One challenge of migrating to L2s such as rollups and plasma for scalability is that a lot of infrastructure that we depend on today still depends on L1 blockchain accesses. This post proposes a way to resolve this problem for the specific use case of ENS names.
We define a class of actors called ENS attesters. Anyone can become an ENS attester by depositing tokens (ETH but potentially other things too) into an ENS attester contract, which has a predefined code whose logic is described below. If a wallet wants to resolve a particular ENS name where that name or a super-domain thereof appears on L1 to be owned by an L2 contract, it can send a message to an ENS attester (discoverable through a specialized p2p network, the ENS attester network) asking for a response message of the form
(block_height, name, address, signature) providing the address that the name resolves to at some given block height, plus a signature.
Logic for how ENS attesters are incentivized to respond is outside the scope of this proposal; this could be subsidized by dapp developers, or done through channel payments or some other means.
The ENS attester contract’s logic is as follows.
- Each instance of the contract maps to one ENS attester, and stores the attester’s public key (realistically, an ethereum address that ECDSA signatures can be ECRECOVER’d against)
- Funds deposited in the contract can be withdrawn but only with a 1 week withdrawal window.
- If an ENS attester signs a response message
(block_height, name, address, signature), and someone disagrees with the result, then they can take this signature and push it into the ENS attester contract, along with a deposit, via a
- The challenge function delays any withdrawals and begins a 2 week challenge period. The attester can successfully respond to a challenge by performing any required actions to cause the owner of the name (or a super-domain of the name) to make a contract call
assertHistoricalOwnership(block_height, name, address)to the attester contract, asserting that the given name resolved to the given address at the given block height. If the attester successfully responds, they get half the challenger’s deposit and the other half is burned. If they fail to respond, the challenger gets half the attester’s deposit (plus their deposit) and the other half gets burned.
The goal of this design is to be compatible with ENS names being stored in rollup or plasma settings. The goal is that rollups/plasmas would be designed with ENS support in such a way that the plasma/rollup contract would be the actual owner of the ENS name that is transferable inside the plasma/rollup, and the contract would be capable of making a contract call to assert its historical ownership.
Note that the
assertHistoricalOwnership standard could be applied at any level: at the level of the individual domain, or at the level of an ENS domain that lives entirely inside a rollup/plasma and contains many subdomains.
Asserting historical ownership, rather than present ownership, is needed to prevent attacks where some user
A asks for an assertation that some given
domain resolves to
A, and then quickly sending a transaction making it resolve to
B instead before the attester can do anything.