-
Notifications
You must be signed in to change notification settings - Fork 147
docs(l2): add timelock contract docs #5685
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
64 commits
Select commit
Hold shift + click to select a range
ac5726d
timelock first steps
JereSalo 5e341dd
improve some stuff and add comments
JereSalo 6138e29
add one more comment about security council
JereSalo a2b631c
Deploy timelock contract and make it compile (not tested)
JereSalo 06429f5
remove comments
JereSalo 75968ed
commit and verify batches to Timelock instead of OnChainProposer
JereSalo ea206cb
add pause and unpause functions
JereSalo 4e2ab15
change mindelay to 30 seconds for testing
JereSalo d390d97
add emergency execution for security council
JereSalo 6516788
remove initialization of bridge address and transfer of ownership
JereSalo 3545409
run cargo fmt
JereSalo 6a41d67
fix solidity lint in Timelock
JereSalo ad29f8a
use onlySelf modifier instead
JereSalo af1f5d7
merge main
JereSalo 8a8df36
rename error in based contract
JereSalo a5c12c7
require timelock address to be set if it's not based
JereSalo 9e740c4
make tiny changes
JereSalo f697e23
deploy timelock only on non-based
JereSalo e4dd641
improve comments in timelock contract
JereSalo 43589a8
add comments to Timelock contract
JereSalo 1e6c0b2
rename owner to governance
JereSalo 89bc0ba
Merge branch 'main' into timelock_l2
JereSalo 1369951
disable initialize function from TimelockControllerUpgradeable
JereSalo a16cd29
Merge branch 'timelock_l2' of github.com:lambdaclass/ethrex into time…
JereSalo 7edc1e0
Make Timelock inherit IOnChainProposer
JereSalo f68872f
let security council upgrade vks
JereSalo aa731cf
add timelock docs (first draft)
JereSalo 90d7add
try fix timelock bug
JereSalo 21a4d5d
add Clone
JereSalo f8bce2a
run cargo fmt
JereSalo fa3c723
make tdx contract point to the timelock and this one implements autho…
JereSalo 3e6b14b
cargo fmt
JereSalo 4442465
Add authorizedSequencerAddresses to interface and implement it as del…
JereSalo f3b40dd
rename owner to timelock_owner
JereSalo da63fe6
tidy and improve Timelock contract, create interface
JereSalo 1c33ced
use proper errors in timelock
JereSalo 2681bb2
use let some instead
JereSalo a56ece8
Keep track of the nonce after deploying
JereSalo 5d8747b
deprecate variable in comment
JereSalo 97f99c0
remove invalid override
JereSalo 0bde3eb
add comment to ocp initialize
JereSalo d35c56b
Revert "Keep track of the nonce after deploying"
JereSalo 790111f
Merge branch 'main' into timelock_l2
JereSalo f6e02d7
rename authorizedSequencerAddresses to isSequencer
JereSalo 0b63415
move errors to timelock interface
JereSalo a02e8e5
ci(l2): fix TDX CI for timelock PR (#5698)
JereSalo 44344bc
add notice
JereSalo 73b8c1c
add address check for bridge
JereSalo c6fab46
merge main
JereSalo 36282af
add comment in proof sender and verifier
JereSalo ec97946
fix stack too deep OnChainProposer
JereSalo eefbc73
add dev to comment in OCP
JereSalo 16b54cc
remove auxiliary initializers
JereSalo c9bb9b9
Merge branch 'main' into timelock_l2
ManuelBilbao f8d4fa4
add upgrades docs
JereSalo 6443ff9
Unify migrations and upgrades and correct READMe and SUMMARY accordingly
JereSalo fbba982
Merge branch 'timelock_l2' into add_timelock_docs
ManuelBilbao 0ce1de2
Merge branch 'main' into add_timelock_docs
ManuelBilbao cde3994
grammar fixes and small corrections
JereSalo 335b24b
Make changes based on copilot suggestions
JereSalo f399583
Update docs/l2/fundamentals/timelock.md
JereSalo 5ffd8bf
Update docs/l2/fundamentals/timelock.md
JereSalo 90626af
Merge branch 'main' into add_timelock_docs
ManuelBilbao 0fe7353
Merge branch 'main' into add_timelock_docs
ManuelBilbao File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| # Timelock Contract | ||
|
|
||
| The Timelock contract gates access to the OnChainProposer (OCP) contract. Changes to the OCP can only be made by first interacting with the Timelock, which manages permissions based on roles assigned to different users. | ||
|
|
||
| ## Timelock Roles | ||
|
|
||
| - Sequencers: Can commit and verify batches. | ||
| - Governance: Can schedule and execute operations, respecting a delay. In practice this could be the role of a DAO, though it depends on the implementation. | ||
| - Security Council: Can bypass the minimum delay for executing any operation that the Timelock can execute. It can also manage other roles in the Timelock. | ||
|
|
||
| **Sequencers** will send `commitBatch`, `verifyBatch`, and `verifyBatchesAligned` to the Timelock, and this will execute the operations in the `OnChainProposer`. Eventually there will be Timelock logic, and there will be a time window between commitment and proof verification for security reasons. | ||
|
|
||
| The **Governance** is able to schedule important operations like contract upgrades respecting the minimum time window for the L2 participants to exit in case of undesired updates. Not only can they make changes in the logic of the OnChainProposer, but they can also update the Timelock itself. | ||
|
|
||
| The **Security Council** is designed as a powerful entity that can execute anything within the Timelock or OnChainProposer without delay. We call it security council because its actions are limitless, as it can upgrade any of the contracts whenever it wants, so ideally it should be a multisig composed of many diverse members, and it should be able to take action only if 75% of members agree. Ideally, in a more mature rollup the Security Council would have fewer permissions and would only need to act upon bugs detected on-chain if such a mechanism exists. | ||
| We call this mechanism of executing without delay the `emergencyExecute`. | ||
|
|
||
|
|
||
| ## Basic Functionalities | ||
|
|
||
| These are the things that we can do with the Timelock: | ||
| - Schedule: `schedule(...)` and `scheduleBatch(...)` | ||
| - Execute: `execute(...)` and `executeBatch(...)` | ||
| - Cancel: `cancel(bytes32 id)` | ||
| - Update Delay: `updateDelay(uint256 newDelay)` | ||
|
|
||
| When an operation is **scheduled**, the Governance role may **cancel** it or, after the established delay, **execute** it. | ||
| The delay can be updated, always respecting the current delay to do so. | ||
|
|
||
| It also has a few utility functions: | ||
| - `getMinDelay()`: current minimum delay for new schedules. | ||
| - `hashOperation(...)`, `hashOperationBatch(...)`: pure helpers to compute ids. | ||
| - `getTimestamp(id)`, `getOperationState(id)`, `isOperation*`: query operation status. | ||
|
|
||
| Remember that `Timelock` inherits from `TimelockControllerUpgradeable` (which itself extends `AccessControlUpgradeable`) and `UUPSUpgradeable`, so it will inherit their behavior as well. | ||
|
|
||
| ## Important Remarks | ||
|
|
||
| ### Operation ID collision | ||
|
|
||
| Every scheduled operation is identified by a 32-byte **operation id**. This ID is determined by hashing fields like the target address, value transferred, data, predecessor, and salt. | ||
| Two operations with the same fields will result in the same ID. That's why, if we want to schedule the same operation more than once, we should probably use a salt. | ||
| Example: If for some reason we want to schedule the pause of the OnChainProposer and we use salt zero, the next time we schedule that same operation we'll have to change the salt (assuming no predecessor was specified) in order for the id to be different. | ||
|
|
||
| ### Cancelling a scheduled operation | ||
|
|
||
| `cancel(bytes32 id)` requires the operation id. You typically get it by: | ||
|
|
||
| 1. Reading it from the `CallScheduled(id, ...)` event emitted by `schedule`/`scheduleBatch`, or | ||
| 2. Computing it yourself (off-chain), or | ||
| 3. Calling `hashOperation(...)` / `hashOperationBatch(...)` on-chain to compute it. | ||
|
|
||
| Note that: | ||
| - `hashOperation(...) = keccak256(abi.encode(target, value, data, predecessor, salt))` | ||
| - `hashOperationBatch(...) = keccak256(abi.encode(targets, values, payloads, predecessor, salt))` | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.