Optimism Safe Extensions Competition

Overview

OP Labs has developed Safe Modules and a Safe Guard for use on the Security Council safe which is involved in upgrades to OP Mainnet and other chains in the Superchain.

These modules and guard provide additional security guarantees and add functionality to the Safe contract used by the Security Council, but are absolutely safety critical to ensure the ability to continue upgrading the system.

Prize distribution and scoring

Total Prize Pool $75,000

• Scoring described in the competition scoring page.
• Findings Severities described in detail on our docs page.
• Only High and Medium findings would be accepted for the Primary Prize Pool.
• $5,000 of the total prize pool is reserved for Low Severity or informational findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation:
  • 1st $2,500
  • 2nd $1,250
  • 3rd $500
  • 4th $375
  • 5th $375

Documentation

The modules and guard of the Security Council Safe are outlined in the specs: security-council-safe.md.

Scope

This contest is focused on extensions to the Safe contracts, which control upgrades to OP Mainnet and other OP Chains.

We are particularly interested in identifying any attacks which could either:

1. Allow a bypass of authorization.
2. Introduce the possibility of ‘bricking’ the safe so that it can no longer execute transactions.

A more thorough list of security properties is outlined in the specs linked to above.

Any inaccuracies in the Specs would be considered as a low finding.

Contracts

• Repository: ethereum-optimism/optimism.
• Commit: a6d4eeda11477adfcd106e03131625a40334e3a6
  • LivenessModule (on Sepolia)
  • LivenessGuard (on Sepolia)
  • DeputyGuardianModule (on Sepolia)
  • SafeSigners (Library)

Configurations

Two possible configurations are being considered. Issues in either configuration are welcome.

The first configuration is as currently deployed to Sepolia.

• Configuration 1 diagram

The second configuration adds a Guardian safe which is a 1 of 1 controlled by the Security Council Safe. This configuration reduces the impact of a flaw in the DeputyGuardianModule which might somehow brick, or allow privilege escalation of, the Security Council Safe. In that event, an upgrade could be used to update the Guardian role.

• Configuration 2 diagram

Build Instructions

The full suite of contracts can be built and tested with the following:

cd packages/contracts-bedrock
pnpm install
pnpm build
pnpm test

Proof Of Concept

The ideal PoC would be based on a minimal modification of one of the existing relevant test files located in packages/contracts-bedrock/test/Safe.

Out of Scope

• Scripts and test files.
• Any ethereum-optimism/optimism files not outlined above.
• Any safe-global/safe-smart-account files not directly interacting with the scope outlines above.

Note that any attacks which require a threshold of signers are out of scope.

Automated findings generated by LightChaserV3

• Optimism Safe Extensions bot findings