-
Notifications
You must be signed in to change notification settings - Fork 691
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lower governor limits of chains based upon usage #4102
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me as long as the rest of the security team agrees.
1821c66
to
cf2cfcf
Compare
@mdulin2 I'm getting test failures running locally, e.g.:
Probably because we've never used a chain limit of 0. It's worth going into these tests and figuring out acceptable modifications for limits of 0. |
Good catch John. I'll see what the issue is and make some changes. How do you run all of the tests locally? I always get annoying build errors when I try to run the entire test suite. |
@johnsaigle Tests should be fixed now. @kcsongor says that changing the tests to allow for a limit of 0 seems fine with the new consideration of deprecating chains. |
08037e8
to
0c245d6
Compare
0c245d6
to
d8eabfa
Compare
I did some analysis of the token bridge for various chains over the course of 90 days. If the governor limit was not close to being reached (lower than maximum usage of 90% within time frame), then they do not need to be as high. Lowering the Governor limit is a good security win for limiting the impact of an exploit.
From my analysis, here is the maximum Governance usage that I found within the 90 day period:
Avalanche (13.62%)Polygon (14.64%)