Proposal - Protocol R&D Special Purpose Entity

Hey there :waving_hand:

Sidestream Protocol R&D SPE here - below is our fourth monthly update. As you are now probably aware from the announcement, we recently executed a significant protocol update, which is the reason we delayed this post by a few days. Originally, the update was planned for last Thursday, but had to be delayed.

Protocol R&D SPE - Sidestream - Update #4

  • Status: On track
  • Summary: Similar to April, we had a strong focus on vulnerability response work with several reports that required end-to-end processing. Additionally, we’ve facilitated a protocol update, which was executed on 2026-06-01. This update contains a new L1Migrator contract on the Ethereum Mainnet and the respective required adjustment on the Arbitrum network to close a reported attack vector that was so far mitigated by pausing the previous migrator contract.
  • Key achievements
    • Protocol update: We deployed a new L1Migrator contract on Ethereum Mainnet (at a new address, since it’s not a proxy) to close a reported attack vector, and updated the L2Migrator state on Arbitrum to accept messages from it. To further reduce the protocol’s attack surface, we also removed unused one-time functionalities from the L1Migrator and revoked the old L1Migrator’s rights to transfer LPT or ETH via the BridgeMinter. All of this was facilitated via our structured update process in collaboration with the Livepeer Security Committee, culminating in the 2026-06-01 update.
    • Immunefi response: Maintained continuous team-on-duty coverage to ensure timely reaction to incoming vulnerability reports. Processed several vulnerability reports end-to-end, including significant weekend and out-of-office hour action.
    • Testnet proposal: We temporarily deprioritized work on the testnet to focus on the protocol update and vulnerability response work, as this work is the core of our mandate.
    • Backlog orchestration: Extended the backlog with further protocol update candidates, collected input from external stakeholders where needed, and kept prioritising the various candidates. For one contended protocol update development has started in order to include it in the next protocol update.
  • Planned by Next Update:
    • Deployment: Prepare the next protocol update from the structured backlog.
    • Immunefi Response: Process all Immunefi submissions in time, based on their severity, and finish currently still in-progress report assessments.
    • Feature Advancement: Advance the chosen feature towards its release.
  • ETA for Next Update: End of June 2026

Be aware: Due to the sensitive nature of our work, it is not possible to share links to many of the concrete artifacts we created (e.g., the processed vulnerability reports and their results) as these can only be shared with the Security Committee.

You can check implicit artifacts via the transactions (enable new L1Migrator on L2; offboarding paused L1Migrator on L1) and the forum announcement.

5 Likes