maurelian

vrepo () {
	if [[ $# -ne 1 ]]
	then
		echo "Usage: vRepo <github URL or org/repo-name>"
		return 1
	fi
	if [[ $1 == *"github.com"* ]]
	then
		urlPath=$(echo $1 | sed 's/.*github.com\///')
		org=$(echo $urlPath | cut -d '/' -f1)

maurelian

#!/bin/bash
TOKEN=< OpenAI token from https://platform.openai.com/account/api-keys >
PROMPT="You are the best at writing shell commands. Assume the OS is Ubuntu. I want you to respond with only the shell commands separated by semicolons and no commentary. Here is what I want to do: $@"
RESULT=`curl -s https://api.openai.com/v1/chat/completions \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer $TOKEN" \
  -d "{
  \"model\": \"gpt-3.5-turbo\",
  \"messages\": [{\"role\": \"user\", \"content\": \"$PROMPT\"}]
}" | jq '.choices[] | .message.content' -r`

maurelian

That's OK. We can still talk about it here, right? 
...
Right?

maurelian

Description

A security vulnerability has been identified in the Ownable contract. The vulnerability lies in the constructor function, which allows anyone to become the owner of the contract without any authentication or authorization. This could potentially allow malicious actors to gain control of the contract and use it for malicious purposes.

The vulnerability can be exploited by sending a transaction to the contract from any address. This would set the _owner variable to the address of the sender, granting them full control of the contract. This could allow malicious actors to modify the contract, transfer funds, or otherwise

maurelian

0x1889dc51448166ca751b713f4532e293c9f22cbd7a2354ec4c1ec18012cf50ec

maurelian

1. How many (non-library) contracts are in the scope?

Just our MerkleTrie contracts. The bulk of it is this Lib_MerkleTrie.sol (https://github.com/ethereum-optimism/optimism/blob/88eb324e8648a1b5edabb8d817d0ccf8631a8bc9/packages/contracts/contracts/libraries/trie/Lib_MerkleTrie.sol). But also this wrapper for it: https://github.com/ethereum-optimism/optimism/blob/88eb324e8648a1b5edabb8d817d0ccf8631a8bc9/packages/contracts/contracts/libraries/trie/Lib_SecureMerkleTrie.sol

And these three libs found here: https://github.com/ethereum-optimism/optimism/blob/88eb324e8648a1b5edabb8d817d0ccf8631a8bc9/packages/contracts/contracts/libraries/utils

import { Lib_BytesUtils } from "./Lib_BytesUtils.sol";
import { Lib_RLPReader } from "./Lib_RLPReader.sol";

maurelian

Checklist used to review this PR to ensure no breaking changes after regenesis. Based on the changeset doc.

1. Unverified contracts

   • Contracts whose source code has not been verified on Etherscan (Kovan, Optimistic Ethereum) will be wiped out along with their storage.
   • NOTE: Please very that you're not calling any unverified contracts.

2. Contracts whose source code has been verified will be recompiled with the standard Solidity compiler. As a result of this:

3. The EXTCODEHASH and CODESIZE of every contract will change.

maurelian

List of key breaking changes to watch for:

1. Unverified contracts:

   1. Contracts whose source code has not been verified on Etherscan (Kovan, Optimistic Ethereum) will be wiped out along with their storage.

2. Contracts whose source code has been verified will be recompiled with the standard Solidity compiler. As a result of this:

maurelian

✅

maurelian

Description of the withdrawal flow

Starting on L2:

• Any account on L2 may call OVM_L2CrossDomainMessenger.sendMessage() with the information for the L1 message (aka xDomainCalldata)
  • (ie. _target, msg.sender, _message)
  • This data is hashed with the messageNonce storage variable, and the hash is store in the sentMessages mapping (this is not actually used AFAIK)
  • The messageNonce is then incremented.
• The OVM_L2CrossDomainMessenger then passes the xDomainCalldata to OVM_L2ToL1MessagePasser.passMessageToL1()
• the xDomainCalldata is hashed with msg.sender (ie. ovmCaller), and written to the sentMessages mapping.