Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Off-Chain Avalanche Warp Messages #729

Closed
aaronbuchwald opened this issue Jul 12, 2023 · 3 comments
Closed

Off-Chain Avalanche Warp Messages #729

aaronbuchwald opened this issue Jul 12, 2023 · 3 comments
Labels
enhancement New feature or request warp

Comments

@aaronbuchwald
Copy link
Collaborator

Off-Chain Avalanche Warp Messages: Signing out of Band

Subnet-EVM should support signing Avalanche Warp Messages out of band.

Signing messages out of band will enable the validator set of a subnet collaborating to sign a message that does not correspond to an on-chain event. This can be used in order to implement upgradeable smart contracts where the Subnet's validator set replaces the typical multi-sig in order to authorize an update.

Problem

If you are deploying a critical smart contract on-chain, then you have the choice between leaving that contract as immutable and upgradeable.

If you choose to make it immutable, then handling any discovered vulnerabilities in the contract may be extremely difficult.

If you choose to make it upgradeable, then you need to decide who/what has the ability to perform that upgrade, which creates a hazardous point of failure.

Therefore, authorizing a dynamic validator set to sign an out of band Avalanche Warp Message offers an alternative. There are two key advantages to this approach:

  1. base upgradeability off of a dynamic subnet validator set instead of a multisig
  2. support deploying upgradeable contracts at the same address across multiple chains with a unified upgrade mechanism

Solution

Subnet-EVM should add an option to its chain config https://github.com/ava-labs/subnet-evm/blob/master/plugin/evm/config.go#L83 to create an allow list of messages that the validator should be willing to sign from the warp backend: https://github.com/ava-labs/subnet-evm/blob/master/warp/backend.go.

On startup the VM should:

  1. Read the list of messages included in the chain config
  2. Parse each message as an Avalanche Warp Message to ensure that it's valid (fatal if an invalid message is specified)
  3. Load the list of messages in-memory into the Warp Backend (should we write them to the database? leaning towards no)
  4. Modify GetSignature(...) to check the in-memory map for an eligible warp message, so that it will sign these as well

Testing

We should add a unit test to ensure that adding a valid/invalid message to the VM's chain config works as expected

@aaronbuchwald
Copy link
Collaborator Author

Follow on to this should be to create a demo upgrading OpenZeppelin upgradeable contracts via an Off-Chain Avalanche Warp Message.

@aaronbuchwald aaronbuchwald moved this from Backlog 🗄 to Selected for Development ⏳ in EVM Jul 29, 2023
@aaronbuchwald aaronbuchwald added this to the v0.6.0 milestone Aug 31, 2023
@ceyonur ceyonur modified the milestones: v0.6.0, v0.5.8 Oct 16, 2023
@anusha-ctrl anusha-ctrl linked a pull request Oct 17, 2023 that will close this issue
@anusha-ctrl anusha-ctrl moved this from Selected for Development ⏳ to In Review 👀 in EVM Oct 18, 2023
@ceyonur
Copy link
Collaborator

ceyonur commented Jan 8, 2024

We have already merged this PR Are there still remaining items for this issue? If not can we close this?

@aaronbuchwald
Copy link
Collaborator Author

Warp Upgradeable contracts have now been implemented via ava-labs/icm-contracts#404

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
enhancement New feature or request warp
Projects
Archived in project
Status: In Review 👀
Development

Successfully merging a pull request may close this issue.

3 participants