Bridge
Who can upgrade the implementation?
-
onlyGovernance- Governance Contract
What are the implications?
- code can be substituted with arbitrary code which in the worst case scenario means your funds can be stolen
Who can update state?
-
onlyOperator- EOA designated by governance
Who manages verifiers and operators
-
onlyGovernance- Governance Contract
GPS Statement Verifier
Who can upgrade the implementation?
-
onlyGovernance- EOA in this case it is EOA, I wonder why they haven't used governance mechanism here also
What are the implications?
- implementation can be upgraded so the method
verifyProofAndRegsiter()can return true every time which means that the fraudulent state can be commited to the rollup
Memory Page Fact Registry
Who can upgrade implementation?
- no one, contract is not upgradable
Who can registerContinuousMemoryPage()
- anyone, method is public
FRI Statement
Who can upgrade implementation?
- no one, contract is not upgradable
Who can verifyFRI()
- anyone, method is public
Merkle Statement
Who can upgrade implementation?
- no one, contract is not upgradable
Who can verifyMerkle()
- anyone, method is public
We can clearly see that current dYdX implementation is far from being decentralised
Top comments (0)