Skip to content

Instantly share code, notes, and snippets.

View maurelian's full-sized avatar
💯

Maurelian maurelian

💯
495 followers · 104 following
View GitHub Profile
@maurelian
maurelian / nameprep-search.md
Last active February 4, 2022 02:56
Nameprep/stringprep library search

Nameprep search

Issue

Cannot find a maintained implementation of name prep for the registrar package

Options

1. Use existing libraries:

@maurelian
maurelian / gist:e2aa4169f42d399e92b22bb96da1cf96
Created January 4, 2022 21:04

1. How many (non-library) contracts are in the scope?

Just our MerkleTrie contracts. The bulk of it is this Lib_MerkleTrie.sol (https://github.com/ethereum-optimism/optimism/blob/88eb324e8648a1b5edabb8d817d0ccf8631a8bc9/packages/contracts/contracts/libraries/trie/Lib_MerkleTrie.sol). But also this wrapper for it: https://github.com/ethereum-optimism/optimism/blob/88eb324e8648a1b5edabb8d817d0ccf8631a8bc9/packages/contracts/contracts/libraries/trie/Lib_SecureMerkleTrie.sol

And these three libs found here: https://github.com/ethereum-optimism/optimism/blob/88eb324e8648a1b5edabb8d817d0ccf8631a8bc9/packages/contracts/contracts/libraries/utils

import { Lib_BytesUtils } from "./Lib_BytesUtils.sol";
import { Lib_RLPReader } from "./Lib_RLPReader.sol";
@maurelian
maurelian / synthetix-changes-checklist.md
Last active October 25, 2021 18:00
SIP-182 Review Checklist for Optimism Regenesis

Checklist used to review this PR to ensure no breaking changes after regenesis. Based on the changeset doc.

  1. Unverified contracts

    • Contracts whose source code has not been verified on Etherscan (Kovan, Optimistic Ethereum) will be wiped out along with their storage.
    • NOTE: Please very that you're not calling any unverified contracts.

  2. Contracts whose source code has been verified will be recompiled with the standard Solidity compiler. As a result of this:

  3. The EXTCODEHASH and CODESIZE of every contract will change.

@maurelian
maurelian / changeset.md
Last active October 22, 2021 18:50

List of key breaking changes to watch for:

  1. Unverified contracts:

    1. Contracts whose source code has not been verified on Etherscan (Kovan, Optimistic Ethereum) will be wiped out along with their storage.

  2. Contracts whose source code has been verified will be recompiled with the standard Solidity compiler. As a result of this:

@maurelian
maurelian / HowToOVM2.md
Last active October 11, 2021 19:33
Tutorial for modifying solidity (or any evm) contracts to run on OVM2.0

@maurelian
maurelian / L2toL1Flow.md
Created January 20, 2021 00:11
Description of the withdrawal flow from Optimistic Ethereum's L2

Description of the withdrawal flow

Starting on L2:

  • Any account on L2 may call OVM_L2CrossDomainMessenger.sendMessage() with the information for the L1 message (aka xDomainCalldata)
    • (ie. _target, msg.sender, _message)
    • This data is hashed with the messageNonce storage variable, and the hash is store in the sentMessages mapping (this is not actually used AFAIK)
    • The messageNonce is then incremented.
  • The OVM_L2CrossDomainMessenger then passes the xDomainCalldata to OVM_L2ToL1MessagePasser.passMessageToL1()
  • the xDomainCalldata is hashed with msg.sender (ie. ovmCaller), and written to the sentMessages mapping.
@maurelian
maurelian / ENSRegistrarReview.md
Last active July 29, 2021 03:55
Independent Audit of the ENS Registrar
@maurelian
maurelian / or.md
Created February 10, 2020 16:28
Some optimistic rollups resources I found helpful

Start with these resources

@maurelian
maurelian / token_checklist.md
Created December 8, 2020 15:24 — forked from shayanb/token_checklist.md
Token Checklist Table
Token Feature Known Vulnerabilities Resources Examples
ERC20 Allowance Double withdrawal (front-running)
@maurelian
maurelian / RustSecurity.md
Last active November 17, 2020 12:51

About rust security and auditing

  • Review clippy warnings; most of the time these are benign or irrelevant, but they can help spotting red flags.
  • Build and run all the unit tests, assess the code coverage and keep note of the un(der)tested component.
  • Review the dependencies listed in Cargo.toml and Cargo.lock: Will the latest version be used? (preferable but not always the right choice) Are these established, trustworthy packages? You may use the subcommand cargo-audit (thanks @dues__ for the pointer).
  • Look for unsafe code blocks, and evaluate the risk (can an attacker control the input used in these blocks? etc.)
  • Look for risky uses of unwrap(), which can cause panics, as opposed to pattern-matched error