0x01 receive payable

Investigation as to which 0x01 credentials deployed today are relying on critical payable functionality (if any). The spec is written such that it would hit EVM execution, but “push” designs are opened up if we bypass that.

All eth1 withdrawal addrs as of 22/2/22 – https://gist.github.com/djrtwo/6c77383c3321372b3166b615d6bb2766

Non-rocketpool deployed code – https://gist.github.com/djrtwo/f3deb53873862daa216d897c6e64b918

• 0x01 receive payable
  • Investigation
    • Method
    • Results
  • Project investigation
    • Lido
    • RocketPool

Investigation

Method

On 22/2/22

steps:

• pull down all validators from lighthouse node
• filter 0x01 withdrawal credential addresses
• sort and uniq the set
• use geth node to call getCode on each
• identify the majority use same code – RocketPoolMiniPool – remove this code and addrs from the set
• manually review remaining

Results

The 0x01 addrs deployed today consist of the following:

• Most (~3k) are rocketpool minipool’s with the following bytecode:

0x6080604052600436106100745760003560e01c80638dfe8b2d1161004e5780638dfe8b2d1461034f5780638ee7d0cb14610364578063bc7f3b501461038d578063be1d1d32146103a2576100b4565b80631dcef0bf146102ce57806326d1c0681461030c57806352def61d14610323576100b4565b366100b45760408051348152426020820152815133927f1d57945c1033a96907a78f6e0ebf6a03815725dac25f33cc806558670344ac88928290030190a2005b600c546000903690606090839060ff166100eb57600c54610100900473ffffffffffffffffffffffffffffffffffffffff16610129565b6101296040518060400160405280601681526020017f726f636b65744d696e69706f6f6c44656c6567617465000000000000000000008152506103b7565b905061013481610596565b61019f57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820181905260248201527f44656c656761746520636f6e747261637420646f6573206e6f74206578697374604482015290519081900360640190fd5b6000808273ffffffffffffffffffffffffffffffffffffffff1686866040518083838082843760405192019450600093509091505080830381855af49150503d806000811461020a576040519150601f19603f3d011682016040523d82523d6000602084013e61020f565b606091505b5091509150816102c057610222816105a2565b6040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825283818151815260200191508051906020019080838360005b8381101561028557818101518382015260200161026d565b50505050905090810190601f1680156102b25780820380516001836020036101000a031916815260200191505b509250505060405180910390fd5b805195506020019350505050f35b3480156102da57600080fd5b506102e36106b9565b6040805173ffffffffffffffffffffffffffffffffffffffff9092168252519081900360200190f35b34801561031857600080fd5b5061032161072c565b005b34801561032f57600080fd5b506103216004803603602081101561034657600080fd5b50351515610a09565b34801561035b57600080fd5b50610321610b7c565b34801561037057600080fd5b50610379610dee565b604080519115158252519081900360200190f35b34801561039957600080fd5b506102e3610df7565b3480156103ae57600080fd5b506102e3610e18565b60008060008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166321f8a7218460405160200180807f636f6e74726163742e616464726573730000000000000000000000000000000081525060100182805190602001908083835b6020831061046f57805182527fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09092019160209182019101610432565b6001836020036101000a038019825116818451168082178552505050505050905001915050604051602081830303815290604052805190602001206040518263ffffffff1660e01b81526004018082815260200191505060206040518083038186803b1580156104de57600080fd5b505afa1580156104f2573d6000803e3d6000fd5b505050506040513d602081101561050857600080fd5b5051905073ffffffffffffffffffffffffffffffffffffffff811661058e57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601260248201527f436f6e7472616374206e6f7420666f756e640000000000000000000000000000604482015290519081900360640190fd5b90505b919050565b3b63ffffffff16151590565b60606044825110156105e8575060408051808201909152601d81527f5472616e73616374696f6e2072657665727465642073696c656e746c790000006020820152610591565b600482018051909260240190602081101561060257600080fd5b810190808051604051939291908464010000000082111561062257600080fd5b90830190602082018581111561063757600080fd5b825164010000000081118282018810171561065157600080fd5b82525081516020918201929091019080838360005b8381101561067e578181015183820152602001610666565b50505050905090810190601f1680156106ab5780820380516001836020036101000a031916815260200191505b506040525050509050919050565b600c5460009060ff166106e957600c54610100900473ffffffffffffffffffffffffffffffffffffffff16610727565b6107276040518060400160405280601681526020017f726f636b65744d696e69706f6f6c44656c6567617465000000000000000000008152506103b7565b905090565b6000805460048054604080517f5b49ff6200000000000000000000000000000000000000000000000000000000815273ffffffffffffffffffffffffffffffffffffffff61010090930483169381019390935251921691635b49ff6291602480820192602092909190829003018186803b1580156107a957600080fd5b505afa1580156107bd573d6000803e3d6000fd5b505050506040513d60208110156107d357600080fd5b5051600454909150610100900473ffffffffffffffffffffffffffffffffffffffff1633148061081857503373ffffffffffffffffffffffffffffffffffffffff8216145b61086d576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602d815260200180610e86602d913960400191505060405180910390fd5b600c54600d805461010090920473ffffffffffffffffffffffffffffffffffffffff167fffffffffffffffffffffffff000000000000000000000000000000000000000090921691909117905560408051808201909152601681527f726f636b65744d696e69706f6f6c44656c65676174650000000000000000000060208201526108f7906103b7565b600c80547fffffffffffffffffffffff0000000000000000000000000000000000000000ff1661010073ffffffffffffffffffffffffffffffffffffffff93841681029190911791829055600d548316910490911614156109a3576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602c815260200180610e5a602c913960400191505060405180910390fd5b600d54600c546040805173ffffffffffffffffffffffffffffffffffffffff93841681526101009092049092166020820152428183015290517f720d539b7abaee498c7536b8bf9f854bcd839fb4db9dc00e7494c219b3a20d459181900360600190a150565b6000805460048054604080517f5b49ff6200000000000000000000000000000000000000000000000000000000815273ffffffffffffffffffffffffffffffffffffffff61010090930483169381019390935251921691635b49ff6291602480820192602092909190829003018186803b158015610a8657600080fd5b505afa158015610a9a573d6000803e3d6000fd5b505050506040513d6020811015610ab057600080fd5b5051600454909150610100900473ffffffffffffffffffffffffffffffffffffffff16331480610af557503373ffffffffffffffffffffffffffffffffffffffff8216145b610b4a576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602d815260200180610e86602d913960400191505060405180910390fd5b50600c80547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0016911515919091179055565b6000805460048054604080517f5b49ff6200000000000000000000000000000000000000000000000000000000815273ffffffffffffffffffffffffffffffffffffffff61010090930483169381019390935251921691635b49ff6291602480820192602092909190829003018186803b158015610bf957600080fd5b505afa158015610c0d573d6000803e3d6000fd5b505050506040513d6020811015610c2357600080fd5b5051600454909150610100900473ffffffffffffffffffffffffffffffffffffffff16331480610c6857503373ffffffffffffffffffffffffffffffffffffffff8216145b610cbd576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602d815260200180610e86602d913960400191505060405180910390fd5b600d5473ffffffffffffffffffffffffffffffffffffffff16610d2b576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401808060200182810382526025815260200180610e356025913960400191505060405180910390fd5b600c8054600d805473ffffffffffffffffffffffffffffffffffffffff8181166101009081027fffffffffffffffffffffff0000000000000000000000000000000000000000ff861617958690557fffffffffffffffffffffffff000000000000000000000000000000000000000090921690925560408051938290048316808552919094049091166020830152428284015291517f01d12a47982bd695d9fa134134fa172f56f650d817bb4fb0bd4ae3754d2fdca69181900360600190a15050565b600c5460ff1690565b600c54610100900473ffffffffffffffffffffffffffffffffffffffff1690565b600d5473ffffffffffffffffffffffffffffffffffffffff169056fe50726576696f75732064656c656761746520636f6e7472616374206973206e6f74207365744e65772064656c6567617465206973207468652073616d6520617320746865206578697374696e67206f6e654f6e6c7920746865206e6f6465206f70657261746f722063616e206163636573732074686973206d6574686f64a26469706673582212209a6daedd83e54e66fbfbf927322718b812db513528d0b0bf4667b671d50dbd5364736f6c63430007060033

• Some are stakefish contracts which seem to not have special logic on receive – https://etherscan.io/address/0xb89fb4ffc1fc926e13c4ce9c895d1df81428388d#code
• One is a gnosis safe – https://etherscan.io/address/0xfe80804d2e3ab78a13ce90f45b2803cf9bbd1f51#code
• The rest are EOAs (or counterfactual contracts that we can’t see)

Project investigation

Lido

Discussed with some Lido leadership that they don’t yet have any 0x01 credentials deployed.

We can work with that. it’ll be harder to track exact validators that do withdrawals but I expect we’ll have to move this kind of tracking off L1 anyway so it’s not a huge consideration

RocketPool

sample contract

Has receive() logic to emit a receipt but doesn’t seem critical and this contract is fully upgradeable