OP Labs / safe-extensions
Optimism Safe Extensions Competition
Overview
OP Labs has developed Safe Modules and a Safe Guard for use on the Security Council safe which is involved in upgrades to OP Mainnet and other chains in the Superchain.
These modules and guard provide additional security guarantees and add functionality to the Safe contract used by the Security Council, but are absolutely safety critical to ensure the ability to continue upgrading the system.
Prize distribution and scoring
Total Prize Pool $75,000
- Scoring described in the competition scoring page.
- Findings Severities described in detail on our docs page.
- Only High and Medium findings would be accepted for the Primary Prize Pool.
- $5,000 of the total prize pool is reserved for Low Severity or informational findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation:
- 1st $2,500
- 2nd $1,250
- 3rd $500
- 4th $375
- 5th $375
Documentation
The modules and guard of the Security Council Safe are outlined in the specs: security-council-safe.md.
Scope
This contest is focused on extensions to the Safe contracts, which control upgrades to OP Mainnet and other OP Chains.
We are particularly interested in identifying any attacks which could either:
- Allow a bypass of authorization.
- Introduce the possibility of ‘bricking’ the safe so that it can no longer execute transactions.
A more thorough list of security properties is outlined in the specs linked to above.
Any inaccuracies in the Specs would be considered as a low finding.
Contracts
- Repository: ethereum-optimism/optimism.
- Commit: a6d4eeda11477adfcd106e03131625a40334e3a6
Configurations
Two possible configurations are being considered. Issues in either configuration are welcome.
The first configuration is as currently deployed to Sepolia.
The second configuration adds a Guardian safe which is a 1 of 1 controlled by the Security Council Safe. This configuration reduces the impact of a flaw in the DeputyGuardianModule which might somehow brick, or allow privilege escalation of, the Security Council Safe. In that event, an upgrade could be used to update the Guardian role.
Build Instructions
The full suite of contracts can be built and tested with the following:
cd packages/contracts-bedrock
pnpm install
pnpm build
pnpm test
Proof Of Concept
The ideal PoC would be based on a minimal modification of one of the existing relevant test files located in packages/contracts-bedrock/test/Safe
.
Out of Scope
- Scripts and test files.
- Any ethereum-optimism/optimism files not outlined above.
- Any safe-global/safe-smart-account files not directly interacting with the scope outlines above.
Note that any attacks which require a threshold of signers are out of scope.
Automated findings generated by LightChaserV3
Summary
Status
CompletedTotal reward:
$75,000
Findings submitted:
373
Start date:
6 May 2024 2:00pm (local time)
End date:
10 May 2024 8:00pm (local time)