification (MERGED)
  • Full contract spec
• Implementation (MERGED)

OptimismPortal proving function for Super Roots

The OptimismPortal is updated to have a new version of proveWithdrawalTransaction that uses the Super Root proving path. The Super Root proving path is toggled by the variable superRootsActive which is meant to be triggered when a chain migrates to using Super Roots.

• Design (MERGED)
• Specification (MERGED)
  • Full contract spec
• Implementation (MERGED)

Super Dispute Games

The updated versions of the Dispute Games that use Super Roots are not finalized and are therefore NOT in scope for this contest. Specifically, this means that SuperFaultDisputeGame and SuperPermissionedDisputeGame are out of scope. Encoding functions related to Super Roots are in scope.

Repository

• Repository: https://github.com/ethereum-optimism/optimism
• Commit: e4b921c9dbf8cd3a8db20ef4f15e0e2aa495fcc3
• Relevant PRs
  • #14664
  • #14785

Contracts

The following contracts were modified as part of this proposed upgrade. This list is not an exhaustive list of the contracts that may be impacted as part of the changes in this upgrade. All OP Stack smart contracts are in scope for this audit insofar as they are impacted by the provided changes. Bugs found as part of this contest that are not part of any modified code (i.e., bugs that exist in the currently deployed production smart contracts) should be reported via the Optimism Immunefi program.

• OptimismPortal2.sol
• AnchorStateRegistry.sol
• ETHLockbox.sol
• DeputyGuardianModule.sol
• SystemConfig.sol
• OPContractsManager.sol
• Hashing.sol
• Encoding.sol

Build Instructions

• Please refer to the github repo for instructions

POC Rule

• Mandatory POC rule applies for this competition

Out of scope

• Previous Report
• Security reviews
• Automated findings by Lightchaser https://gist.github.com/ChaseTheLight01/857a08ef1ba6a20d212de090e0ad6c91

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.