Abstract
OpenZeppelin, as Security Member of the ARDC, was asked to review a live Arbitrum DAO proposal (id: 108365…9297) which would modify the Arbitrum Security Council from a seven-of-twelve to a nine-of-twelve signing threshold for non-emergency actions. The motivations for this proposal are laid out in the proposal text on Tally and in a Medium post by L2BEAT.
We reviewed the on-chain code that will be executed should this proposal ultimately succeed to confirm that it will behave as expected based on the proposal text and share our findings below.
Proposal Summary
The proposal payload sets off a chain of execution that ultimately does two things:
- It sets a new hash for the constitution hash contract
- It increases the threshold of the Arb One non-emergency security council contract from seven to nine.
We have reviewed the call chain and believe the proposal will execute successfully.
Execution Details
The execution begins with a sendTxToL1 call to the ArbSys precompile. This creates a transaction for the outbox to pass to L1. The transaction is a scheduleBatch call of the L1 Timelock which, after three days, will allow a retryable ticket to be sent back to L2. This last transaction will call execute on the Upgrade Executor contract (described here). The execute function performs a delegate call into a specially made AIPIncreaseNonEmergencySCThresholdAction contract which will finally perform the settings changes of the proposal. The new constitution hash comes from the hash of the updated constitution docs which we confirmed and there are several checks during execution in place to make sure that these values will indeed be set correctly or else will revert with no state changes.
Conclusion
Overall, we found the proposal to be well-formed, to follow established methodologies set forth by the Arbitrum Constitution, and to pose no other risks to the protocol even if only part of the call chain succeeds.
For more information on OpenZeppelin’s role as Security Member of ARDC, please visit our Notion homepage.