|
| 1 | +# Super Root Withdrawal Proofs |
| 2 | + |
| 3 | +## Purpose |
| 4 | + |
| 5 | +Proposes a modification to the `OptimismPortal` that would add a new overload of |
| 6 | +`proveWithdrawalTransaction` that would allow users to prove against Super Roots. |
| 7 | + |
| 8 | +## Context |
| 9 | + |
| 10 | +Interop introduces the concept of the "Super Root" - a collection of Output Roots from all of the |
| 11 | +different chains in the interop set. The interop fault proof system argues over a super root rather |
| 12 | +than an individual Output Root. The `OptimismPortal` contract only supports proving withdrawals |
| 13 | +against a specific Output Root and will need to be modified to support the Super Root. |
| 14 | + |
| 15 | +## Problem Statement |
| 16 | + |
| 17 | +We need to modify the `OptimismPortal` contract to support proving withdrawals against a Super |
| 18 | +Root. Users would not be able to correctly execute withdrawals without this modification. This |
| 19 | +means that *some* solution to the problem is a basic requirement for interop. |
| 20 | + |
| 21 | +## Proposed Solution |
| 22 | + |
| 23 | +We propose to allow users to prove against Super Roots by adding a new overload of |
| 24 | +`proveWithdrawalTransaction` that allows a user to prove the existence of an Output Root inside of |
| 25 | +the Super Root before performing the standard withdrawal validation inside of the Output Root. |
| 26 | + |
| 27 | +We also specifically propose that this be implemented on the *base* `OptimismPortal` instead of |
| 28 | +introducing the code to the `OptimismPortalInterop` portal. Doing so means that we are including |
| 29 | +extra code on the `OptimismPortal` that is technically unnecessary until interop ships but also |
| 30 | +means that we do not need to ship any additional changes to the `OptimismPortal` before interop. |
| 31 | + |
| 32 | +We could expose a new public variable `usingSuperRoots` that would toggle this function on and off |
| 33 | +and would also act as a signal for client-side tooling to automatically switch between the two |
| 34 | +available functions. When `usingSuperRoots` is `false`, the version of `proveWithdrawalTransaction` |
| 35 | +for Super Roots would revert. When `usingSuperRoots` is `true`, the legacy version of the function |
| 36 | +would revert. |
| 37 | + |
| 38 | +## Alternatives Considered |
| 39 | + |
| 40 | +### Using an Inherited Contract |
| 41 | + |
| 42 | +We could implement this function inside of an inherited contract instead of putting it in the base |
| 43 | +contract. However, this would mean performing two sets of upgrades to the `OptimismPortal` before |
| 44 | +interop ships on an already tight timeline. |
| 45 | + |
| 46 | +## Considerations |
| 47 | + |
| 48 | +### Unused Code in Production |
| 49 | + |
| 50 | +This proposal means we are shipping code that cannot yet be used into production. We believe this |
| 51 | +trade-off is worthwhile because it means that we would not have to ship the code later on. |
| 52 | + |
| 53 | +### Changes in Super Root Structure |
| 54 | + |
| 55 | +If the Super Root structure changes, the `OptimismPortal` code will have to change too. Keeping the |
| 56 | +code inside of an inherited contract would make this easier to do and wouldn't involve any type of |
| 57 | +upgrade to mainnet systems. We can mitigate this by getting strong commitment from the designers of |
| 58 | +the proof system that the Super Root will not change before interop goes live. |
| 59 | + |
| 60 | +### Audits |
| 61 | + |
| 62 | +We would want to audit this code *as if* the Super Root logic were already live. This is OK because |
| 63 | +we can blackbox the Fault Dispute Game. We also need to audit that the Super Root logic cannot be |
| 64 | +used unless it has been activated and that the inclusion of both functions is not dangerous for any |
| 65 | +reason. |
0 commit comments