bytecode validation for L1 contracts

Question

bytecode validation for L1 contracts

Closed this issue a month ago · 3 comments

at the moment we are checking the contract version, but that is not a final solution for this check.
So we want to check contract logic and do the bytecode validation for L1 contracts we are using.

Answer 1 · 2024-08-05T11:18:13.000Z

Assumption is that this shouldn’t be a ton of work, “just a static list of implementation code hashes.” No immutables because all standard chains are post-MCP.

Answer 2 · 2024-08-05T11:20:57.000Z

I suggest we change this mapping https://github.com/ethereum-optimism/superchain-registry/blob/main/validation/standard/standard-versions.toml (from contract name to version string) to a mapping from contract name to bytecode hex string, with the version in a comment. Then it should not be a big lift to check the code deployed for each contract name, we just use eth_getCode instead of a call to the .version() method.

Answer 3 · 2024-08-07T13:11:38.000Z

Updating t shirt size since I realise we need to (sometimes) go through a proxy to get the bytecode over RPC. Adds a little complexity.