update intro content and add new security considerations (#3175)

* update intro content and add new security considerations

* add deprecated v2

* Update security.mdx

Author: gfletcher-cll

src/config/sidebar.ts

@@ -1608,7 +1608,7 @@ export const SIDEBAR: Partial<Record<Sections, SectionEntry[]>> = {
       ],
     },
     {
-      section: "VRF V2 [Legacy]",
+      section: "VRF V2 [DEPRECATED]",
       contents: [
         {
           title: "VRF V2 Subscription Method",
@@ -2106,7 +2106,7 @@ export const SIDEBAR: Partial<Record<Sections, SectionEntry[]>> = {
   ],
   [SIDEBAR_SECTIONS.LEGACY]: [
     {
-      section: "VRF V2 Subscription Method [Legacy]",
+      section: "VRF V2 Subscription Method [DEPRECATED]",
       contents: [
         {
           title: "Migrate to VRF V2.5",
@@ -2143,7 +2143,7 @@ export const SIDEBAR: Partial<Record<Sections, SectionEntry[]>> = {
       ],
     },
     {
-      section: "VRF V2 Direct Funding Method [Legacy]",
+      section: "VRF V2 Direct Funding Method [DEPRECATED]",
       contents: [
         {
           title: "Migrate to VRF V2.5",

src/content/vrf/index.mdx

@@ -15,7 +15,9 @@ import { Aside } from "@components"
 
 <Vrf2_5Common callout="security" />
 
-**Chainlink VRF (Verifiable Random Function)** is a provably fair and verifiable random number generator (RNG) that enables smart contracts to access random values without compromising security or usability. For each request, Chainlink VRF generates one or more random values and cryptographic proof of how those values were determined. The proof is published and verified onchain before any consuming applications can use it. This process ensures that results cannot be tampered with or manipulated by any single entity including oracle operators, miners, users, or smart contract developers.
+**Chainlink VRF (Verifiable Random Function)** is a provably fair and verifiable random number generator (RNG) that enables smart contracts to access random values without compromising security or usability. For each request, Chainlink VRF generates one or more random values and cryptographic proof of how those values were determined. The proof is published and verified onchain before any consuming applications can use it. This process helps ensure that results cannot be tampered with or manipulated by any single entity including oracle operators, smart contract developers, users, miners, or block builders\*.
+
+\*In the unlikely event that an adversary compromises VRF's randomness-generating secret key and obtains the ability to construct blocks on the target chain, they could strongly bias the result.
 
 <Aside type="note" title="Migrate to V2.5">
   Follow the [migration guide](/vrf/v2-5/migration-from-v2) to learn how VRF has changed in V2.5 and to get example

src/content/vrf/v2-5/security.mdx

@@ -6,13 +6,6 @@ title: "VRF Security Considerations"
 
 Gaining access to high quality randomness onchain requires a solution like Chainlink's VRF, but it also requires you to understand some of the ways that miners or validators can potentially manipulate randomness generation. Here are some of the top security considerations you should review in your project.
 
-- [Use `requestId` to match randomness requests with their fulfillment in order](#use-requestid-to-match-randomness-requests-with-their-fulfillment-in-order)
-- [Choose a safe block confirmation time, which will vary between blockchains](#choose-a-safe-block-confirmation-time-which-will-vary-between-blockchains)
-- [Do not allow re-requesting or cancellation of randomness](#do-not-allow-re-requesting-or-cancellation-of-randomness)
-- [Don't accept bids/bets/inputs after you have made a randomness request](#dont-accept-bidsbetsinputs-after-you-have-made-a-randomness-request)
-- [The `fulfillRandomWords` function must not revert](#fulfillrandomwords-must-not-revert)
-- [Use `VRFConsumerBaseV2Plus` in your contract to interact with the VRF service](#use-vrfconsumerbasev2plus-in-your-contract-to-interact-with-the-vrf-service)
-
 ## Use `requestId` to match randomness requests with their fulfillment in order
 
 If your contract could have multiple VRF requests in flight simultaneously, you must ensure that the order in which the VRF fulfillments arrive cannot be used to manipulate your contract's user-significant behavior.
@@ -54,3 +47,11 @@ If your `fulfillRandomWords()` implementation reverts, the VRF service will not
 ## Use `VRFConsumerBaseV2Plus` in your contract, to interact with the VRF service
 
 If you implement the [subscription method](/vrf/v2-5/overview/subscription), use `VRFConsumerBaseV2Plus`. It includes a check to ensure the randomness is fulfilled by `VRFCoordinatorV2_5`. For this reason, it is a best practice to inherit from `VRFConsumerBaseV2Plus`. Similarly, don't override `rawFulfillRandomness`.
+
+## Avoid ERC-4337 account-abstracted (smart-account) wallets for subscription management
+
+Pre-signed ERC-4337 UserOperations can be executed by any bundler until they expire. If executed inside a fulfillment transaction callback, the subscription management call can no-op, delaying or preventing the change.
+
+## Keep your subscription funded well above the minimum balance
+
+Fulfillments require sufficient subscription balance at processing time. If the balance sits near the minimum and multiple consumers make concurrent requests, fulfillments can be delayed. After adding funds, it can take some time for previous requests to be processed again.

src/content/vrf/v2/direct-funding/index.mdx

@@ -16,10 +16,8 @@ metadata:
 import VrfCommon from "@features/vrf/v2/common/VrfCommon.astro"
 import { Aside, ClickToZoom } from "@components"
 
-<Aside type="tip" title="VRF V2.5 Direct Funding Method">
-  Refer to the [VRF V2.5 Direct Funding Method Introduction page](/vrf/v2-5/overview/direct-funding) to learn how the
-  direct funding method works in VRF V2.5. To compare V2.5 and V2, refer to the [migration
-  guide](/vrf/v2-5/migration-from-v2).
+<Aside type="caution" title="Migrate to VRF V2.5">
+  VRF V2.5 replaces both VRF V1 and VRF V2 on November 29, 2024. [Migrate to VRF V2.5](/vrf/v2-5/migration-from-v1).
 </Aside>
 
 <VrfCommon callout="directFunding" />

src/content/vrf/v2/subscription/index.mdx

@@ -17,10 +17,8 @@ import VrfCommon from "@features/vrf/v2/common/VrfCommon.astro"
 import { Aside, ClickToZoom } from "@components"
 import { YouTube } from "@astro-community/astro-embed-youtube"
 
-<Aside type="tip" title="VRF V2.5 Subscription Method">
-  Refer to the [VRF V2.5 Subscription Method Introduction page](/vrf/v2-5/overview/subscription) to learn how the
-  subscription method works in VRF V2.5. To compare V2.5 and V2, refer to the [migration
-  guide](/vrf/v2-5/migration-from-v2).
+<Aside type="caution" title="Migrate to VRF V2.5">
+  VRF V2.5 replaces both VRF V1 and VRF V2 on November 29, 2024. [Migrate to VRF V2.5](/vrf/v2-5/migration-from-v1).
 </Aside>
 
 <VrfCommon callout="subscription" />