DEV Community

Antoni Pawlak
Antoni Pawlak

Posted on

dYdX permissioned addresses

Bridge

Who can upgrade the implementation?

What are the implications?

  • code can be substituted with arbitrary code which in the worst case scenario means your funds can be stolen

Who can update state?

  • onlyOperator - EOA designated by governance

Who manages verifiers and operators

GPS Statement Verifier

Who can upgrade the implementation?

  • onlyGovernance - EOA in this case it is EOA, I wonder why they haven't used governance mechanism here also

What are the implications?

  • implementation can be upgraded so the method verifyProofAndRegsiter() can return true every time which means that the fraudulent state can be commited to the rollup

Memory Page Fact Registry

Who can upgrade implementation?

  • no one, contract is not upgradable

Who can registerContinuousMemoryPage()

  • anyone, method is public

FRI Statement

Who can upgrade implementation?

  • no one, contract is not upgradable

Who can verifyFRI()

  • anyone, method is public

Merkle Statement

Who can upgrade implementation?

  • no one, contract is not upgradable

Who can verifyMerkle()

  • anyone, method is public

We can clearly see that current dYdX implementation is far from being decentralised

Top comments (0)