Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Enable pausing deposits and fills unilaterally #212

Merged
merged 4 commits into from
Dec 30, 2022
Merged

feat: Enable pausing deposits and fills unilaterally #212

merged 4 commits into from
Dec 30, 2022

Conversation

nicholaspai
Copy link
Member

Useful for upgrades

@nicholaspai nicholaspai requested review from mrice32 and pxrl December 20, 2022 01:19
@pxrl
Copy link
Contributor

pxrl commented Dec 20, 2022

This generally looks good to me.

I can't think of any reason why we'd want to disable only fills on a specific chain, so I'm tempted to propose that we have "pauseDeposits" and "pause" (all). The reason for this is that in the event that we had some kind of emergency, it'd be a little bit painful to do 2x transactions per Spoke Pool.

An alternative could be to just implement a separate method to pause both deposits and fills in a single txn. That's probably safer. wdyt?

mrice32
mrice32 approved these changes Dec 21, 2022
View reviewed changes
Copy link
Contributor

@mrice32 mrice32 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

How do you think we should think about merging PRs like this, where we aren't sure if they're going to get into the next audit? Should we avoid merging until we are sure this is the code that will be deployed in the upgrade?

@nicholaspai
Copy link
Member Author

LGTM!

How do you think we should think about merging PRs like this, where we aren't sure if they're going to get into the next audit? Should we avoid merging until we are sure this is the code that will be deployed in the upgrade?

Hm, why wouldn't this get into next audit?

@nicholaspai nicholaspai requested a review from mrice32 December 21, 2022 17:35
@mrice32
Copy link
Contributor

mrice32 commented Dec 21, 2022
edited
Loading

LGTM!
How do you think we should think about merging PRs like this, where we aren't sure if they're going to get into the next audit? Should we avoid merging until we are sure this is the code that will be deployed in the upgrade?

Hm, why wouldn't this get into next audit?

@nicholaspai just prioritization! I think it's still unclear exactly what the prioritization will look like. Do you think we should definitely prioritize this feature over the others we've discussed for the audit?

mrice32
mrice32 reviewed Dec 22, 2022
View reviewed changes
Copy link
Contributor

@mrice32 mrice32 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#212 (comment)

@nicholaspai
Copy link
Member Author

LGTM!
How do you think we should think about merging PRs like this, where we aren't sure if they're going to get into the next audit? Should we avoid merging until we are sure this is the code that will be deployed in the upgrade?

Hm, why wouldn't this get into next audit?

@nicholaspai just prioritization! I think it's still unclear exactly what the prioritization will look like. Do you think we should definitely prioritize this feature over the others we've discussed for the audit?

I think the SpokePool upgrades are the highest priority and this would be a subset of that feature, so I do think its worth adding?

@nicholaspai nicholaspai requested a review from mrice32 December 22, 2022 14:38
pxrl
pxrl reviewed Dec 27, 2022
View reviewed changes
contracts/SpokePool.sol Outdated

function pauseFills(bool pause) public override onlyAdmin nonReentrant {
pausedFills = pause;
emit PausedFills(pausedDeposits);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The event here looks incorrect - should emit the value of pausedFills instead of pausedDeposits.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great catch

pxrl
pxrl reviewed Dec 27, 2022
View reviewed changes
contracts/SpokePool.sol Outdated
@@ -317,7 +348,7 @@ abstract contract SpokePool is SpokePoolInterface, Testable, Lockable, MultiCall
uint64 newRelayerFeePct,
uint32 depositId,
bytes memory depositorSignature
) public override nonReentrant {
) public override nonReentrant unpausedDeposits {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it desirable to make speedups subject to deposits not being paused?

As I see it, the point of pausing deposits is to stop additional funds from entering the Spoke Pool. In the case of a speedup, the funds are already there, and are presumably stuck because the deposit was never filled on the destination chain.

Additionally, as far as I can see, the only side-effect of a speedup is that the Spoke Pool emits another event. It's up to the bots as to whether they accept a speedup event, and it will implicitly be conditional on fills being enabled on the destination chain anyway.

Based on the above, I feel like we should not apply this modifier to speedUpDeposit(). wdyt?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm I think its a bit easier to reason about from the bot's perspective of all deposit related events stop once a contract is paused, even though its philosophically ok to not pause speed ups. I was thinking pausing deposits and fills is more of a bot convenience so the owner of the contracts can effectively downgrade a contract by stopping all of its events

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair enough - I can definitely see the argument for keeping it simple.

There is a theoretical possibility for the edge case I described, and an annoying scenario would be that we have a number of underpriced deposits that are suddenly marooned in the Spoke Pool. In this case we'd need to either unpause to allow speedups to be submitted, or just take the hit and fill these relays at a discount. In theory the relayerFeePct could be very very low.

It's a theoretical possibility, and probably unlikely to be a reality. As long as we're OK with the possibility of it arising then I have no additional input on this one :)

Copy link
Member Author

@nicholaspai nicholaspai Dec 30, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmmm ok that's a valid concern, i don't love the idea that someone will try to use the speedup signatures to replay attack but I guess its not really an attack since they could have chosen to call speedUp on either the old or the new spoke pool at the same cost with no extra benefit

pxrl
pxrl reviewed Dec 27, 2022
View reviewed changes
test/SpokePool.Admin.ts Outdated Show resolved Hide resolved
pxrl
pxrl reviewed Dec 27, 2022
View reviewed changes
contracts/SpokePool.sol Outdated
Comment on lines 128 to 129
event PausedDeposits(bool indexed isPaused);
event PausedFills(bool indexed isPaused);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: Do these need to be indexed? I imagine that there will be so few of them that there's not much advantage to filtering on the "paused" state.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

mrice32
mrice32 approved these changes Dec 29, 2022
View reviewed changes
Copy link
Contributor

@mrice32 mrice32 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM once @pxrl's comments are addressed!

@mrice32
Copy link
Contributor

mrice32 commented Dec 29, 2022
edited
Loading

LGTM!
How do you think we should think about merging PRs like this, where we aren't sure if they're going to get into the next audit? Should we avoid merging until we are sure this is the code that will be deployed in the upgrade?

Hm, why wouldn't this get into next audit?

@nicholaspai just prioritization! I think it's still unclear exactly what the prioritization will look like. Do you think we should definitely prioritize this feature over the others we've discussed for the audit?

I think the SpokePool upgrades are the highest priority and this would be a subset of that feature, so I do think its worth adding?

Tbh, I don't think it's a big deal to go ahead and merge even if we later decide to drop this feature, as it would just be a simple git revert. We have an upcoming meeting to figure this out, but regardless, LGTM, as that shouldn't hold this PR up IMO.

@pxrl pxrl mentioned this pull request Dec 29, 2022
Closed
@nicholaspai nicholaspai requested a review from pxrl December 30, 2022 00:51
pxrl
pxrl approved these changes Dec 30, 2022
View reviewed changes
Copy link
Contributor

@pxrl pxrl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@nicholaspai nicholaspai merged commit f0f1a03 into master Dec 30, 2022
@nicholaspai nicholaspai deleted the npai/pause branch December 30, 2022 14:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pxrl pxrl pxrl approved these changes

@mrice32 mrice32 mrice32 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nicholaspai @pxrl @mrice32