Share this page!

Bartek Kiepuszewski Profile picture
Twitter logo
31 Jan, 15 tweets, 3 min read
[1/13] It may be initially confusing to fully grasp how deposits and withdrawals from L1 to @optimismPBC are actually implemented, and it helps to see the on-chain action of what is happening behind the scenes.
[2/13] Initial setup (simplified): on L1 we have SyntheticBridgeToOptimism from Synthetic and OVM_L1CrossDomainManager from Optimism contracts. On L2 we have SynthetixBridgeToBase and OVM_L2_CrossDomainManager contracts.
[3/13] Additionally we have Sequencer (L2 mining node) that verifies all L2 transactions and submits them in batches to L1 for future reference and Relayer that is responsible for relaying messages from L2 —> L1
[4/13] Step 1 - Alice wants to deposit $SNX to L2. To do that she calls initiateDeposit() method on the L1 SyntheticBridgeToOptimism which takes her $SNX, puts it in the escrow and calls OVM_L1CrossDomainManager sendMessage() method.
[5/13] The CrossDomainManager puts this request to CanonicalTransactionChain (this is an “official” and “unmutable” list of all L2 transactions on L1). As a consequence the Sequencer (L2 mining node) will need to execute this transaction on L2.
[6/13] This will result in invoking completeDeposit() method of SyntheticBridgeToBase on L2. This method will simply mint L2 $SNX tokens for Alice. See the trace below: ethtx.info/0xec7d6bbe5d13…
[7/13] Step 2 - Enjoy cheap L2 life. This trace below shows the L2 Sequencer submitting a batch of 346 L2 transactions issueMaxSynths(), burntSynth(), initiateWithdrawal(), updateRates(), etc… to L1.
[8/13] With no gas optimisation, on average, gas used per L2 tx was 26,138 or 3$ per transaction. All transactions are put in the CanonicalTransactionChain, the same used by CrossDomainManager before. ethtx.info/0xcd682a2cc061…
[9/13] Step 3 - Alice wants do withdraw her $SNX from L2. To this end she calls initiateWithdrawal() on SynthetixBridgeToBase on L2 which sends the msg to L1 through OVM_L2_CrossDomainManager.
[10/13] CrossDomainManager changes its state which forces the Sequencer to commit this new L2 state to L1. You can see this in the next trace, with the inititateWithdraw() method being present in the Sequencer’s batch of 6 L2 transactions ethtx.info/0x41e3bf4fcb62…
[11/13] Step 4 - Now we wait to make sure that the state root commitment submitted by the Sequencer is indeed valid. If nobody submits Fraud Proof that the state is incorrect, we can assume that it is indeed OK and it will never be rolled back
[12/13] Step 5 - after the FraudProofWindow has passed, the Relayer can finally relay message from L2 to SynthetixBridgeToOptimism contract. It constructs proof that convinces OVML1CrossDomainManager that this message was indeed submitted by Sequencer to CanonicalTransactionChain
[13/13] As a result L1CrossDomainManager will call completeWithdrawal() method on SynthetixBridgeToOptimism which will release escrowed L1 $SNX tokens kept there. ethtx.info/0xae456631f38a…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Bartek Kiepuszewski

Bartek Kiepuszewski Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @bkiepuszewski

Bartek Kiepuszewski Profile picture
29 Sep 20
If you are confused how the hacker managed to drain contract, here’s the exact mechanics of what happened:
EMN contract allows you to buy (mint) EMN with DAI (and sell/burn). It uses quite standard Bancor’s bonding curve - DAI is used as a reserve currency for the EMN token. Price of EMN token is determined by the amount of EMN vs amount of DAI in the reserve
The second token, eAAVE is similar with the small but important caveat - it’s using EMN as a reserve currency, but “virtually” - if you buy/mint eAAVE by sending to it EMN tokens, instead of storing your EMN in the reserve, eAAVE contract will actually burn EMN.
Read 8 tweets
Bartek Kiepuszewski Profile picture
18 Feb 20
[1/8] Detailed analysis of another bZx/SNX attack (0x762881b07feb63c436dee38edd4ff1f7a74c33091e534af56c9f7d49b5ecac15). This one is more sophisticated than the previous one. The steps are as follows:
[2/8] Step 1. Flash borrow 7,500 ETH on bZx. This is ironic given that bZx will loose at the end
[3/8] Step 2. Exchange 540 ETH through Kyber to sUSD. This goes to Uniswap pushing sUSD value artificially high
Read 9 tweets
Bartek Kiepuszewski Profile picture
16 Feb 20
If you are interested in the details on the recent bZx arb/attack trade, have a look at ethtx.info/0xb5c8bd9430b6… - the following thread is a step-by-step explanation of what is going on
First the attacker gets 10,000 ETH loan from dYdX (SoloMargin.operate with ActionType=1 which is withdraw). Note that there is also ActionType=8 which is a call. In this case it is a call to attacker's script
Then he sends 5,500 ETH to Compound and gets 112 WBTC loan (cETH.mint and cWBTC.borrow)
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @bkiepuszewski has new unrolls!

Check out other threads from @bkiepuszewski!

Read all threads by @bkiepuszewski