Add supporting security commentary to Router.sol

2025-04-22 22:18:15 +00:00 · 2025-01-27 07:36:23 -05:00 · 2025-01-27 07:36:23 -05:00 · 0957460f27
commit 0957460f27
parent ea00ba9ff8
1 changed files with 9 additions and 0 deletions
--- a/processor/ethereum/router/contracts/Router.sol
+++ b/processor/ethereum/router/contracts/Router.sol
@ -22,6 +22,15 @@ import "IRouter.sol";
  The `execute` function pays a relayer, as expected for use in the account-abstraction model. Other
  functions also expect relayers, yet do not explicitly pay fees. Those calls are expected to be
  justified via the backpressure of transactions with fees.
+
+  We do transfer ERC20s to contracts before their successful deployment. The usage of CREATE should
+  prevent deployment failures premised on address collisions, leaving failures to be failures with
+  the user-provided code/gas limit. Those failures are deemed to be the user's fault. Alternative
+  designs not only have increased overhead yet their own concerns around complexity (the Router
+  calling itself via msg.sender), justifying this as acceptable.
+
+  Historically, the call-stack-depth limit would've made this design untenable. Due to EIP-150, even
+  with 1 billion gas transactions, the call-stack-depth limit remains unreachable.
 */
 // slither-disable-start low-level-calls,unchecked-lowlevel