Search

Search for projects by name

Base logoBase

Badges

About

Base is an Optimistic Rollup built with the OP Stack. It offers a low-cost and builder-friendly way for anyone, anywhere, to build onchain.


Value Locked
$9.95 B2.10%
Canonically Bridged
$2.99 B
Externally Bridged
$331.24 M
Natively Minted
$6.62 B

  • Tokens
  • Daily TPS
    87.0613.0%
  • 30D tx count
    201.86 M

  • Stage
    Stage 0
  • Type
    Optimistic Rollup
  • Purpose
    Universal
  • Sequencer failureState validationData availabilityExit windowProposer failure

    Badges

    About

    Base is an Optimistic Rollup built with the OP Stack. It offers a low-cost and builder-friendly way for anyone, anywhere, to build onchain.


    Value Locked
    Activity
    Onchain costs
    Milestones & Incidents

    Fault proofs!

    2024 Oct 30th

    Base upgrades to OP stack fault proofs for state proving.

    Learn more

    Base starts using blobs

    2024 Mar 14th

    Base starts publishing data to blobs.

    Learn more
    Risk summary
    Risk analysis
    Sequencer failureState validationData availabilityExit windowProposer failure

    Sequencer failure

    Self sequence

    In the event of a sequencer failure, users can force transactions to be included in the project’s chain by sending them to L1. There is a 12h delay on this operation.

    State validation

    Fraud proofs (INT)

    Fraud proofs allow actors watching the chain to prove that the state is incorrect. Interactive proofs (INT) require multiple transactions over time to resolve.

    Data availability

    Onchain

    All of the data needed for proof construction is published on Ethereum L1.

    Exit window

    None

    There is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.

    Proposer failure

    Self propose

    Anyone can be a Proposer and propose new roots to the L1 bridge.

    Rollup stage
    BaseBase is a
    Stage 0
    Optimistic Rollup.

    Learn more about Rollup stages
    Please keep in mind that these stages do not reflect rollup security, this is an opinionated assessment of rollup maturity based on subjective criteria, created with a goal of incentivizing projects to push toward better decentralization. Each team may have taken different paths to achieve this goal.
    Technology

    Fraud proofs ensure state correctness

    After some period of time, the published state root is assumed to be correct. For a certain time period, one of the whitelisted actors can submit a fraud proof that shows that the state was incorrect.

    • Funds can be stolen if no validator checks the published state. Fraud proofs assume at least one honest and able validator.

    1. DisputeGameFactory.sol - Etherscan source code, create() function
    2. FaultDisputeGame.sol - Etherscan source code, attack() function

    All data required for proofs is published on chain

    All the data that is used to construct the system state is published on chain in the form of cheap blobs or calldata. This ensures that it will be available for enough time.

    1. Derivation: Batch submission - OP Mainnet specs
    2. BatchInbox - Etherscan address
    3. OptimismPortal.sol - Etherscan source code, depositTransaction function
    State derivation
    Node software

    The rollup node is composed of two software components: op-node, implementing consensus related logic, and op-geth, implementing execution logic. The configuration file can be found here.

    Compression scheme

    Data batches are compressed using the zlib algorithm with best compression level.

    Genesis state

    The genesis file can be found here.

    Data format

    The format specification of Sequencer’s data batches can be found here.

    State validation

    Updates to the system state can be proposed and challenged by anyone who has sufficient funds. If a state root passes the challenge period, it is optimistically considered correct and made actionable for withdrawals.


    State root proposals

    Proposers submit state roots as children of the latest confirmed state root (called anchor state), by calling the create function in the DisputeGameFactory. A state root can have multiple conflicting children. Each proposal requires a stake, currently set to 0.08 ETH, that can be slashed if the proposal is proven incorrect via a fraud proof. Stakes can be withdrawn only after the proposal has been confirmed. A state root gets confirmed if the challenge period has passed and it is not countered.

    1. OP stack specification: Fault Dispute Game
    Challenges

    Challenges are opened to disprove invalid state roots using bisection games. Each bisection move requires a stake that increases expontentially with the depth of the bisection, with a factor of 1.09493. The maximum depth is 73, and reaching it therefore requires a cumulative stake of 691.43 ETH from depth 0. Actors can participate in any challenge by calling the defend or attack functions, depending whether they agree or disagree with the latest claim and want to move the bisection game forward. Actors that disagree with the top-level claim are called challengers, and actors that agree are called defenders. Each actor might be involved in multiple (sub-)challenges at the same time, meaning that the protocol operates with full concurrency. Challengers and defenders alternate in the bisection game, and they pass each other a clock that starts with 3d 12h. If a clock expires, the claim is considered defeated if it was countered, or it gets confirmed if uncountered. Since honest parties can inherit clocks from malicious parties that play both as challengers and defenders (see freeloader claims), if a clock gets inherited with less than 3h, it generally gets extended by 3h with the exception of 6h right before depth 30, and 1d right before the last depth. The maximum clock extension that a top level claim can get is therefore 10d. Since unconfirmed state roots are independent of one another, users can decide to exit with a subsequent confirmed state root if the previous one is delayed. Winners get the entire losers’ stake, meaning that sybils can potentially play against each other at no cost. The final instruction found via the bisection game is then executed onchain in the MIPS one step prover contract who determines the winner. The protocol does not enforce valid bisections, meaning that actors can propose correct initial claims and then provide incorrect midpoints. The protocol can be subject to resource exhaustion attacks (Spearbit 5.1.3).

    1. Fraud Proof Wars: OPFP
    Operator

    The system has a centralized sequencer

    While forcing transaction is open to anyone the system employs a privileged sequencer that has priority for submitting transaction batches and ordering transactions.

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

    Users can force any transaction

    Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly.

    1. Sequencing Window - OP Mainnet Specs
    2. OptimismPortal.sol - Etherscan source code, depositTransaction function
    Withdrawals

    Regular exits

    The user initiates the withdrawal by submitting a regular transaction on this chain. When a state root containing such transaction is settled, the funds become available for withdrawal on L1 after 3d 12h. Withdrawal inclusion can be proven before state root settlement, but a 7d period has to pass before it becomes actionable. The process of state root settlement takes a challenge period of at least 3d 12h to complete. Finally the user submits an L1 transaction to claim the funds. This transaction requires a merkle proof.

    1. OptimismPortal.sol - Etherscan source code, proveWithdrawalTransaction function
    2. OptimismPortal.sol - Etherscan source code, finalizeWithdrawalTransaction function

    Forced exit

    If the user experiences censorship from the operator with regular exit they can submit their withdrawal requests directly on L1. The system is then obliged to service this request or halt all withdrawals, including forced withdrawals from L1 and regular withdrawals initiated on L2. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular exit.

    1. Forced withdrawal from an OP Stack blockchain
    Other considerations

    EVM compatible smart contracts are supported

    OP stack chains are pursuing the EVM Equivalence model. No changes to smart contracts are required regardless of the language they are written in, i.e. anything deployed on L1 can be deployed on L2.

    1. Introducing EVM Equivalence
    Permissions

    The system uses the following set of permissioned addresses:

    Guardian is an actor allowed to pause deposits and withdrawals.

    Sequencer EOA 1

    Sequencer is an actor allowed to commit transactions from the current layer to the host chain.

    LivenessModule 0x0454…a748
    • Can act on behalf of SecurityCouncilMultisig.
    • Is a Guardian (acting via SuperchainGuardianMultisig, SecurityCouncilMultisig).
    • used to remove members inactive for 98d while making sure that the threshold remains above 75%. If the number of members falls below 8, the OpFoundationUpgradeSafe takes ownership of the multisig

    Used in:

    BaseMultisig2 0x1453…E056
    • This is a Gnosis Safe with 3 / 11 threshold.
    • Can change the configuration of SystemConfig - it can update the preconfer address, the batch submitter (Sequencer) address and the gas configuration of the system.
    SuperchainProxyAdminOwner 0x5a0A…3d2A
    • This is a Gnosis Safe with 2 / 2 threshold.
    • Can act on behalf of SuperchainProxyAdmin.
    • Can change the configuration of Lib_AddressManager (acting via SuperchainProxyAdmin) - set and change address mappings.
    • Can upgrade the implementation of SuperchainConfig (acting via SuperchainProxyAdmin).

    Used in:

    SuperchainProxyAdminOwner participants (2) OpFoundationUpgradeSafeSecurityCouncilMultisig

    Those are the participants of the SuperchainProxyAdminOwner.

    BaseAdminMultisig 0x7bB4…595c
    • This is a Gnosis Safe with 2 / 2 threshold.
    • Can act on behalf of ProxyAdmin.
    • Can change the configuration of AddressManager (acting via ProxyAdmin) - set and change address mappings.
    • Can upgrade the implementation of OptimismMintableERC20Factory, DelayedWETH_PermissionedGames, DisputeGameFactory, OptimismPortal, L1ERC721Bridge, SystemConfig, DelayedWETH_PermissionlessGames, AnchorStateRegistry (acting via ProxyAdmin).
    • Can upgrade the implementation of L1StandardBridge (acting via ProxyAdmin) - upgrading the bridge implementation can give access to all funds escrowed therein.
    BaseAdminMultisig participants (2) BaseMultisig1OpFoundationOperationsSafe

    Those are the participants of the BaseAdminMultisig.

    OpFoundationOperationsSafe 0x9BA6…6b3A
    • This is a Gnosis Safe with 5 / 7 threshold.
    • Member of BaseAdminMultisig.
    • Can act on behalf of DeputyGuardianModule.
    • Is a Guardian (acting via SuperchainGuardianMultisig, DeputyGuardianModule).

    Used in:

    Those are the participants of the OpFoundationOperationsSafe.

    SecurityCouncilMultisig 0xc281…Bd03
    • This is a Gnosis Safe with 10 / 13 threshold. It uses the following modules: LivenessModule (used to remove members inactive for 98d while making sure that the threshold remains above 75%. If the number of members falls below 8, the OpFoundationUpgradeSafe takes ownership of the multisig).
    • Member of SuperchainGuardianMultisig, SuperchainProxyAdminOwner.
    • Is a Guardian (acting via SuperchainGuardianMultisig).

    Used in:

    SuperchainGuardianMultisig 0x09f7…dAf2
    • This is a Gnosis Safe with 1 / 1 threshold. It uses the following modules: DeputyGuardianModule (allows the OpFoundationOperationsSafe, called the deputy guardian, to act on behalf of the Gnosis Safe).
    • Can act as a Guardian.

    Used in:

    SuperchainGuardianMultisig participants (1) SecurityCouncilMultisig

    Those are the participants of the SuperchainGuardianMultisig.

    GnosisSafe 0x42d2…9c64
    • This is a Gnosis Safe with 2 / 2 threshold.
    • Member of OpFoundationUpgradeSafe, OpFoundationOperationsSafe.

    Used in:

    GnosisSafe participants (2) 0xb237…97A50x4665…7429

    Those are the participants of the GnosisSafe.

    OpFoundationUpgradeSafe 0x847B…9D92
    • This is a Gnosis Safe with 5 / 7 threshold.
    • Member of SuperchainProxyAdminOwner.

    Used in:

    Those are the participants of the OpFoundationUpgradeSafe.

    BaseMultisig1 0x9855…46A1
    • This is a Gnosis Safe with 3 / 6 threshold.
    • Member of BaseAdminMultisig.

    Those are the participants of the BaseMultisig1.

    Smart contracts
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    The system consists of the following smart contracts on the host chain (Ethereum):

    ProxyAdmin 0x0475…059E
    • Can be used to configure AddressManager - set and change address mappings.
    • Can be used to upgrade implementation of OptimismMintableERC20Factory, DelayedWETH_PermissionedGames, DisputeGameFactory, OptimismPortal, L1ERC721Bridge, SystemConfig, DelayedWETH_PermissionlessGames, AnchorStateRegistry.
    • Can be used to upgrade implementation of L1StandardBridge - upgrading the bridge implementation can give access to all funds escrowed therein.

    A helper contract that generates OptimismMintableERC20 contracts on the network it’s deployed to. OptimismMintableERC20 is a standard extension of the base ERC20 token contract designed to allow the L1StandardBridge contracts to mint and burn tokens. This makes it possible to use an OptimismMintablERC20 as this chain’s representation of a token on the host chain, or vice-versa.

    Can be upgraded by:

    Upgrade delay: No delay

    Implementation used in:

    The MIPS contract is used to execute the final step of the dispute game which objectively determines the winner of the dispute.

    Implementation used in:

    PermissionedDisputeGame 0x1900…986e

    Same as FaultDisputeGame, but only two permissioned addresses are designated as proposer and challenger.

    LivenessGuard 0x2442…4a25

    Implementation used in:

    The main entry point to deposit ERC20 tokens from host chain to this chain. This contract can store any token. This contract can store any token.

    Can be upgraded by:

    Upgrade delay: No delay

    Implementation used in:

    DelayedWETH_PermissionedGames 0x3E8a…1321Implementation (Upgradable)Admin

    Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds.

    Can be upgraded by:

    Upgrade delay: No delay

    Implementation used in:

    The dispute game factory allows the creation of dispute games, used to propose state roots and eventually challenge them.

    Can be upgraded by:

    Upgrade delay: No delay

    Implementation used in:

    The OptimismPortal contract is the main entry point to deposit funds from L1 to L2. It also allows to prove and finalize withdrawals. It specifies which game type can be used for withdrawals, which currently is the FaultDisputeGame. This contract stores the following tokens: ETH.

    Can be upgraded by:

    Upgrade delay: No delay

    Implementation used in:

    SuperchainProxyAdmin 0x543b…fB04
    • Can be used to configure Lib_AddressManager - set and change address mappings.
    • Can be used to upgrade implementation of SuperchainConfig.

    Implementation used in:

    Used to bridge ERC-721 tokens from host chain to this chain.

    Can be upgraded by:

    Upgrade delay: No delay

    Implementation used in:

    Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.

    Can be upgraded by:

    Upgrade delay: No delay

    Implementation used in:

    Sends messages from host chain to this chain, and relays messages back onto host chain. In the event that a message sent from host chain to this chain is rejected for exceeding this chain’s epoch gas limit, it can be resubmitted via this contract’s replay function.

    Implementation used in:

    AddressManager 0x8EfB…BaE2

    Legacy contract used to manage a mapping of string names to addresses. Modern OP stack uses a different standard proxy system instead, but this contract is still necessary for backwards compatibility with several older contracts.

    Used to manage global configuration values for multiple OP Chains within a single Superchain network. The SuperchainConfig contract manages the PAUSED_SLOT, a boolean value indicating whether the Superchain is paused, and GUARDIAN_SLOT, the address of the guardian which can pause and unpause the system.

    Can be upgraded by:

    Upgrade delay: No delay

    Proxy used in:

    PreimageOracle 0x9c06…E277

    The PreimageOracle contract is used to load the required data from L1 for a dispute game.

    Implementation used in:

    Escrow for custom external tokens that use the canonical bridge for messaging but are governed externally. This contract stores the following tokens: wstETH.

    DelayedWETH_PermissionlessGames 0xa2f2…FFE8Implementation (Upgradable)Admin

    Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds.

    Can be upgraded by:

    Upgrade delay: No delay

    Implementation used in:

    FaultDisputeGame 0xCd3c…007C

    Logic of the dispute game. When a state root is proposed, a dispute game contract is deployed. Challengers can use such contracts to challenge the proposed state root.

    Contains the latest confirmed state root that can be used as a starting point in a dispute game.

    Can be upgraded by:

    Upgrade delay: No delay

    Lib_AddressManager 0xdE1F…d81F

    Legacy contract used to manage a mapping of string names to addresses. Modern OP stack uses a different standard proxy system instead, but this contract is still necessary for backwards compatibility with several older contracts.

    Implementation used in:

    Value Locked is calculated based on these smart contracts and tokens:

    Implementation used in:

    Implementation used in:

    wstETH Vault for custom wstETH Gateway. Fully controlled by Lido governance.

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. Upgrades must be approved by both the BaseMultisig1 and the OpFoundationOperationsSafe. There is no delay on upgrades.