AIP-7: Arbitrum One Governance Parameter Fixes

Non-Constitutional

Abstract

Three independent issues have been identified in the Arbitrum One Governance system and the current proposal aims to address them. Given this is maintenance of the system, after the forum discussion period it will skip the Snapshot temperature check and go directly for an on-chain vote.

Specifications

1. Updating the airdrop distributor fee sweep address to the DAO Treasury’s address

The Arbitrum DAO airdrop was distributed to users via the TokenDistributor contract. The recipients are able to claim their tokens until the Ethereum block #18208000 (estimated to be created on the 24th September 2023).

After the claim period is over, unclaimed leftover tokens may be swept over to the specified sweepReceiver address, which is currently set to the L2 treasury timelock. Per the Governance Architecture documentation, this should be set to the DAO Treasury’s address.

Fix:
Call the the ‘setSweepReciever()’ function on the TokenDistributor contract, and include the DAO Treasury address as the _sweepReceiver(address).

2. Sequencer gas fee reimbursement parameterization

The Arbitrum One sequencer pays the necessary gas fees for posting user transactions to Ethereum. This is done through transactions to the Sequencer inbox.

The sequencer gets reimbursed for these fees in Arbitrum One. The reimbursement is calculated by ArbOS, but two parameters are currently incorrectly configured.

1. The Sequencer Inbox has a fixed cost associated with including a transaction. The value is currently configured to 100000 Ethereum L1 gas units - this can be viewed in the ArbGasInfo precompile through the getPerBatchGasCharge function. If you inspect transactions live in the system (sample from June 15th and July 17th), it is possible to see that the fixed cost of including a batch is actually much closer to 240000 Ethereum L1 gas units.

2. The ArbOS L1 pricing system features an optional “amortization cost cap” which is intended to subsidize the fixed posting cost for chains with low activity or AnyTrust chains whose fixed cost is much larger than other data posting costs. This feature was not intended to be enabled on Arbitrum One. As such, the cap was set to its maximum value, 2^64 - 1 (this can be viewed in the ArbGasInfo precompile through the getAmortizedCostCapBips function). However, this did not fully disable the cap. As visible in the code, the amortization cap is only disabled with a value of 0. With the cap set to its maximum value, but still enabled, the cap would prevent the L1 pricer from taking into account the cost of multiple batches posted in the same L1 block. That’s because it would consider the costs of all but the first batch as having a weight of zero, because no time passes since the previous batch if the batches are in the same L1 block. Setting the amortization cap to 0 fixes this issue by bypassing the previously linked if statement to fully disable the amortization code.

The combination of these two issues add up to gas funds being incorrectly charged to end users, thus not fully reimbursing sequencer operations. This fix will increase fees for users but they will now reflect the actual costs of the system - it is expected to be a minor difference.

Fix
Transaction to ArbOwner precompile calling setPerBatchGasCharge(int64) with the intended value ‘240000’.

Transaction to ArbOwner precompile calling setAmortizedCostCapBips(uint64) with the intended value ‘0’.

3. L1 Core Governance Timelock scheduleBatch Bug

When executing a batch of operations on the L1ArbitrumTimelock, if more than one operation creates a retryable ticket (i.e., more than one operation targets an L2 chain), the full msg.value value will be forwarded to each one. If not properly constructed, this can lead to retryable tickets that fail to get created. While there are workarounds, the current implementation is error-prone and the fix allows for more graceful creation of several L1 to L2 operations.

Fix
Upgrade the implementation of the L1ArbitrumTimelock with the change here.

–

The fixes were implemented through Governance Action contracts and can be viewed on the Governance codebase. They have been audited by Trail of Bits and no issues were identified - the audit report will be shared publicly soon.

The Action contracts have been deployed to the following addresses and can be verified/audited by the community:

• UpdateGasChargeAction: UpdateGasChargeAction | Address 0x7b1247f443359d1447cf25e73380bc9b99f2628f | Arbiscan
• SetSweepReceiverAction: SetSweepReceiverAction | Address 0xbaba4daf5800b9746f58c724f05e03880850d578 | Arbiscan
• UpdateL1CoreTimelockAction: UpdateL1CoreTimelockAction | Address 0xbaba4daf5800b9746f58c724f05e03880850d578 | Etherscan

Good proposal, it would be nice to see them implemented in due time.

The proposal is now live for vote on-chain

Offchain Labs engaged Trail of Bits to audit the work they did implementing the election system.
The audit report can be viewed in Offchain Labs - Governance Actions - Summary Report.pdf - Google Drive

The below response reflects the views of L2BEAT’s governance team, composed of @krst and @Sinkas, and it’s based on the combined research, fact-checking and ideation of the two.

We are voting FOR the proposal.

The outlined fixes in the governance parameter need to happen. The audit didn’t reveal any critical issues with the proposed fixes and therefore we’ll be voting in favor of the proposal.

We at Michigan Blockchain have voted FOR the proposal.

AIP-7 implements the necessary governance parameters and the audit was satisfactory.

As the delegation team, we would like to express our sincere appreciation to the hardworking Arbitrum System and their team for creating this thorough proposal. We are incredibly grateful for the thorough investigation conducted to identify important problems with the Arbitrum One Governance system and the creative solutions offered here. In addition to identifying these issues, this proposal makes a commendable effort to offer each one a clear and workable solution.

We believe that transferring the remainder of the airdrop to the treasury is appropriate from a governance perspective. This decision seems fitting in all cases where treasury expenditures are conducted transparently and with governance oversight.

It’s standard to enjoy the benefits of being a rollup on Ethereum and to have a specific transaction fee. We anticipate that these adjustments will address this effectively and that the implementation will be smooth. We are optimistic that transaction fees will decrease further with subsequent updates.

In the Governance contract, it’s crucial to guard against sybil attacks and to ensure that proposals with significant changes are scrutinized thoroughly. We believe and support the notion that the measures proposed to rectify any issues are clear and well-defined.

We are united in our support for this proposal and eagerly await the implementation of the recommended fixes. Again, we appreciate your commitment to improving the Arbitrum One Governance system. As ITU Blockchain delegation team, we’re voting in favor of this proposal, closely monitoring progress, and eagerly anticipating the positive outcomes that will result from these fixes.