This repository has been archived by the owner on May 26, 2023. It is now read-only.
obront - Withdrawing process in spec does not include two-step withdrawals #107
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Reward
A payout will be made for this issue
Specification
An issue related to the specification (low severity)
Comments
github-actions
bot
added
Has Duplicates
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
obront
low
Withdrawing process in spec does not include two-step withdrawals
Summary
The withdrawal process in the Introduction of the spec displays the old, single-step withdrawal process, not the new, two-step one.
Vulnerability Detail
The Introduction section of the spec explains withdrawals with the following image:
https://github.com/ethereum-optimism/optimism/blob/develop/specs/assets/user-withdrawing-to-l1.svg
This image seems to have been drawn for the old withdrawal system, including steps:
In the new system, the user submits the proof right away, then waits at least 7 days for the proof (regardless of when block hash finalizes), and then makes an additional call to execute the transaction.
Impact
The spec is still showing the old withdrawal process, and doesn't accurately reflect the new process that will exist in Bedrock.
Code Snippet
https://github.com/ethereum-optimism/optimism/blob/develop/specs/introduction.md#withdrawing
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/OptimismPortal.sol#L160-L344
Tool used
Manual Review
Recommendation
Update the diagram in the spec Introduction to explain the new two-step withdrawal process.
The text was updated successfully, but these errors were encountered: