Making Lido’s stETH available across L2 has been pronounced as one of the main Lido’s OKRs for 2022. As part of this work, the Lido dev team is preparing to release a bridging solution for Optimism that aims at providing the benefits of yield-bearing staking tokens to users on Optimism.
Because of its rebasing nature, bridging stETH adds a whole layer of complexity to the bridging itself, and to the upcoming integrations of the bridged token across the L2 protocols. E.g. the rewards would normally accrue to the bridge contract and it would take a sophisticated technical solution to mirror the rebases on L2s. It has been decided to go ahead with wstETH, the stable balance wrapper token already adopted widely by many Ethereum-native protocols (see Balancer, Maker).
The bridging solution for wstETH is being built based on a standard Optimism bridge. The implementation consists of two parts - the L1-side bridge and the L2-side bridge. Additionally, there will be some administrative features, i.e. the option to temporarily disable the deposits and withdrawals on each side. It can be of use in case of any malicious usage of the bridge or vulnerability in the smart contracts. Besides, it might be helpful in the implementation upgrade process.
Read the full tech specification of the wstETH bridging solution here.
According to Lido’s high security standards, it is critical to define the actors capable of upgrading the bridging solution on both L1 and L2 sides, as well as using emergency brakes functionality to disable deposits and withdrawals.
We propose establishing two Bridge Guardian Multi-sigs on L1 and L2 with identical composition, and assign administrative roles as follows:
- DAO Agent can trigger implementation upgrade on L1 (via DAO voting)
- DAO Agent can disable and enable deposits and withdrawals on the L1 side
- Ethereum mainnet Bridge Guardian Multi-sig can disable deposits and withdrawals on the L1 side in case of emergency (no need to wait 3 days of DAO voting)
- Optimism Bridge Guardian Multi-sig can trigger implementation on the L2 side
- Optimism Bridge Guardian Multi-sig can disable and enable deposits and withdrawals on the L2 side
We have also considered skipping the L2 multi-sig and relying on messages sent from L1 for administrative needs. However, there are two main reasons we propose handling it with multi-sig at least for now:
- From our research, it looks like implementing proper L1 → L2 message sending to control the L2 bridge would take additional time and extend the codebase by several smart contracts. This can be done later as an upgrade if it appears to be necessary.
- In case of L1 → L2 connectivity issues, we would still need an emergency multi-sig on the L2 side.
We would like to nominate a few Lido core contributors for the multi-sigs on both Ethereum and Optimism sides. The proposed signers would be:
- @vsh - Lido’s tech lead;
- @skozin - Lido’s core protocol developer;
- @ujenjt - Lido’s core protocol developer;
- @kadmil - Lido’s core protocol developer;
- @psirex - Lido’s integrations team developer.
We propose having at least a 4/7 multi-sig on each side, thus, you are very much welcome to nominate more signers for the Bridge Guardian multi-sig.