0xdeadbeef
high
Bedrock adds the OptimismPortal as the contract that executes withdrawals from L2. Because the old contracts used a different mechanism for proving and executing withdrawals, Users will need to wait more then 7 days to withdraw from L2.
This can be very unexpected and disruptive for users and protocols that built on top of Optimism who rely on the 7 day validation period.
In the old contracts (pre-bedrock) the 7 day validation period was enforced by relayMessage in the L1CrossDomainMessenger.
New bedrock implementation adds the OptimismPortal contract which initiates the 7 day validation period by providing proof in proveWithdrawalTransaction.
proveWithdrawalTransaction creates a new provenWithdrawal for the withdraw hash and declares the current block.timestamp as the timestamp that will be checked against for the 7 days validation period:
provenWithdrawals[withdrawalHash] = ProvenWithdrawal({
outputRoot: outputRoot,
timestamp: uint128(block.timestamp),
l2OutputIndex: uint128(_l2OutputIndex)
});Later the finalizeWithdrawalTransaction checks if 7 days have passed since provenWithdrawals[withdrawHash].timestamp.
provenWithdrawals is set only in the new OptimismPortal (Did not exist before bedrock). It is not aware of how much time has passed in the old validation period. Therefore, users will wait more then 7 days even if they already started their validation period pre-bedrock.
Protocols and users that are dependent on the Optimism 7 days validation period could be impacted: Examples:
- Protocols that have reward cycles based on yield from L2
- Users lending that need funds for account health (in order to not get liquidated)
- Users long/short positions that need to get payed at an expected date.
Old method of validating the 7 day period on withdrawals in relayMessage uses the insideFraudProofWindow:
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts/contracts/L1/messaging/L1CrossDomainMessenger.sol#L295
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts/contracts/L1/rollup/StateCommitmentChain.sol#L165
New method of starting the 7 day validation period: https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/OptimismPortal.sol#L160
7 days finished is validated: https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/OptimismPortal.sol#L243
Manual Review
As the withdraw mechanism is different between pre-bedrock and bedrock. It makes send to make the transitions of legacy withdrawals include some of the old logic and new logic.
Consider when migrating withdrawals to add a snapshot of how much time out of the 7 days validation period has passed to the new withdraw format. Then in OptimismPortal compute the _isFinalizationPeriodElapsed with the delta of pre-bedrock validation period progress to bedrock validation progress (maybe only to version=0 messages)