Proofs: DeputyGuardianModule Proxy

[smartcontracts]

Summary

Proposed change to put the DeputyGuardianModule contract behind a proxy.

Context

The DeputyGuardianModule is an important component for the Superchain security model. The DeputyGuardianModule, also known as DGM, is a smart contract deployed on L1 (currently here) that has, for example, the ability to widely pause the Superchain. The DGM is owned by the Foundation Operation Safe so only operation run from the Foundation Operation Safe can be executed into the DGM. To make sure we can widely pause the Superchain rapidly enough in case of an emergency, we need to presign the pause transaction from the signers of the FoS. These transactions are also known as PSP for PreSigned Pause transactions. This process requires a ceremony and this is slow and tedious to put in place.

Problem Statement

The existing DeputyGuardianModule is not proxified. This is inconvenient each time we want to upgrade the DeputyGuardianModule to add a new feature or to fix a potential bug. As this is not a proxy this require to redeploy the DeputyGuardianModule on L1. And also, to update the Guardian contract to add the new DeputyGuardianModule address as authorized module. Moreover, changing the DeputyGuardianModule will break the current PSPs setup as these pause transactions are presigned with the previous DeputyGuardianModule. Thus, we need to generate new PSPs through the tedious process of a ceremony to add the new DeputyGuardianModule for making the PSPs valid again. We are clearly seeing that this is not a sustainable solution for the long term.

Additionally, we have to simulate the new PSPs and share them with other member of the Superchain.

Project Updates

• [2024-09-27] Draft design document is available here.
• [2024-09-27] Draft design document is being actively reviewed.
• [2024-10-28] Design document has been approved and merged.

Resources

• Design document