Post-mortem: How and why Etherlink’s first security upgrade on mainnet beta happened

This is a joint post from Nomadic Labs, TriliTech & Functori.

On July 1st 2024, Etherlink mainnet beta deployed a new kernel upgrade at block level #853,175. The new kernel, from commit 4d98081699595b57512ffeff35bca320f281c806, was proposed and upvoted by Tezos bakers taking part in Etherlink’s on-chain security kernel upgrade governance mechanism.

The security upgrade addressed two critical vulnerabilities in the withdrawal precompiled contract. These were uncovered by Spearbit during an audit of Etherlink’s EVM-kernel, and quickly fixed by Etherlink core developers. The deployed kernel included:

• A patch for a security vulnerability allowing an attacker to steal XTZ tokens from Etherlink.
• A patch for a liveness issue that could be exploited by an attacker to prevent the sequencer from producing valid blocks

As announced back then, neither of these bugs were exploited on Etherlink mainnet beta and the network is now protected from these issues by the new kernel.

The audit contracted with Spearbit (whose report will be available soon) is one of several engagements made with external teams to ensure the integrity of Etherlink before its upcoming official launch.

Moreover, Etherlink mainnet beta is a fully operational (nearly) Stage 2 permissionless optimistic rollup and it features a distinctive on-chain governance mechanism. Any Tezos baker can participate in Etherlink’s governance by proposing and upvoting kernel upgrades as well as selecting sequencer operators — see here for details on how to participate.

This mechanism is inspired by Tezos Layer 1’s on-chain governance. One key difference is that it establishes two independent channels for regular and security kernel upgrades, differentiating new features and non-critical bug fixes from urgent, security upgrades.

The governance process for security kernel upgrades spans over shorter voting periods, but enforces higher quorum and supermajority requirements, than the regular kernel one. This allows the community to deploy security patches swiftly, without sacrificing decentralization.

Indeed, for this very first security kernel upgrade on mainnet beta, we approached Everstake (and other Tezos bakers) to disclose the existence of the bug, and provided them with the patched kernel, so they could inject the proposal, and start the governance mechanism.

Thanks to their engagement, this first governance-powered kernel upgrade on Etherlink mainnet beta was successful!

As Etherlink moves closer to its official launch, we look forward to increasing participation in the rollup’s governance.

So let’s finish with this heads up for Tezos bakers: a regular kernel upgrade is under preparation. Stay tuned for upcoming announcements and do not hesitate to reach out if you are still unsure about how to take part in Etherlink’s governance!