The language/structure of the spell-crafter-mainnet-workflow.md needs to be updated to more clear conditional structure to avoid misunderstanding and simplify onboarding of new team members. Same as we did for the mainnet-reviewer checklist in this PR: #18

Goal

Schedule with improved accountability

Context

Currently, the part of the crafter checklists is the timeline which not everyone follows and which doesn't explicitly specify responsible parties and their deadlines. Therefore, the proposal is to update the timeline with a schedule that specify deadlines but also account for complex situations and delays.

Assets

Tasks

• Make new proposal
• Discuss
• Update schedule in the checklists

The schedule that everyone in the spell team seems to agree to follow is not currently part of the repo, therefore harder to find, harder to make changes to, confusing for outsiders who still see the old cadence proposal:

Goal

Checklists do not enforce processes that are blocked in case a single service is down

Context

Recently, spell team experienced downtime of etherscan, which caused a multi-hour delay in the spell handover and later confusion among delegates on why contract is not verified on etherscan. The delay was resolved by unanimous agreement within the spell team to proceed with an alternative verifier service and later still use etherscan to verify contract and resolve the confusion. Another reason to not depend on a single service is of course security: it's much easier to compromise a single crucial service documented in the process, than try to attack multiple independent services at the same time.

In order to prepare to such events, we should 1) evaluate existing dependencies 2) evaluate potential circumventions 3) proceed with removing dependencies one-by-one.

Todo

• List existing dependencies found in the checklists / known processes
• List potential circumventions (general or applicable to each specific dependency)
• Create first specific issue to remove dependency on etherscan

• Update "spell coordination schedule" #13
• Add schedule into the checklist, so it goes through the the standard review process and becomes official after merge

Context

We're targeting mainnet-only spell to be on March 6th: on this spell the new process is used fully, no shortcuts, no exceptions unless security is the issue. Therefore, current process needs to be changed to accommodate the new Tenderly-related checks.

Tasks

• Update mainnet checklists and processes
• Add to the current process that cast-on-tenderly is done by the crafter
• Transfer relevant checks from the goerli cast stage to the mainnet

Goal

Spell process is not blocked in case etherscan is down/not available

Context

As per the parent issue #29, currently there are multiple places in process which refer to etherscan as place to check something. But as etherscan is a centralised tool, we have to expect a possibility that 1) it is down 2) it is compromised and prepare accordingly.

Places where we refer to etherscan

• Check Rely events
  

  pe-checklists/spell/spell-reviewer-mainnet-checklist.md

  Line 92 in 1aa58ee

  * [ ] Ensure that there are no other `Rely` events except for `PAUSE_PROXY` and `MCD_ESM` (using a block explorer like [etherscan](https://etherscan.io))

• Check source code of a new contract
  

  pe-checklists/spell/spell-reviewer-mainnet-checklist.md

  Line 93 in 1aa58ee

  * [ ] Source code matches corresponding github source code (e.g. diffcheck via vscode `code --diff etherscan.sol github.sol`)

• Check deployed spell (manually)
  

  pe-checklists/spell/spell-reviewer-mainnet-checklist.md

  Line 347 in 1aa58ee

  * [ ] Deployed spell is verified on etherscan

  
  

  pe-checklists/spell/spell-reviewer-mainnet-checklist.md

  Line 368 in 1aa58ee

  * [ ] Ensure Etherscan `Libraries Used` matches DssExecLib [Latest Release](https://github.com/makerdao/dss-exec-lib/releases/latest)

• Checks deployed spell (using API)
  

  pe-checklists/spell/spell-reviewer-mainnet-checklist.md

  Lines 355 to 360 in 1aa58ee

  	* Automated checks via `make check-deployed-spell`
  	* [ ] Verified
  	* [ ] Valid license
  	* [ ] Version matches
  	* [ ] Optimizations are disabled
  	* [ ] dss-exec-lib library address used (under 'Libraries Used') matches the hardcoded local `DssExecLib.address` file

• Get priority fee
  

  pe-checklists/spell/spell-crafter-mainnet-workflow.md

  Line 182 in 1aa58ee

  * [ ] Check [current gas priority fee](https://etherscan.io/gastracker) and set `ETH_PRIO_FEE` accordingly (e.g. 2 gwei)

Proposed circumvention

Use multiple different services to verify the source code.

Tasks

• Extend the verification script
  • Send flattened code to multiple services (potentially using forge verify-contract instead of making raw requests)
  • Ensure requests to services are non-blocking (in case one service is down)
• Editing checklists
  • Replace "etherscan" with "at least 2 trusted block scanners"
  • Define/refer to a "list of trusted blocks canners" (used by the verification script)
  • Get priority fee from a more decentralised source (or otherwise make it a recommendation)
• Replace or remove automatic check of the source code