diff --git a/operations/20241203_oft_adapter_upgrade_add_rate_limits/execute-oft-adapter-upgrade.json b/operations/20241203_oft_adapter_upgrade_add_rate_limits/execute-oft-adapter-upgrade.json new file mode 100644 index 00000000..07559cfe --- /dev/null +++ b/operations/20241203_oft_adapter_upgrade_add_rate_limits/execute-oft-adapter-upgrade.json @@ -0,0 +1,13 @@ +{ + "chainId": "1", + "meta": { + "txBuilderVersion": "1.16.5" + }, + "transactions": [ + { + "to": "0x9f26d4c958fd811a1f59b01b86be7dffc9d20761", + "value": "0", + "data": "0x134008d3000000000000000000000000a9e9bbf04f95688d7fd82036f83544630e463cac000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e49623609d000000000000000000000000cd2eb13d6831d4602d80e5db9230a57596cdca63000000000000000000000000a82cc578927058af14fd84d96a817dc85ac4f94600000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044485cc9550000000000000000000000002aca71020de61bb532008049e1bd41e451ae8adc0000000000000000000000002aca71020de61bb532008049e1bd41e451ae8adc0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + } + ] +} \ No newline at end of file diff --git a/operations/20241203_oft_adapter_upgrade_add_rate_limits/schedule-oft-adapter-upgrade.json b/operations/20241203_oft_adapter_upgrade_add_rate_limits/schedule-oft-adapter-upgrade.json new file mode 100644 index 00000000..18e0f5ae --- /dev/null +++ b/operations/20241203_oft_adapter_upgrade_add_rate_limits/schedule-oft-adapter-upgrade.json @@ -0,0 +1,13 @@ +{ + "chainId": "1", + "meta": { + "txBuilderVersion": "1.16.5" + }, + "transactions": [ + { + "to": "0x9f26d4c958fd811a1f59b01b86be7dffc9d20761", + "value": "0", + "data": "0x01d5062a000000000000000000000000a9e9bbf04f95688d7fd82036f83544630e463cac000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f48000000000000000000000000000000000000000000000000000000000000000e49623609d000000000000000000000000cd2eb13d6831d4602d80e5db9230a57596cdca63000000000000000000000000a82cc578927058af14fd84d96a817dc85ac4f94600000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044485cc9550000000000000000000000002aca71020de61bb532008049e1bd41e451ae8adc0000000000000000000000002aca71020de61bb532008049e1bd41e451ae8adc0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + } + ] +} \ No newline at end of file diff --git a/proposals/references/[NM-0217]-OFT-Security-Upgrades.md b/proposals/references/[NM-0217]-OFT-Security-Upgrades.md new file mode 100644 index 00000000..7e5c0f85 --- /dev/null +++ b/proposals/references/[NM-0217]-OFT-Security-Upgrades.md @@ -0,0 +1,32 @@ +# [NM-0217] OFT Security Upgrades + +**File(s)**: [EtherfiOFTUpgradable.sol](https://github.com/etherfi-protocol/weETH-cross-chain/blob/3c8b05409395f4da4f58550afcf63987d633de03/contracts/EtherfiOFTUpgradeable.sol#L1), [PairwiseRateLimiter.sol](https://github.com/etherfi-protocol/weETH-cross-chain/blob/3c8b05409395f4da4f58550afcf63987d633de03/contracts/PairwiseRatelimiter.sol#L1), +[EtherFiOFTAdapterUpgradeable.sol](https://github.com/etherfi-protocol/weETH-cross-chain/blob/3c8b05409395f4da4f58550afcf63987d633de03/contracts/EtherFiOFTAdapterUpgradeable.sol#L9) + +### Summary + +The reviewed PR is meant to introduce security improvements to the cross chain contracts considering that OFT Adapter migration was completed. This PR adds: + +- OFT bridge pausing functionality. It introduces the `PAUSER_ROLE` that can be shared with hypernative to pause bridging to and from the native chain. It uses OpenZeppelin's `AccessControlUpgradeable` contract to achieve this. + +- Pairwise rate limiting. The current iteration of the OFT contracts only rate limits outbound transfers on the token contract. This PR extends the LayerZero `RateLimter` contract to allow for the rate limiting of inbound transfers as well. It also integrates rate limiting into the `UpgradeableOFTAdapter` contract. + +- Deprecate default admin. Before the update, there were 2 roles that could set critical parameters, `Owner` and `Default_Admin`. They were merged into one, `Owner`. + +--- + +### Findings + +### [Info] Wrong import won't allow the contract to compile + +**File(s)**: [EtherfiOFTUpgradeable.sol](https://github.com/etherfi-protocol/weETH-cross-chain/blob/3c8b05409395f4da4f58550afcf63987d633de03/contracts/EtherfiOFTUpgradeable.sol#L10) + +**Description**: The `EtherfiOFTUpgradeable` file imports `import {PairwiseRateLimiter} from "./PairwiseRateLimiter.sol";`, the problem is that the actual file's name is `PairwiseRatelimiter` with lowercase `l` instead of `L`. Because of this we get the error `Source "contracts/PairwiseRateLimiter.sol" not found: File not found.` + +**Recommendation(s)**: Rename the `PairwiseRatelimiter.sol` file accordingly. + +**Update from client**: +Updated to ensure consistency across different operating systems: +https://github.com/etherfi-protocol/weETH-cross-chain/pull/14/commits/6a0834b208a33a59036fbbc9cd90afafe0f48f5f + +---