Search
Search for projects by name or address
Base Chain
Badges
About
Base is an Optimistic Rollup built with the OP Stack. It offers a low-cost and builder-friendly way for anyone, anywhere, to build onchain.
Interop protocols used
Tokens transferred
Badges
About
Base is an Optimistic Rollup built with the OP Stack. It offers a low-cost and builder-friendly way for anyone, anywhere, to build onchain.
Stages changes
The project will move to Stage 0 because:
The proof system does not meet the minimum trusted setup requirements defined in the L2BEAT trusted setup assessment framework.
2025 Jun 18 — 2026 Jun 18
The section shows the operating costs that L2s pay to Ethereum.
2025 Jun 18 — 2026 Jun 18
This section shows how much data the project publishes to its data-availability (DA) layer over time. The project currently posts data toEthereum.
2025 Jun 18 — 2026 Jun 18
This section shows how "live" the project's operators are by displaying how frequently they submit transactions of the selected type. It also highlights anomalies - significant deviations from their typical schedule.
2026 May 19 — Jun 18
Last 30 day anomalies
All liveness anomalies detected for this project in the last 30 days, helping you review recent downtime and availability issues.
No Tx data submissions were performed for 7h 2m 36s (from 2026 Jun 05, 13:57 UTC until 2026 Jun 05, 21:00 UTC). These typically occur every 43s on average.
No State updates were performed for 43h 48m (from 2026 May 29, 01:02 UTC until 2026 May 30, 20:50 UTC). These typically occur every 20min 22s on average.
No State updates were performed for 14h 2m (from 2026 May 27, 03:20 UTC until 2026 May 27, 17:22 UTC). These typically occur every 20min 22s on average.
No State updates were performed for 3h 28m 24s (from 2026 May 26, 19:49 UTC until 2026 May 26, 23:18 UTC). These typically occur every 20min 22s on average.
Base Azul: multi-proof
2026 May 26th
Base activates the multiproof system combining TEE attestations and SP1 ZK proofs.
Base leaves the Superchain
2026 Mar 4th
Base decouples from Optimism Superchain governance with its own upgrade path.
Fraud proofs allow actors watching the chain to prove that the state is incorrect. Single round proofs (1R) prove the validity of a state proposal, only requiring a single transaction to resolve. A fault proof eliminates a state proposal by proving that any intermediate state transition in the proposal results in a different state root. For either, a ZK proof is used.
All of the data needed for proof construction is published on Ethereum L1.
There is no window for users to exit in case of an unwanted upgrade since contracts are instantly upgradable. Upgrades need to be approved by 2 parties: the Base Coordinator Multisig and the Base Security Council.
New requirements coming soon
The proof system does not meet the minimum trusted setup requirements defined in the L2BEAT trusted setup assessment framework.
All data required for proofs is published on chain
All the data that is used to construct the system state is published on chain in the form of cheap blobs or calldata. This ensures that it will be available for enough time.
- Derivation: Batch submission - OP Mainnet specs
- BatchInbox - address
- OptimismPortal2.sol - source code, depositTransaction function
Ethereum
State roots are proposed by calling DisputeGameFactory.create with the AggregateVerifier game type, posting a bond of 0.05 ETH. Each proposal must include an initial proof (TEE attestation or ZK proof) over the range of 600 L2 blocks split into sub-ranges of 30 blocks. With a single proof, the game resolves after 7d; if both proof arms commit, the window collapses to 1d.
Any party that produces a valid ZK proof of an incorrect intermediate root can call AggregateVerifier.challenge, contradicting a TEE-only proposal. The challenger’s proof is verified onchain via the SP1 verifier gateway. If the challenge stands until the resolution window closes, the original proposer’s bond is awarded to the challenger and the game resolves CHALLENGER_WINS. Soundness contradictions within a single proof arm are caught by AggregateVerifier.nullify, which permanently disables that arm’s verifier contract for all games.
All contracts are upgradable by a ProxyAdmin contract controlled by a nested 2/2 Base Governance Multisig composed of the Base Coordinator Multisig and the Base Security Council. Upgrades require approval from both parties. There is no delay on upgrades. The Guardian role for the SuperchainConfig is assigned to the Base Governance Multisig, which can pause and unpause withdrawals. Base Multisig 1 serves as Incident Responder and can pause withdrawals but cannot unpause or extend pauses. Each pause automatically expires after 3 months if not extended by the Guardian. The single Sequencer actor can be modified by Base Multisig 1 via the SystemConfig contract. The Base Governance multisig can also recover dispute bonds in case of bugs that would distribute them incorrectly.
State validation runs through the AggregateVerifier game type (621), which accepts either an AWS Nitro TEE attestation or an SP1 ZK proof. The TEE prover allowlist in the TEEProverRegistry is managed solely by the Base Coordinator Multisig (without Base Security Council approval), and a separate Manager EOA can register or deregister enclave signers. The ZK arm routes through a Base-owned SP1 verifier gateway; the Base Governance Multisig can add or freeze verifier routes. The Base Governance Multisig can swap the AggregateVerifier implementation, change the respected game type, blacklist individual games, or retire all in-flight games via the AnchorStateRegistry.
Past upgrades
The metrics include upgrades on the currently used proxy contracts. Historical proxy contracts and changes of such are not included.
2026 June 10, 15:32 UTC4changesRotated TEE signers.
Rotated TEE signers.
| contract TEEProverRegistry (eth:0x1af2A7E537DE2eE795DE5B8BfbB1Ad0DD513A5aA) [base/TEEProverRegistry] { | |
| +++ description: Registry of authorized TEE enclave signers and proposer addresses used by the TEEVerifier. Owner can add or remove allowlisted proposers via setProposer (onlyOwner) and set the AggregateVerifier game type lookup. Owner and Manager can register or deregister enclave signers via registerSigner / deregisterSigner. Registration requires a Risc0 ZK proof of a valid AWS Nitro attestation document verified by the NITRO_VERIFIER. | |
| +++ severity: LOW | |
| values.getRegisteredSigners.0: | |
| - | "eth:0xBeF9176fa15489735Cc8B1ddD97E53b4a656287e" |
| + | "eth:0x8a2B99252bad63813e704237Bf2A40A6a4cEBda9" |
| +++ severity: LOW | |
| values.getRegisteredSigners.1: | |
| - | "eth:0xB830004297a91c10ed7428f462FCf0cc5073e9A2" |
| + | "eth:0xf3aef21F74AD989812D066ad3e51b986ED312875" |
| } |
2026 June 08, 13:23 UTCHigh severity2changesRotated TEE signer.
Rotated TEE signer.
| contract TEEProverRegistry (eth:0x1af2A7E537DE2eE795DE5B8BfbB1Ad0DD513A5aA) [base/TEEProverRegistry] { | |
| +++ description: Registry of authorized TEE enclave signers and proposer addresses used by the TEEVerifier. Owner can add or remove allowlisted proposers via setProposer (onlyOwner) and set the AggregateVerifier game type lookup. Owner and Manager can register or deregister enclave signers via registerSigner / deregisterSigner. Registration requires a Risc0 ZK proof of a valid AWS Nitro attestation document verified by the NITRO_VERIFIER. | |
| +++ severity: HIGH | |
| values.getRegisteredSigners.0: | |
| - | "eth:0xA200e289262F76dD422f688e65C453F5aeF7709B" |
| +++ severity: HIGH | |
| values.getRegisteredSigners.1: | |
| + | "eth:0xB830004297a91c10ed7428f462FCf0cc5073e9A2" |
| } |
2026 June 05, 13:53 UTCHigh severity2changesRotated TEE signer.
Rotated TEE signer.
| contract TEEProverRegistry (eth:0x1af2A7E537DE2eE795DE5B8BfbB1Ad0DD513A5aA) [base/TEEProverRegistry] { | |
| +++ description: Registry of authorized TEE enclave signers and proposer addresses used by the TEEVerifier. Owner can add or remove allowlisted proposers via setProposer (onlyOwner) and set the AggregateVerifier game type lookup. Owner and Manager can register or deregister enclave signers via registerSigner / deregisterSigner. Registration requires a Risc0 ZK proof of a valid AWS Nitro attestation document verified by the NITRO_VERIFIER. | |
| +++ severity: HIGH | |
| values.getRegisteredSigners.0: | |
| - | "eth:0xA4F50DA2549C7E79C175a1359e7DAa97139Dd611" |
| +++ severity: HIGH | |
| values.getRegisteredSigners.1: | |
| + | "eth:0xBeF9176fa15489735Cc8B1ddD97E53b4a656287e" |
| } |
2026 June 03, 08:03 UTCHigh severity118changesAzul multiproof activated: state validation now combines a TEE attestation arm and an SP1 ZK proof arm, either un-nullified proof resolves a game. OptimismPortal2 impl 0x97cEbbf8 → 0x66d94eE8 . proofMaturityDelaySeconds 604800 (7d) → 86400 (1d); disputeGameFinalityDelaySeconds 302400 (3.5d) → 0; respectedGameType 0 → 621 (now read from AnchorStateRegistry). https://disco.l2beat.com/diff/eth:0x97cEbbf8959e2A5476fbe9B98A21806Ec234609B/eth:0x66d94eE8F529b683ED6013729784e8bb44697A64 DisputeGameFactory impl 0xc040F392 → 0x468C2345 . https://disco.l2beat.com/diff/eth:0xc040F392E52Cb6970CA8E110c280fE24E07C5e2c/eth:0x468C2345D1d409d5b0F2f8bE4aE2082150cC1a0c AnchorStateRegistry (0x909f6cf4) impl 0x36398155 → 0x4483F964 . Now stores respectedGameType (621) and retirementTimestamp (1779825599); legacy vmFromGame , wethFromGame , oracleFromVm , challengePeriodFromOracle , absolutePrestateFromGame removed. https://disco.l2beat.com/diff/eth:0x36398155Cd17cfe804F69b233eDDA800DD4D5aA5/eth:0x4483F964F6711Cb55f633820ED174E780369b99D Game type 621 = AggregateVerifier 0xeEcb8A5944…D259 v0.1.0, bond 0.05 ETH. TEE VERIFIER=0x1FbA0C57…2228 v0.2.0, ZK VERIFIER=0xB88D95bDf…9B75 v0.1.0 → SP1VerifierGateway=0xdc32E22863…C106 → SP1 v6.1.0 0xb69f2584…f4e2 . DELAYED WETH=0xd0D07924…EF71 , SLOW FINALIZATION DELAY=7d , FAST FINALIZATION DELAY=1d , PROOF THRESHOLD=1 . Game types registered on the new factory: 1 = 0x58bf355C (PermissionedDisputeGame v2.2.0, fallback), 621 = AggregateVerifier (respected). All other types empty. ProxyAdmin upgrade rights moved from deleted DelayedWETHs to new DelayedWETH PermissionlessGames and second ASR. Base Governance Multisig gained emergency-withdraw on DelayedWETH PermissionlessGames .
Azul multiproof activated: state validation now combines a TEE attestation arm and an SP1 ZK proof arm, either un-nullified proof resolves a game.
OptimismPortal2 impl 0x97cEbbf8 → 0x66d94eE8. proofMaturityDelaySeconds 604800 (7d) → 86400 (1d); disputeGameFinalityDelaySeconds 302400 (3.5d) → 0; respectedGameType 0 → 621 (now read from AnchorStateRegistry). https://disco.l2beat.com/diff/eth:0x97cEbbf8959e2A5476fbe9B98A21806Ec234609B/eth:0x66d94eE8F529b683ED6013729784e8bb44697A64
DisputeGameFactory impl 0xc040F392 → 0x468C2345. https://disco.l2beat.com/diff/eth:0xc040F392E52Cb6970CA8E110c280fE24E07C5e2c/eth:0x468C2345D1d409d5b0F2f8bE4aE2082150cC1a0c
AnchorStateRegistry (0x909f6cf4) impl 0x36398155 → 0x4483F964. Now stores respectedGameType (621) and retirementTimestamp (1779825599); legacy vmFromGame, wethFromGame, oracleFromVm, challengePeriodFromOracle, absolutePrestateFromGame removed. https://disco.l2beat.com/diff/eth:0x36398155Cd17cfe804F69b233eDDA800DD4D5aA5/eth:0x4483F964F6711Cb55f633820ED174E780369b99D
Game type 621 = AggregateVerifier 0xeEcb8A5944…D259 v0.1.0, bond 0.05 ETH. TEE_VERIFIER=0x1FbA0C57…2228 v0.2.0, ZK_VERIFIER=0xB88D95bDf…9B75 v0.1.0 → SP1VerifierGateway=0xdc32E22863…C106 → SP1 v6.1.0 0xb69f2584…f4e2. DELAYED_WETH=0xd0D07924…EF71, SLOW_FINALIZATION_DELAY=7d, FAST_FINALIZATION_DELAY=1d, PROOF_THRESHOLD=1.
Game types registered on the new factory: 1 = 0x58bf355C (PermissionedDisputeGame v2.2.0, fallback), 621 = AggregateVerifier (respected). All other types empty.
ProxyAdmin upgrade rights moved from deleted DelayedWETHs to new DelayedWETH_PermissionlessGames and second ASR. Base Governance Multisig gained emergency-withdraw on DelayedWETH_PermissionlessGames.
| contract ProxyAdmin (eth:0x0475cBCAebd9CE8AfA5025828d5b98DFb67E059E) [global/ProxyAdmin] { | |
| +++ description: None | |
| directlyReceivedPermissions.2.from: | |
| - | "eth:0x2453c1216E49704d84eA98a4daCd95738F2fC8Ec" |
| + | "eth:0x1af2A7E537DE2eE795DE5B8BfbB1Ad0DD513A5aA" |
| directlyReceivedPermissions.12: | |
| + | {"permission":"upgrade","from":"eth:0xd0D07924AdD740a87e41Ca8A0d4CBBf6b074EF71","role":"admin"} |
| } |
| - | Status: DELETED |
| contract PreimageOracle (eth:0x1fb8cdFc6831fc866Ed9C51aF8817Da5c287aDD3) [opstack/PreimageOracle] | |
| +++ description: The PreimageOracle contract is used to load the required data from L1 for a dispute game. |
| - | Status: DELETED |
| contract DelayedWETH (eth:0x2453c1216E49704d84eA98a4daCd95738F2fC8Ec) [opstack/DelayedWETH] | |
| +++ description: Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds. |
| contract DisputeGameFactory (eth:0x43edB88C4B80fDD2AdFF2412A7BebF9dF42cB40e) [opstack/DisputeGameFactory_v2] { | |
| +++ description: The dispute game factory allows the creation of dispute games, used to propose state roots and eventually challenge them. This variant exposes per-type reads only; the legacy array views (gameImpls[], initBonds[]) were removed in the new implementation. | |
| template: | |
| - | "opstack/DisputeGameFactory" |
| + | "opstack/DisputeGameFactory_v2" |
| sourceHashes.1: | |
| - | "0x8f21dbc160582c568a2a925ddad1b2bb889a9f72bac2067c6e72d43b662ef538" |
| + | "0x780eaf9d8daa77c3325b79e5f3467c1bd8eec57b5d7e84651bdf2d24754d6838" |
| description: | |
| - | "The dispute game factory allows the creation of dispute games, used to propose state roots and eventually challenge them." |
| + | "The dispute game factory allows the creation of dispute games, used to propose state roots and eventually challenge them. This variant exposes per-type reads only; the legacy array views (gameImpls[], initBonds[]) were removed in the new implementation." |
| values.$implementation: | |
| - | "eth:0xc040F392E52Cb6970CA8E110c280fE24E07C5e2c" |
| + | "eth:0x468C2345D1d409d5b0F2f8bE4aE2082150cC1a0c" |
| values.$pastUpgrades.5: | |
| + | ["2026-05-26T19:59:59.000Z","0x75b1c9b2090ba2b311d6be08c319340b87dc1aabfae2505d126e7a0f1fc6b11c",["eth:0x468C2345D1d409d5b0F2f8bE4aE2082150cC1a0c"]] |
| values.$upgradeCount: | |
| - | 5 |
| + | 6 |
| values.game2000: | |
| - | "eth:0x0000000000000000000000000000000000000000" |
| values.gameImpls: | |
| - | ["eth:0x6dDBa09bc4cCB0D6Ca9Fc5350580f74165707499","eth:0x58bf355C5d4EdFc723eF89d99582ECCfd143266A","eth:0x0000000000000000000000000000000000000000","eth:0x0000000000000000000000000000000000000000","eth:0x0000000000000000000000000000000000000000","eth:0x0000000000000000000000000000000000000000","eth:0x0000000000000000000000000000000000000000"] |
| values.initBonds: | |
| - | ["80000000000000000","80000000000000000",0,0,0] |
| +++ severity: HIGH | |
| values.game0: | |
| + | "eth:0x0000000000000000000000000000000000000000" |
| +++ severity: HIGH | |
| values.game1: | |
| + | "eth:0x58bf355C5d4EdFc723eF89d99582ECCfd143266A" |
| +++ severity: HIGH | |
| values.game621: | |
| + | "eth:0xeEcb8A5944B217585817E802702b1262a049D259" |
| values.initBondGame0: | |
| + | "80000000000000000" |
| values.initBondGame1: | |
| + | "80000000000000000" |
| values.initBondGame621: | |
| + | "50000000000000000" |
| fieldMeta.gameImpls: | |
| - | {"severity":"HIGH"} |
| fieldMeta.game2000: | |
| - | {"severity":"HIGH"} |
| fieldMeta.game621: | |
| + | {"severity":"HIGH"} |
| fieldMeta.game0: | |
| + | {"severity":"HIGH"} |
| fieldMeta.game1: | |
| + | {"severity":"HIGH"} |
| implementationNames.eth:0xc040F392E52Cb6970CA8E110c280fE24E07C5e2c: | |
| - | "DisputeGameFactory" |
| implementationNames.eth:0x468C2345D1d409d5b0F2f8bE4aE2082150cC1a0c: | |
| + | "DisputeGameFactory" |
| } |
| contract OptimismPortal2 (eth:0x49048044D57e1C92A77f79988d21Fa8fAF74E97e) [opstack/OptimismPortal2] { | |
| +++ description: The OptimismPortal contract is the main entry point to deposit funds from L1 to L2. It also allows to prove and finalize withdrawals. It specifies which game type can be used for withdrawals, which currently is the AggregateVerifier. | |
| sourceHashes.1: | |
| - | "0x7883f2d27d696b1fa6259a97c561d651493c2c1324e9646e04dba10adcfd8a21" |
| + | "0x247eac30dea3a06b4a7142ac53d0b9ad882952c87406f165ec8721b0d97bd6da" |
| description: | |
| - | "The OptimismPortal contract is the main entry point to deposit funds from L1 to L2. It also allows to prove and finalize withdrawals. It specifies which game type can be used for withdrawals, which currently is the FaultDisputeGame." |
| + | "The OptimismPortal contract is the main entry point to deposit funds from L1 to L2. It also allows to prove and finalize withdrawals. It specifies which game type can be used for withdrawals, which currently is the AggregateVerifier." |
| values.$implementation: | |
| - | "eth:0x97cEbbf8959e2A5476fbe9B98A21806Ec234609B" |
| + | "eth:0x66d94eE8F529b683ED6013729784e8bb44697A64" |
| values.$pastUpgrades.10: | |
| + | ["2026-05-26T19:59:59.000Z","0x75b1c9b2090ba2b311d6be08c319340b87dc1aabfae2505d126e7a0f1fc6b11c",["eth:0x66d94eE8F529b683ED6013729784e8bb44697A64"]] |
| values.$upgradeCount: | |
| - | 10 |
| + | 11 |
| values.disputeGameFinalityDelaySeconds: | |
| - | 302400 |
| + | 0 |
| values.proofMaturityDelaySeconds: | |
| - | 604800 |
| + | 86400 |
| values.RespectedGameString: | |
| - | "FaultDisputeGame" |
| + | "AggregateVerifier" |
| +++ severity: HIGH | |
| values.respectedGameType: | |
| - | 0 |
| + | 621 |
| values.respectedGameTypeUpdatedAt: | |
| - | 1759862579 |
| + | 1779825599 |
| implementationNames.eth:0x97cEbbf8959e2A5476fbe9B98A21806Ec234609B: | |
| - | "OptimismPortal2" |
| implementationNames.eth:0x66d94eE8F529b683ED6013729784e8bb44697A64: | |
| + | "OptimismPortal2" |
| } |
| - | Status: DELETED |
| contract MIPS (eth:0x6463dEE3828677F6270d83d45408044fc5eDB908) [opstack/MIPS] | |
| +++ description: The MIPS contract is used to execute the final step of the dispute game which objectively determines the winner of the dispute. |
| - | Status: DELETED |
| contract FaultDisputeGame (eth:0x6dDBa09bc4cCB0D6Ca9Fc5350580f74165707499) [opstack/FaultDisputeGame] | |
| +++ description: Logic of the dispute game. When a state root is proposed, a dispute game contract is deployed. Challengers can use such contracts to challenge the proposed state root. |
| contract Base Governance Multisig (eth:0x7bB41C3008B3f03FE483B28b8DB90e19Cf07595c) [GnosisSafe] { | |
| +++ description: None | |
| receivedPermissions.2: | |
| + | {"permission":"interact","from":"eth:0xdc32E228636273285Befa5F001dBB5142517C106","description":"affect the liveness and safety of the gateway - can transfer ownership, add and freeze verifier routes.","role":".owner"} |
| receivedPermissions.3.from: | |
| - | "eth:0x2453c1216E49704d84eA98a4daCd95738F2fC8Ec" |
| + | "eth:0x1af2A7E537DE2eE795DE5B8BfbB1Ad0DD513A5aA" |
| receivedPermissions.14: | |
| + | {"permission":"upgrade","from":"eth:0xd0D07924AdD740a87e41Ca8A0d4CBBf6b074EF71","role":"admin","via":[{"address":"eth:0x0475cBCAebd9CE8AfA5025828d5b98DFb67E059E"}]} |
| } |
| contract AnchorStateRegistry (eth:0x909f6cf47ed12f010A796527f562bFc26C7F4E72) [opstack/AnchorStateRegistry_post20] { | |
| +++ description: Contains the latest confirmed state root that can be used as a starting point in a dispute game. This variant stores respectedGameType, retirementTimestamp, and disputeGameFinalityDelaySeconds locally and drops the legacy *FromGame fields, since the AggregateVerifier model does not expose vm()/weth()/absolutePrestate() on its game implementation. | |
| template: | |
| - | "opstack/AnchorStateRegistry_post13" |
| + | "opstack/AnchorStateRegistry_post20" |
| sourceHashes.1: | |
| - | "0xfdabc8b9b4db9b7aa78227b26e936abaf24f058502b96e8d9a293d49b1e89b47" |
| + | "0x9340bfba7b4bbba23fe6fc74f5da06cee233a4745de93049330a76ef3ce23972" |
| description: | |
| - | "Contains the latest confirmed state root that can be used as a starting point in a dispute game. It specifies which game type can be used for withdrawals, which currently is the FaultDisputeGame." |
| + | "Contains the latest confirmed state root that can be used as a starting point in a dispute game. This variant stores respectedGameType, retirementTimestamp, and disputeGameFinalityDelaySeconds locally and drops the legacy *FromGame fields, since the AggregateVerifier model does not expose vm()/weth()/absolutePrestate() on its game implementation." |
| values.$implementation: | |
| - | "eth:0x36398155Cd17cfe804F69b233eDDA800DD4D5aA5" |
| + | "eth:0x4483F964F6711Cb55f633820ED174E780369b99D" |
| values.$pastUpgrades.2: | |
| + | ["2026-05-26T19:59:59.000Z","0x75b1c9b2090ba2b311d6be08c319340b87dc1aabfae2505d126e7a0f1fc6b11c",["eth:0x4483F964F6711Cb55f633820ED174E780369b99D"]] |
| values.$upgradeCount: | |
| - | 2 |
| + | 3 |
| values.absolutePrestateFromGame: | |
| - | "0x033c000916b4a88cfffeceddd6cf0f4be3897a89195941e5a7c3f8209b4dbb6e" |
| values.challengePeriodFromOracle: | |
| - | 86400 |
| +++ severity: HIGH | |
| values.disputeGameFinalityDelaySeconds: | |
| - | 302400 |
| + | 0 |
| values.getStartingAnchorRoot.root: | |
| - | "0x9a37fe32cd2b49385bec0236b7b5c2177e71176bb306d19a49a8a77651ce2cd0" |
| + | "0xc34c9f98b74b2fb85a516e302f86bc9bedcf5623ab078a671d40beac0e120329" |
| values.getStartingAnchorRoot.l2SequenceNumber: | |
| - | 36233266 |
| + | 46302960 |
| values.initVersion: | |
| - | 1 |
| + | 2 |
| values.oracleFromVm: | |
| - | "eth:0x1fb8cdFc6831fc866Ed9C51aF8817Da5c287aDD3" |
| values.RespectedGameString: | |
| - | "FaultDisputeGame" |
| + | "AggregateVerifier" |
| +++ severity: HIGH | |
| values.respectedGameType: | |
| - | 0 |
| + | 621 |
| +++ severity: HIGH | |
| values.retirementTimestamp: | |
| - | 1759862579 |
| + | 1779825599 |
| values.vmFromGame: | |
| - | "eth:0x6463dEE3828677F6270d83d45408044fc5eDB908" |
| values.wethFromGame: | |
| - | "eth:0x2453c1216E49704d84eA98a4daCd95738F2fC8Ec" |
| fieldMeta.retirementTimestamp: | |
| + | {"severity":"HIGH"} |
| fieldMeta.disputeGameFinalityDelaySeconds: | |
| + | {"severity":"HIGH"} |
| implementationNames.eth:0x36398155Cd17cfe804F69b233eDDA800DD4D5aA5: | |
| - | "AnchorStateRegistry" |
| implementationNames.eth:0x4483F964F6711Cb55f633820ED174E780369b99D: | |
| + | "AnchorStateRegistry" |
| usedTypes.0.arg.621: | |
| + | "AggregateVerifier" |
| } |
| + | Status: CREATED |
| contract HistoryStorage (eth:0x0000F90827F1C53a10cb7A02335B175320002935) [N/A] | |
| +++ description: EIP-2935 system contract storing the last 8191 L1 blockhashes. Bytecode is canonical to the EIP, deployed at the same address across networks. |
| + | Status: CREATED |
| contract TimelockController (eth:0x0b144E07A0826182B6b59788c34b32Bfa86Fb711) [global/TimelockController] | |
| +++ description: A timelock with access control. The current minimum delay is 3d. |
| + | Status: CREATED |
| contract TEEProverRegistry (eth:0x1af2A7E537DE2eE795DE5B8BfbB1Ad0DD513A5aA) [base/TEEProverRegistry] | |
| +++ description: Registry of authorized TEE enclave signers and proposer addresses used by the TEEVerifier. Owner can add or remove allowlisted proposers via setProposer (onlyOwner) and set the AggregateVerifier game type lookup. Owner and Manager can register or deregister enclave signers via registerSigner / deregisterSigner. Registration requires a Risc0 ZK proof of a valid AWS Nitro attestation document verified by the NITRO_VERIFIER. |
| + | Status: CREATED |
| contract RiscZeroVerifierEmergencyStop (eth:0x1efDd13f831ceeEa14940806705A53D3211CD698) [risc0/RiscZeroVerifierEmergencyStop] | |
| +++ description: A verifier wrapper for the eth:0xafB31f5b70623CDF4b20Ada3f7230916A5A79df9 that allows pausing (emergency stop) the verifier by its owner. |
| + | Status: CREATED |
| contract TEEVerifier (eth:0x1FbA0C57b07Af804A9717e51dec9CC27FBC12228) [base/TEEVerifier] | |
| +++ description: Stateless verifier that validates AggregateVerifier TEE proofs by recovering an ECDSA signature over the journal and checking the recovered signer against TEEProverRegistry. Enforces PCR0 match by comparing the signer's registered image hash to the AggregateVerifier's TEE_IMAGE_HASH. Can be permanently nullified by a successful AggregateVerifier.nullify call. |
| + | Status: CREATED |
| contract RiscZeroGroth16Verifier (eth:0x20ff7C2Cf391a5F096A2Cc181cb41916680f8E97) [taiko/RiscZeroGroth16Verifier] | |
| +++ description: Verifier contract for RISC Zero Groth16 proofs (version 2.0.0-rc.3). |
| + | Status: CREATED |
| contract RiscZeroGroth16Verifier (eth:0x2a098988600d87650Fb061FfAff08B97149Fa84D) [taiko/RiscZeroGroth16Verifier] | |
| +++ description: Verifier contract for RISC Zero Groth16 proofs (version 3.0.0). |
| + | Status: CREATED |
| contract Safe (eth:0x2E5bcc9959dB5F5016F830E47943b07242CB2609) [GnosisSafe] | |
| +++ description: None |
| + | Status: CREATED |
| contract RiscZeroVerifierEmergencyStop (eth:0x44c220f0598345195cE99AD6A57aDfFcb9Ea33e7) [risc0/RiscZeroVerifierEmergencyStop] | |
| +++ description: A verifier wrapper for the eth:0xf70aBAb028Eb6F4100A24B203E113D94E87DE93C that allows pausing (emergency stop) the verifier by its owner. |
| + | Status: CREATED |
| contract RiscZeroSetVerifier (eth:0x5005aBa3DFf7C940fcc1e48DccCAD611a80eEB85) [risc0/RiscZeroSetVerifier] | |
| +++ description: Set verifier contract for RISC Zero proofs (version 0.9.0). It allows verifying a whole set of proofs identified with a Merkle root at once, afterwards each individual proof could be efficiently verified just by checking Merkle inclusion against the verified root. |
| + | Status: CREATED |
| contract RiscZeroGroth16Verifier (eth:0x54aCE3ED46529B4d4F3770C8Bad5dDC48717B9bF) [N/A] | |
| +++ description: None |
| + | Status: CREATED |
| contract RiscZeroVerifierEmergencyStop (eth:0x68dC2cB4e61774873971c499D9b239ec5Ac540E3) [risc0/RiscZeroVerifierEmergencyStop] | |
| +++ description: A verifier wrapper for the eth:0x20ff7C2Cf391a5F096A2Cc181cb41916680f8E97 that allows pausing (emergency stop) the verifier by its owner. |
| + | Status: CREATED |
| contract NitroEnclaveVerifier (eth:0x7F3a16E1fe6Fda64c5AC4296E13ECB9F7B44F6fb) [base/NitroEnclaveVerifier] | |
| +++ description: ZK-based verifier of AWS Nitro Enclave attestation documents. Used by TEEProverRegistry to validate new enclave signer registrations against the AWS Nitro PKI. |
| + | Status: CREATED |
| contract RiscZeroVerifierEmergencyStop (eth:0x844D5f01161E3559d36f23d0Aa9E9620949aF782) [risc0/RiscZeroVerifierEmergencyStop] | |
| +++ description: A verifier wrapper for the eth:0x5005aBa3DFf7C940fcc1e48DccCAD611a80eEB85 that allows pausing (emergency stop) the verifier by its owner. |
| + | Status: CREATED |
| contract RiscZeroVerifierRouter (eth:0x8EaB2D97Dfce405A1692a21b3ff3A172d593D319) [risc0/RiscZeroVerifierRouter] | |
| +++ description: A router proxy that routes to verifiers based on selectors. The mapping can be changed by a permissioned owner (eth:0x0b144E07A0826182B6b59788c34b32Bfa86Fb711). |
| + | Status: CREATED |
| contract RiscZeroVerifierEmergencyStop (eth:0x9F9994Eb4Cb5200198FEfb470f8b50301662e696) [risc0/RiscZeroVerifierEmergencyStop] | |
| +++ description: A verifier wrapper for the eth:0x2a098988600d87650Fb061FfAff08B97149Fa84D that allows pausing (emergency stop) the verifier by its owner. |
| + | Status: CREATED |
| contract RiscZeroGroth16Verifier (eth:0xafB31f5b70623CDF4b20Ada3f7230916A5A79df9) [taiko/RiscZeroGroth16Verifier] | |
| +++ description: Verifier contract for RISC Zero Groth16 proofs (version 2.2.0). |
| + | Status: CREATED |
| contract SP1Verifier (eth:0xb69f2584CBcFf99a58C4e7002E8b89Af54a6f4e2) [succinct/SP1Verifier] | |
| +++ description: Verifier contract for SP1 proofs (v6.1.0). |
| + | Status: CREATED |
| contract ZkVerifier (eth:0xB88D95bDf6972508942d184866890c1834219B75) [base/ZkVerifier] | |
| +++ description: Thin router that forwards SP1 ZK proof verification from the AggregateVerifier game to the SP1 verifier gateway. Can be permanently nullified by a successful AggregateVerifier.nullify call. |
| + | Status: CREATED |
| contract DelayedWETH (eth:0xd0D07924AdD740a87e41Ca8A0d4CBBf6b074EF71) [opstack/DelayedWETH] | |
| +++ description: Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds. |
| + | Status: CREATED |
| contract RiscZeroVerifierEmergencyStop (eth:0xDa8f3de6fBBdb261Ac771B813a578A7aBdA6B2b1) [risc0/RiscZeroVerifierEmergencyStop] | |
| +++ description: A verifier wrapper for the eth:0x54aCE3ED46529B4d4F3770C8Bad5dDC48717B9bF that allows pausing (emergency stop) the verifier by its owner. |
| + | Status: CREATED |
| contract SP1VerifierGateway (eth:0xdc32E228636273285Befa5F001dBB5142517C106) [succinct/SP1VerifierGateway] | |
| +++ description: This contract is the router for zk proof verification. It stores the mapping between identifiers and the address of onchain verifier contracts, routing each identifier to the corresponding verifier contract. |
| + | Status: CREATED |
| contract AggregateVerifier (eth:0xeEcb8A5944B217585817E802702b1262a049D259) [opstack/AggregateVerifier] | |
| +++ description: Game type implementation that combines a TEE attestation arm and a ZK proof arm. A single un-nullified proof of either type can resolve a game (PROOF_THRESHOLD = 1). When both arms commit, the finalization window collapses from SLOW_FINALIZATION_DELAY (7d) to FAST_FINALIZATION_DELAY (1d). |
| + | Status: CREATED |
| contract RiscZeroGroth16Verifier (eth:0xf70aBAb028Eb6F4100A24B203E113D94E87DE93C) [N/A] | |
| +++ description: None |
2026 May 19, 13:53 UTC8changesBase Multisig 1: 4 signers swapped (4 added, 4 removed). Threshold unchanged at 3.
Base Multisig 1: 4 signers swapped (4 added, 4 removed). Threshold unchanged at 3.
| contract Base Multisig 1 (eth:0x14536667Cd30e52C0b458BaACcB9faDA7046E056) [GnosisSafe] { | |
| +++ description: None | |
| values.$members.0: | |
| + | "eth:0xD56C6462DC3A943596c7a54d6B0Dba404490E206" |
| values.$members.1: | |
| + | "eth:0x8faB0B6b31A0b50A2c3d1FFBE6C0e1125699aE9d" |
| values.$members.2: | |
| + | "eth:0x0c1Ea3aCA9fc2cFa3640fec98a3214A849715b43" |
| values.$members.3: | |
| + | "eth:0x082Cc00d1031a57d53496aBf6dAD8A6247159452" |
| values.$members.3: | |
| - | "eth:0x4427683AA1f0ff25ccDC4a5Db83010c1DE9b5fF4" |
| values.$members.4: | |
| - | "eth:0xA31E1c38d5c37D8ECd0e94C80C0F7FD624d009A3" |
| values.$members.6: | |
| - | "eth:0x24c3AE1AeDB8142D32BB6d3B988f5910F272D53b" |
| values.$members.9: | |
| - | "eth:0x5468985B560D966dEDEa2DAF493f5756101137DC" |
| } |
Users can force any transaction
Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly.
Forced messaging
If the user experiences censorship from the operator with regular L2->L1 messaging they can submit their messages directly on L1. The system is then obliged to service this request or halt all messages, including forced withdrawals from L1 and regular messages initiated on L2. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular message.
EVM compatible smart contracts are supported
OP stack chains are pursuing the EVM Equivalence model. No changes to smart contracts are required regardless of the language they are written in, i.e. anything deployed on L1 can be deployed on L2.
Ethereum
Actors:
A Multisig with 2/2 threshold.
- Can upgrade with no delay
- OptimismMintableERC20Factory ProxyAdmin
- TEEProverRegistry ProxyAdmin
- L1StandardBridge ProxyAdmin
- DisputeGameFactory ProxyAdmin
- OptimismPortal2 ProxyAdmin
- L1ERC721Bridge ProxyAdmin
- DelayedWETH ProxyAdmin
- SystemConfig ProxyAdmin
- L1CrossDomainMessenger ProxyAdmin
- AnchorStateRegistry ProxyAdmin
- SuperchainConfig ProxyAdmin
- DelayedWETH ProxyAdmin
- Can interact with AddressManager
- set and change address mappings ProxyAdmin
- Can interact with SuperchainConfig
- Allowed to pause withdrawals. In op stack systems with a proof system, the Guardian can also blacklist dispute games and set the respected game type (permissioned / permissionless)
- Can interact with SP1VerifierGateway
A Multisig with 3/5 threshold.
- Can interact with TimelockController
- cancel queued transactions
- execute transactions that are ready
- manage all access control roles with 3d delay TimelockController with 3d delay
- propose transactions
- Can interact with RiscZeroVerifierEmergencyStop
- pause the verifier
- Can interact with RiscZeroVerifierEmergencyStop
- pause the verifier
- Can interact with RiscZeroVerifierEmergencyStop
- pause the verifier
- Can interact with RiscZeroVerifierRouter
- add/remove verifiers and the selectors they are mapped to with 3d delay TimelockController with 3d delay
- Can interact with RiscZeroVerifierEmergencyStop
- pause the verifier
- Can interact with RiscZeroVerifierEmergencyStop
- pause the verifier
A Multisig with 8/11 threshold. Member of Base Governance Multisig.
A Multisig with 3/6 threshold. Member of Base Governance Multisig.
- Can interact with SystemConfig
- Allowed to commit transactions from the current layer to the host chain
Base Chain
Actors:
- Can upgrade with no delay
- L2CrossDomainMessenger ProxyAdmin
- L2StandardBridge ProxyAdmin
- SequencerFeeVault ProxyAdmin
- OptimismMintableERC20Factory ProxyAdmin
- L1BlockNumber ProxyAdmin
- L2ERC721Bridge ProxyAdmin
- L1Block ProxyAdmin
- L2ToL1MessagePasser ProxyAdmin
- OptimismMintableERC721Factory ProxyAdmin
- ProxyAdmin ProxyAdmin
- BaseFeeVault ProxyAdmin
- L1FeeVault ProxyAdmin
- SchemaRegistry ProxyAdmin
- EAS ProxyAdmin
- Can upgrade with no delay
- FeeDisburser
Ethereum
The dispute game factory allows the creation of dispute games, used to propose state roots and eventually challenge them. This variant exposes per-type reads only; the legacy array views (gameImpls[], initBonds[]) were removed in the new implementation.
- Roles:
- admin: ProxyAdmin; ultimately Base Governance Multisig
Base’s own SuperchainConfig, used to manage pause states for the Base chain. The guardian and incident responder roles are immutable and set at construction time. The guardian can pause, unpause, and extend pauses, while the incident responder can only pause. Each pause automatically expires after 3 months.
- Roles:
- admin: ProxyAdmin; ultimately Base Governance Multisig
- guardian: Base Governance Multisig
- incident_responder: Base Multisig 1
The main entry point to deposit ERC20 tokens from host chain to this chain.
- Roles:
- admin: ProxyAdmin; ultimately Base Governance Multisig
All supported tokens in this escrow are included in the value secured calculation.
Used to bridge ERC-721 tokens from host chain to this chain.
- Roles:
- admin: ProxyAdmin; ultimately Base Governance Multisig
Sends messages from host chain to this chain, and relays messages back onto host chain. In the event that a message sent from host chain to this chain is rejected for exceeding this chain’s epoch gas limit, it can be resubmitted via this contract’s replay function.
- Roles:
- admin: ProxyAdmin; ultimately Base Governance Multisig
- Roles:
- owner: Base Governance Multisig
A helper contract that generates OptimismMintableERC20 contracts on the network it’s deployed to. OptimismMintableERC20 is a standard extension of the base ERC20 token contract designed to allow the L1StandardBridge contracts to mint and burn tokens. This makes it possible to use an OptimismMintableERC20 as this chain’s representation of a token on the host chain, or vice-versa.
- Roles:
- admin: ProxyAdmin; ultimately Base Governance Multisig
A timelock with access control. The current minimum delay is 3d.
- Roles:
- canceller: Safe
- defaultAdmin: TimelockController; ultimately Safe
- executor: Safe
- proposer: Safe
Registry of authorized TEE enclave signers and proposer addresses used by the TEEVerifier. Owner can add or remove allowlisted proposers via setProposer (onlyOwner) and set the AggregateVerifier game type lookup. Owner and Manager can register or deregister enclave signers via registerSigner / deregisterSigner. Registration requires a Risc0 ZK proof of a valid AWS Nitro attestation document verified by the NITRO_VERIFIER.
- Roles:
- admin: ProxyAdmin; ultimately Base Governance Multisig
Stateless verifier that validates AggregateVerifier TEE proofs by recovering an ECDSA signature over the journal and checking the recovered signer against TEEProverRegistry. Enforces PCR0 match by comparing the signer’s registered image hash to the AggregateVerifier’s TEE_IMAGE_HASH. Can be permanently nullified by a successful AggregateVerifier.nullify call.
Set verifier contract for RISC Zero proofs (version 0.9.0). It allows verifying a whole set of proofs identified with a Merkle root at once, afterwards each individual proof could be efficiently verified just by checking Merkle inclusion against the verified root.
Same as FaultDisputeGame, but only two permissioned addresses are designated as proposer and challenger.
Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds.
- Roles:
- admin: ProxyAdmin; ultimately Base Governance Multisig
Simple escrow that accepts tokens and allows to configure permissioned addresses that can access the tokens.
ZK-based verifier of AWS Nitro Enclave attestation documents. Used by TEEProverRegistry to validate new enclave signer registrations against the AWS Nitro PKI.
A router proxy that routes to verifiers based on selectors. The mapping can be changed by a permissioned owner (TimelockController).
- Roles:
- owner: TimelockController; ultimately Safe
Contains the latest confirmed state root that can be used as a starting point in a dispute game. This variant stores respectedGameType, retirementTimestamp, and disputeGameFinalityDelaySeconds locally and drops the legacy *FromGame fields, since the AggregateVerifier model does not expose vm()/weth()/absolutePrestate() on its game implementation.
- Roles:
- admin: ProxyAdmin; ultimately Base Governance Multisig
Escrow for custom external tokens that use the canonical bridge for messaging but are governed externally.
Custom bridge for USDS and sUSDS managed by Sky governance.
Thin router that forwards SP1 ZK proof verification from the AggregateVerifier game to the SP1 verifier gateway. Can be permanently nullified by a successful AggregateVerifier.nullify call.
Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds.
- Roles:
- admin: ProxyAdmin; ultimately Base Governance Multisig
Game type implementation that combines a TEE attestation arm and a ZK proof arm. A single un-nullified proof of either type can resolve a game (PROOF_THRESHOLD = 1). When both arms commit, the finalization window collapses from SLOW_FINALIZATION_DELAY (7d) to FAST_FINALIZATION_DELAY (1d).
Base Chain
Contract used to disburse funds from system FeeVault contracts, shares revenue with Optimism and bridges the rest of funds to L1.
- Roles:
- admin: EOA 2
The L2CrossDomainMessenger (L2xDM) contract sends messages from L2 to L1, and relays messages from L1 onto L2 with a system tx. In the event that a message sent from L2 to L1 is rejected for exceeding the L1 gas limit, it can be resubmitted via this contract’s replay function.
- Roles:
- admin: ProxyAdmin; ultimately Base Governance Multisig - L2 Alias
Contracts to register schemas for the Ethereum Attestation Service (EAS).
- Roles:
- admin: ProxyAdmin; ultimately Base Governance Multisig - L2 Alias
Contract containing the main logic for the Ethereum Attestation Service (EAS).
- Roles:
- admin: ProxyAdmin; ultimately Base Governance Multisig - L2 Alias
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. Upgrades must be approved by 2 parties: the Base Coordinator Multisig and the Base Security Council. There is no delay on upgrades.
Base Chain