From 16d845a25032a9822cdf389c1899fef0456f02c3 Mon Sep 17 00:00:00 2001 From: Jordan Cason Date: Thu, 7 Mar 2024 16:38:26 -0500 Subject: [PATCH 1/2] context around immutable contract implementations --- README.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ae4b59d..04bd452 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,16 @@ If the **Verifier** applies any state changes (even transient ones), they should ## Writing Pausers Because the exploit will be detailed onchain for all to see after the claim tx is made, **Pausers** should pause as much of the protocol to prevent replicating the exploit across related components (pools) of the system. Only the HoneyPause contract should be allowed to call `pause()` on the **Pauser** contract. The pause *must* occur when `Pauser.pause()` is called, and not in the payer, which is called immediately afterwards. +## Writing Pausers for Immutable Contracts + +For protocols that prioritize immutability as a gold standard, integrating HoneyPause offers a novel solution that blends the security benefits of immutable contracts with the flexibility to respond to unforeseen vulnerabilities. Immutable contracts can gain an additional layer of dynamic response capability through HoneyPause without sacrificing their core principle of immutability until proven necessary. + +Implementing a Pauser for such contracts involves designing a mechanism that is dormant under normal operation, thus preserving the contract's immutable nature. This mechanism activates only when a legitimate exploit is detected and a bounty is successfully claimed. This unique implementation allows the protocol to maintain its immutable status, with no ownership or control mechanisms in place, until an exploit is proven. Upon activation, the Pauser temporarily grants control to a predetermined team or recovery process, allowing for swift mitigation or repair actions. + +This approach provides the best of both worlds: the assurance and trust of an immutable contract, with a responsible safety net in place. It empowers protocols to benefit from the community's vigilance through HoneyPause, ensuring that they can respond effectively to critical threats while maintaining their foundational commitments to immutability and decentralization. + +By carefully constructing the Pauser to activate only in these critical circumstances, projects can introduce a new primitive to the ecosystem of immutable contracts on Ethereum. This not only enhances security but also aligns with the community's values by providing a transparent and controlled response mechanism that is activated only when necessary. + ## Writing Payers The **Payer** contract will be invoked by HoneyPause to transfer the bounty to the whitehat. Bounties can be in either ETH or ERC20. HoneyPause will surround the `payExploiter()` call with balance checks to ensure that payment has been delivered. The **Payer** contract should only allow the HoneyPause contract to call its `payExploiter()` function. @@ -72,4 +82,4 @@ The simplest **Payer** implementation will transfer the bounty directly out of a ## Credits -HoneyPause is originally an EthDenver 2024 hack by [@justinschuldt](https://github.com/justinschuldt), [@CryptRillionair](https://twitter.com/CryptRillionair), and [@merklejerk](https://twitter.com/merklejerk), but we ultimately want this project to be community owned, so feedback and contributions are welcome! \ No newline at end of file +HoneyPause is originally an EthDenver 2024 hack by [@justinschuldt](https://github.com/justinschuldt), [@CryptRillionair](https://twitter.com/CryptRillionair), and [@merklejerk](https://twitter.com/merklejerk), but we ultimately want this project to be community owned, so feedback and contributions are welcome! From 65656c13ce4112ff9b7a401540590670929964b9 Mon Sep 17 00:00:00 2001 From: JordanCason Date: Thu, 7 Mar 2024 17:21:42 -0500 Subject: [PATCH 2/2] Added context to pauser --- README.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/README.md b/README.md index 04bd452..58077b9 100644 --- a/README.md +++ b/README.md @@ -59,14 +59,9 @@ If the **Verifier** applies any state changes (even transient ones), they should Because the exploit will be detailed onchain for all to see after the claim tx is made, **Pausers** should pause as much of the protocol to prevent replicating the exploit across related components (pools) of the system. Only the HoneyPause contract should be allowed to call `pause()` on the **Pauser** contract. The pause *must* occur when `Pauser.pause()` is called, and not in the payer, which is called immediately afterwards. ## Writing Pausers for Immutable Contracts - For protocols that prioritize immutability as a gold standard, integrating HoneyPause offers a novel solution that blends the security benefits of immutable contracts with the flexibility to respond to unforeseen vulnerabilities. Immutable contracts can gain an additional layer of dynamic response capability through HoneyPause without sacrificing their core principle of immutability until proven necessary. -Implementing a Pauser for such contracts involves designing a mechanism that is dormant under normal operation, thus preserving the contract's immutable nature. This mechanism activates only when a legitimate exploit is detected and a bounty is successfully claimed. This unique implementation allows the protocol to maintain its immutable status, with no ownership or control mechanisms in place, until an exploit is proven. Upon activation, the Pauser temporarily grants control to a predetermined team or recovery process, allowing for swift mitigation or repair actions. - -This approach provides the best of both worlds: the assurance and trust of an immutable contract, with a responsible safety net in place. It empowers protocols to benefit from the community's vigilance through HoneyPause, ensuring that they can respond effectively to critical threats while maintaining their foundational commitments to immutability and decentralization. - -By carefully constructing the Pauser to activate only in these critical circumstances, projects can introduce a new primitive to the ecosystem of immutable contracts on Ethereum. This not only enhances security but also aligns with the community's values by providing a transparent and controlled response mechanism that is activated only when necessary. +Upon detecting a legitimate exploit, confirmed through a claim, the Pauser mechanism, designed to be dormant under normal conditions to preserve immutability, activates. This action temporarily assigns control to a designated recovery team, allowing for mitigation only compromising the contract's immutable nature when such intervention is unequivocally required and mitigates what would have otherwise destroyed the protocols functionality. ## Writing Payers The **Payer** contract will be invoked by HoneyPause to transfer the bounty to the whitehat. Bounties can be in either ETH or ERC20. HoneyPause will surround the `payExploiter()` call with balance checks to ensure that payment has been delivered. The **Payer** contract should only allow the HoneyPause contract to call its `payExploiter()` function.