bytecode validation for L1 contracts
Closed this issue · 3 comments
at the moment we are checking the contract version, but that is not a final solution for this check.
So we want to check contract logic and do the bytecode validation for L1 contracts we are using.
Assumption is that this shouldn’t be a ton of work, “just a static list of implementation code hashes.” No immutables because all standard chains are post-MCP.
I suggest we change this mapping https://github.com/ethereum-optimism/superchain-registry/blob/main/validation/standard/standard-versions.toml (from contract name to version string) to a mapping from contract name to bytecode hex string, with the version in a comment. Then it should not be a big lift to check the code deployed for each contract name, we just use eth_getCode
instead of a call to the .version()
method.
Updating t shirt size since I realise we need to (sometimes) go through a proxy to get the bytecode over RPC. Adds a little complexity.