As of 2024, OP mainnet relies on the security of a single multisig wallet that is managed by several anonymous individuals. The wallet holds enormous power, including the ability to “upgrade core OP Mainnet smart contracts without upgrade delays”, per the Optimism docs. This is related to Optimism’s Security Council, which would assume control over the multisig wallet and be able to:
- Upgrade L1 protocol contracts for all OP chains participating on mainnet
- Modify roles within the system, including sequencers, batchers, proposers, challengers, and Security Council membership
The Security Council's initiation on OP Mainnet is a two-phase process. In Phase 0, the Council will co-sign with the Foundation's multisig for OP Mainnet protocol upgrades. Phase 1 will see the Council solely controlling a multisig for protocol upgrades, including a 14-day delay for L1 upgrades and extended pause functionality for critical vulnerabilities. This rollout necessitates three votes by the Token House: approving the Council's role in Phase 0, ratifying initial members, and endorsing the full security model in Phase 1. This new structure aims to enhance the security and governance of OP Mainnet.
The Token House is set to review and vote on three key proposals related to the Security Council's staged rollout:
- - Approve the Security Council as a co-signer on a 2/2 multisig for OP Mainnet's protocol upgrades in Phase 0.
- - Ratify the initial Security Council members for both Phase 0 and Phase 1, with subsequent elections each season.
- Vote #3 - Implement Phase 1's full Security Council initiation, requiring a protocol upgrade.
Optimism mainnet has been thoroughly reviewed and covered by platforms such as CertiK and OpenZepplin to review the strength and security of its base smart contracts.
Optimism was reviewed by Open Zeppelin in late 2021. The OpenZeppelin audit of Optimism's smart contracts focused on several key areas: security flaws in the fraud proof verification process, issues in cross-domain deposits and withdrawals, transaction fee mishandling, and potential reward dynamics abuses. The report included numerous recommendations for overall system improvement. Further enhancements were suggested in areas like gas accounting, upgradeability, and interactions between contracts and off-chain services. The audit, overall, reflected a maturing codebase, emphasizing continued development and refinement.
CertiK’s monitoring of Optimism provides a comprehensive analysis of its performance across various key areas, crucial for understanding its place in the blockchain ecosystem.
In the Security Score, Optimism excels with a notable score of 87.58, which ranks it in the top 10% of projects evaluated. This high score is indicative of a robust security posture, which is crucial in blockchain, where security is paramount. A strong security score like this implies a lower risk of vulnerabilities and instills a higher degree of user trust in the platform.
Regarding Code Security, Optimism again demonstrates its strength with a score of 86.79. Ranking in the top 10%, this score reflects a well-structured and secure coding framework. In comparison to other projects in the blockchain space, this high code security score positions Optimism favorably, suggesting a lower risk of code-based exploits and a reliable foundation for its operations.
Optimism lags behind in Governance with a score of 70.00, placing it in the top 55% percentile. This suggests that there is room for improvement in governance mechanisms. Effective governance is essential for ensuring transparency, fairness, and the alignment of the project with its stakeholders' interests. Of course, this was somewhat addressed with Airdrop 3, which incentivized users to participate in governance and delegate their tokens, though Optimism still has a ways to go.
Centralization Concerns
Sequencers
In the realm of Ethereum rollups, a centralized sequencer is a pivotal yet controversial element. This entity is tasked with gathering L2 transactions, forming them into blocks, and submitting them to Ethereum. The centralized nature of the sequencer in most current rollups introduces several risks, including being a single failure point, potential for transaction censorship, and aggressive MEV extraction.
The current structure of the Optimism network hinges on a sole sequencer operated directly by the Optimism Foundation. This crucial component falls under the watchful eye of a Security Council chosen through elections, tasked with safeguarding the network. This council has the authority to manage protocol upgrades and ensure the network's integrity by monitoring the sequencer's fidelity, among other security measures. As a result, the responsibility to challenge the legitimacy of transactions, should there be any suspicion of foul play, is limited to just eight selected individuals. However, this arrangement was intended only as a provisional measure pending the introduction of Optimism’s “Fault Proof” system, aimed at affirming transaction validity prior to their finalization on Ethereum’s blockchain.
*June 2024 Update: Fault Proofs Go Live on OP Mainnet*
The OP Mainnet has reached a significant milestone with the implementation of governance-approved, permissionless fault proofs, marking the OP Stack's arrival at the "Stage 1" level of rollup security, as dictated by Layer2Beat.
The core feature of this update is the Permissionless Fault Proof System, which enables the initiation of ETH and ERC-20 token withdrawals from OP Mainnet without the need for trusted third-party involvement. This system empowers any user to challenge and remove invalid withdrawals, promoting a more decentralized and trustless environment. Despite the permissionless nature of this system, the Optimism Security Council retains the authority to revert to a permissioned state if necessary, ensuring system stability and security.
The inclusion of a fallback mechanism is crucial for the responsible deployment of the Fault Proof System. This precaution aligns with industry standards and ensures a robust and secure network, meeting the criteria for Stage 1 as defined by L2Beat.
Reaching Stage 1 capabilities involves more than just the implementation of fault proofs. The OP Stack incorporates additional safeguards specifically designed to enhance system security. These measures enable the Security Council to respond promptly and effectively in case of any bugs or vulnerabilities.
If these safeguards are activated, all pending withdrawals will be reset, requiring a reproving process to ensure the integrity of the system. This approach underscores the commitment to security as a paramount consideration in the development of the OP Stack. The combined efforts of fault proofs and these targeted safeguards fortify the system, ensuring a resilient and secure environment for users.
