Current state of Gas Station Network

As a developer and product owner,
I’d like to know the risks of using GSN. Specifically, I’m curious:

  1. Is GSN codebase is final?
    I know, I know, the software code is never final. But from security standpoint, I’d need to know how this risk is mitigated for dapp owners. Can we safely implement GSN into contracts at this moment?
    What is the current plan and status for GSN? Is it production ready? Is it still in development?

  2. What if something changes? Do all relayers will switch to new code or some relayers will still support the old codebase version?

  3. How Dapp owners can be notified about security issues before the public news?

2 Likes

Hi @rstormsf,

  1. Status of GSN

    https://docs.openzeppelin.com/openzeppelin/index.html
    Gas Station Network is still in beta.

    You can also implement your dapp contracts as OpenZeppelin SDK upgradeable contracts.

  2. Will Relayers support the old codebase?

    I assume that Relayers will most likely operate wherever they are profitable.

    As a fallback, you can always run your own Relayer if needed.

  3. How Dapp owners can be notified about security issues?

    I don't know how this will work. For GSN contracts in OpenZeppelin Contracts then I assume no different from any other contract in the library.

  1. Really? I’d be able to have super powers of the contract.
1 Like

Hi @rstormsf,

It depends on your use case. :smile:

The upgrade mechanism for smart contracts can be controlled by any type of governance, be it a multi-sig wallet, a simple address or a complex DAO.

Example using a multi-sig:
https://docs.openzeppelin.com/sdk/2.5/upgrades-governance

right, I’d have to have a headache of creating DAO, figuring out how to run a DAO, issue some sort of token dao, etc etc

1 Like

A multi-sig might suffice for governance depending on who the signatories are.

It also depends on your use case and how you would handle the need to update functionality if required.

The deployed RelayHub has been through several audits by several different people, so I’d say it’s pretty secure, and unlikely that a problem will be found. There’s plenty of room for improvement, though, (for example in terms of efficiency) so there might be a version 2 of RelayHub at some point. In that scenario, there will probably still be relayers for version 1, as long as there are contracts willing to pay for the relaying service.

We have not yet thought about ways of disclosing security issues.

1 Like