Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adjust TBTC Transfer Amount to Include Fee and Update Sepolia Deployment #827

Open
wants to merge 4 commits into
base: main
Choose a base branch
from

Conversation

lrsaturnino
Copy link

Summary:

This Pull Request includes the following updates:

- Adjust TBTC Transfer Amount to Include Fee for L2 Deposit Owner

The Threshold DAO has decided to set depositTxMaxFee to zero. Instead of changing the deposit parameters, we have adjusted the amount of TBTC transferred to the L2 deposit owner by adding back the fee amount.
This change is implemented in the contracts inheriting from AbstractTBTCDepositor, without modifying the abstract contract itself. Specifically, depositTxMaxFee is added to the tbtcAmount value returned by _finalizeDeposit.

- Update BaseL1BitcoinDepositor Deployment on Sepolia Network

Deployed the updated BaseL1BitcoinDepositor contract to the Sepolia testnet. This deployment includes the changes where the TBTC transfer amount now accounts for the fee. Ensured compatibility with existing contracts implementing AbstractTBTCDepositor.

Rationale: Align the TBTC transfer mechanism with the Threshold DAO's decision to set the deposit transaction maximum fee to zero, enhancing consistency across the contract implementations.

Implementation: Made minimal changes by adjusting only the inheriting contracts and leaving the abstract contract unchanged, promoting code reusability and maintainability.

The Threshold DAO has decided to set the deposit transaction maximum fee to zero. Instead of modifying the deposit parameters, we adjust the amount of TBTC transferred to the L2 deposit owner by adding back the fee amount.

This change is implemented in the contracts that inherit from AbstractTBTCDepositor, not in the abstract contract itself. Specifically, the implementation adds depositTxMaxFee to the tbtcAmount value returned by _finalizeDeposit.
Deployed the updated BaseL1BitcoinDepositor contract to the Sepolia testnet.
This deployment includes recent changes where the TBTC transfer amount to the L2 deposit owner now accounts for the fee.
Ensured compatibility with contracts implementing AbstractTBTCDepositor without modifying the abstract contract itself.
@Shadowfiend
Copy link
Contributor

What's the reasoning for not changing the deposit parameters directly? That's governable and doesn't require a contract deployment, right?

@lrsaturnino
Copy link
Author

@Shadowfiend

Thanks for your question. While adjusting the depositTxMaxFee parameter directly is governable and doesn't require a contract redeployment, lowering this parameter isn't a viable solution due to the following reasons:

Risk of Stalled Wallet Sweeps: The depositTxMaxFee acts as a cap on the maximum Bitcoin network fee that wallets can use when sweeping deposits. If we lower this cap to reduce the user cost, we risk situations where the actual network fees exceed our cap—especially during periods of high network congestion. This would cause wallets to hold off on sweeping deposits, as they could be accused of fraud and slashed by the protocol for exceeding the fee limit. We've already experienced sweeps stalling during fee surges, like the post-halving fees in April, even with the current depositTxMaxFee value.

Protocol Security Concerns: The fee cap is a crucial part of our security model. It protects against malicious wallets that might otherwise burn user deposits by paying exorbitant fees to miners. Reducing the depositTxMaxFee would weaken this safeguard, potentially exposing the protocol to new attack vectors.

User Experience Impact: Adjusting the parameter downward could lead to unpredictable delays for users, as their deposits might not be swept promptly when network fees are high. This would degrade the overall user experience, which we're striving to improve.

Given these considerations, the proposed change is to remove the subtraction of depositTxMaxFee from the user's minted TBTC amount in the L1BitcoinDepositor contract. Instead, we plan to have the DAO ensure that the L1BitcoinDepositor contract always has enough TBTC liquidity to cover any discrepancies caused by network fee variances.

This approach:

  1. Eliminates the immediate cost to users: Users won't have the maximum possible fee deducted upfront, which currently leads to significant leftovers and overcharging.
  2. Maintains Protocol Security: We keep the depositTxMaxFee parameter at a level that ensures wallets operate within safe limits.
  3. Avoids the Need for Contract Redeployment: By making this change in the contracts implementing AbstractTBTCDepositor rather than in the abstract contract itself, we minimize the scope of changes and avoid affecting other parts of the system.

@somaweb3
Copy link

@Shadowfiend

Thanks for your question. While adjusting the depositTxMaxFee parameter directly is governable and doesn't require a contract redeployment, lowering this parameter isn't a viable solution due to the following reasons:

Risk of Stalled Wallet Sweeps: The depositTxMaxFee acts as a cap on the maximum Bitcoin network fee that wallets can use when sweeping deposits. If we lower this cap to reduce the user cost, we risk situations where the actual network fees exceed our cap—especially during periods of high network congestion. This would cause wallets to hold off on sweeping deposits, as they could be accused of fraud and slashed by the protocol for exceeding the fee limit. We've already experienced sweeps stalling during fee surges, like the post-halving fees in April, even with the current depositTxMaxFee value.

Protocol Security Concerns: The fee cap is a crucial part of our security model. It protects against malicious wallets that might otherwise burn user deposits by paying exorbitant fees to miners. Reducing the depositTxMaxFee would weaken this safeguard, potentially exposing the protocol to new attack vectors.

User Experience Impact: Adjusting the parameter downward could lead to unpredictable delays for users, as their deposits might not be swept promptly when network fees are high. This would degrade the overall user experience, which we're striving to improve.

Given these considerations, the proposed change is to remove the subtraction of depositTxMaxFee from the user's minted TBTC amount in the L1BitcoinDepositor contract. Instead, we plan to have the DAO ensure that the L1BitcoinDepositor contract always has enough TBTC liquidity to cover any discrepancies caused by network fee variances.

This approach:

  1. Eliminates the immediate cost to users: Users won't have the maximum possible fee deducted upfront, which currently leads to significant leftovers and overcharging.
  2. Maintains Protocol Security: We keep the depositTxMaxFee parameter at a level that ensures wallets operate within safe limits.
  3. Avoids the Need for Contract Redeployment: By making this change in the contracts implementing AbstractTBTCDepositor rather than in the abstract contract itself, we minimize the scope of changes and avoid affecting other parts of the system.

@Shadowfiend does this explanation satisfactorily address your concern/suggestion?

Shadowfiend
Shadowfiend previously approved these changes Nov 18, 2024
Copy link
Contributor

@Shadowfiend Shadowfiend left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the late response here—so the intent here is to only deploy these changes to new L2s, yeah? That makes sense.

Given that this changes the underlying code from what existing L2s have, without considering the process of upgrading these L2s, should we create a copy of the depositor contract with a different name, or preserve the existing one with the old name? Not sure how we've approached this kind of change in the past.

Shadowfiend and others added 2 commits December 12, 2024 15:00
Adjust `expectedTbtcAmount` to reflect user fee retrieval instead of deducting from user.
@lukasz-zimnoch
Copy link
Member

lukasz-zimnoch commented Jan 17, 2025

Sorry for the late response here—so the intent here is to only deploy these changes to new L2s, yeah? That makes sense.

Given that this changes the underlying code from what existing L2s have, without considering the process of upgrading these L2s, should we create a copy of the depositor contract with a different name, or preserve the existing one with the old name? Not sure how we've approached this kind of change in the past.

The upgrade process here should be as follows:

  1. Introduce changes to the existing Solidity contracts directly.
  2. Deploy the new implementation and point the transparent proxy to the new implementation.
  3. Update the artifact in cross-chain/base/deployments/sepolia/BaseL1BitcoinDepositor.json
  4. Update the artifact in the SDK
  5. Ideally, release a new tag and npm package for the SDK

I would probably not copy the contract but maybe introduce a feature flag allowing to enable/disable the reimbursement of the tx fee.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants