[SIP5.3] Emergency Whitelist of Sonic Timelock with Base SummerToken

0xtucks · March 25, 2025, 4:46pm

We’ve recently deployed the Lazy Summer Protocol to Sonic.

As part of Sonic’s onboarding we needed to connect it up to LayerZero’s backbone to enable cross-chain messaging.

A crucial whitelisting of Sonic’s Timelock contract with Base’s SummerToken contract was missed. Without this whitelisting we’re unable to bridge SUMR to Sonic to fulfil rewards.

The fix for this is here: Lazy Summer DAO (Official) | SIP5.3: Whitelist Sonic Timelock with Base SummerToken

Essentially, we cannot execute this proposal → Lazy Summer DAO (Official) | SIP3.2: Cross-chain Reward Setup Proposal for LazyVault_LowerRisk_USDCe Fleet on Sonic

Given, this is of highest priority, I’m going to publish the proposal on-chain shortly to limit any further delays. The standard on-chain voting delay and voting period are still in effect. But, I’m keen to minimise the hold up.

Thank you for your patience.

rspa_StableLab · March 26, 2025, 3:58pm

Thanks for the quick response to this issue.

Just from a security point of view: Will the regular checks of smart contracts still apply before execution?

0xtucks · March 26, 2025, 9:03pm

Absolutely.

In this case, there’s no new contract code so that simplifies things.

It’s a whitelist of only of one address:

Here is the tenderly simulation (Tenderly Dashboard) taken from Tally | Lazy Summer DAO (Official) | SIP5.3: Whitelist Sonic Timelock with Base SummerToken so folks can double check

Note: the account being whitelisted in the trace is 0x4c32A28AD95deaBc06bF7C83AdEbCF6fe6721ED9

Which is the SummerTimelockController on Sonic → SummerTimelockController | Address 0x4c32a28ad95deabc06bf7c83adebcf6fe6721ed9 | SonicScan Block Explorer

The reason we have to whitelist a Sonic address on Base is because in LayerZero’s send method we have transfer restrictions applied there as well.

The relevant contract code is below.

And in github: lazy-summer-protocol/packages/gov-contracts/src/contracts/SummerToken.sol at 0f3353093223704060cccd187fd0e0403f69d59f · OasisDEX/lazy-summer-protocol · GitHub

        // Convert bytes32 to address using uint256 cast
        address to = address(uint160(uint256(_sendParam.to)));

        // Allow transfers if:
        // 1. Transfers are enabled globally, or
        // 2. The target address is whitelisted, or
        // 3. The sender is sending to themselves
        if (
            !transfersEnabled && !whitelistedAddresses[to] && to != msg.sender
        ) {
            revert TransferNotAllowed();
        }

rspa_StableLab · March 31, 2025, 8:52am

Amazing! Thank you for the detailed response.

Topic		Replies	Views
[SIP3.1] Whitelist Reward Contracts to allow SUMR Rewards to be claimed and bridged Summer Improvement Proposals sumr , base , rewards , sip3	10	142	February 15, 2025
[SIP2.4] Onboard additional Silo Arks into the USDC.E Sonic Vault Summer Improvement Proposals usdc , sip2 , ark-onboarding , sonic	1	60	April 18, 2025
[SIP3.4] Extend and Adjust Vault Rewards Emissions Summer Improvement Proposals rewards , sip3 , sumr	3	63	May 16, 2025
Lazy Summer Foundation: Introduction and SUMR Timelock transfer General Discussion intro	0	37	March 10, 2025
[SIP0] Governance Process Summer Improvement Proposals sip0	11	145	February 12, 2025

[SIP5.3] Emergency Whitelist of Sonic Timelock with Base SummerToken

Related topics