Celo

There are impactful changes and part of the information might be outdated.

Badges

About

Celo is an Ethereum Optimium based on the OP stack, scaling real-world solutions & leading a thriving new digital economy for all.

Total Value SecuredTVS

$265.99 M5.09%

Past day UOPSDaily UOPS

11.679.98%

Stage

Gas token

CELO

Type

Optimium

Purpose

Universal

Chain ID

42220

Tokens breakdown

Value secured breakdown

9.74% with additional trust assumptions

View TVS breakdown

Interop protocols used

+5 more

Tokens transferred

+18 more

Sequencer failureState validationData availabilityExit windowProposer failure

Explore more in Discovery UI

Badges

About

Celo is an Ethereum Optimium based on the OP stack, scaling real-world solutions & leading a thriving new digital economy for all.

Value Secured View TVS breakdown

Exclude restricted RWA tokens

Total

Canonically BridgedCanonically Bridged ValueCanonical

Natively MintedNatively Minted TokensNative

Externally BridgedExternally Bridged ValueExternal

ETH & derivatives

Stablecoins

BTC & derivatives

Other

View TVS breakdown

Volume and flows Explore Interop

15/21Chains

+10

Avg value per second ≈ $10.65 K|1 particle ≈ $100

Chain stats

Stats

Total volume$134.40 K

Volume in$40.30 K

Volume out$94.10 K

Net flow-$53.79 K

Total transfers333

Transfers in263

Transfers out70

Avg. transfer value$403.62

Connected8 chains

Avg. value per second$1.55/s

Top routes

Top tokens

Top bridges

2025 Jun 12 — 2026 Jun 12

Past Day UOPS

11.679.98%

Past Day Ops count

1.00 M

Max. UOPS

23.74

2026 Apr 12

Past day UOPS/TPS Ratio

<1.01

Onchain costs

The section shows the operating costs that L2s pay to Ethereum.

2025 Jun 12 — 2026 Jun 12

Total cost

$15.98 K

Avg cost per L2 UOP

$0.000032

Avg cost per day

$43.67

Data posted

This section shows how much data the project publishes to its data-availability (DA) layer over time. The project currently posts data toEthereum EigenDA.

Data source: API provided by EigenLayer

2025 Jun 12 — 2026 Jun 12

Data posted

104.58 GiB

Avg size per day

293.38 MiB

Avg size per L2 UOP

225.53 B

Liveness

This section shows how "live" the project's operators are by displaying how frequently they submit transactions of the selected type. It also highlights anomalies - significant deviations from their typical schedule.

No ongoing anomalies detected

2026 May 13 — Jun 12

Avg. tx data subs. interval

6 minutes

Avg. state updates interval

30 minutes

Past 30 days anomalies

97% normal uptime

Last 30 day anomalies

All liveness anomalies detected for this project in the last 30 days, helping you review recent downtime and availability issues.

No Tx data submissions were performed for 7h 15m (from 2026 Jun 05, 13:49 UTC until 2026 Jun 05, 21:04 UTC). These typically occur every 6min 28s on average.

No State updates were performed for 7h 34m 24s (from 2026 Jun 05, 13:27 UTC until 2026 Jun 05, 21:02 UTC). These typically occur every 30min 17s on average.

No State updates were performed for 4h 3m (from 2026 May 19, 09:54 UTC until 2026 May 19, 13:57 UTC). These typically occur every 30min 17s on average.

No State updates were performed for 4h 39m 24s (from 2026 May 18, 12:53 UTC until 2026 May 18, 17:32 UTC). These typically occur every 30min 17s on average.

Milestones & Incidents

Jello hardfork activates OP Succinct Lite

2025 Dec 10th

Celo implements OP Succinct Lite, introducing ZK proofs for dispute resolution and DA verification.

Learn more

Celo becomes an Ethereum L2

2025 Mar 26th

Celo migrates from an L1 to an L2 architecture on Ethereum and EigenDA.

Learn more

Risk summary

The project relies on program hashes that could not be successfully reproduced from their published sources.

(CRITICAL)

Sequencer failureState validationData availabilityExit windowProposer failure

Sequencer failure

Self sequence

In the event of a sequencer failure, users can force transactions to be included in the project’s chain by sending them to L1. There can be up to a 12h delay on this operation.

State validation

Fraud proofs (1R, ZK)

Fraud proofs allow actors watching the chain to prove that the state is incorrect. Single round proofs (1R) only require a single transaction to resolve. ZK proofs are used to prove the correctness of the state transition. The system currently operates with at least 5 whitelisted challengers external to the team.

Data availability

External

Proof construction and state derivation fully rely on data that is posted on EigenDA. The sequencer is publishing data to EigenDA v2. Sequencer transaction data roots are checked against the DACert Verifier data roots, signed off by EigenDA operators.

Exit window

None

There is no exit window for users to exit in case of unwanted upgrades as they are initiated by the Security Council with instant upgrade power and without proper notice.

Proposer failure

Cannot withdraw

Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.

Stage

Celo is a

Stage 0

Optimium.

Learn more about Stages

Please keep in mind that these stages do not reflect project security, this is an opinionated assessment of project maturity based on subjective criteria, created with a goal of incentivizing projects to push toward better decentralization. Each team may have taken different paths to achieve this goal.

Data availability

Data is posted to EigenDA

Transactions roots are posted onchain and the full data is posted on EigenDA. The sequencer is publishing data to EigenDA v2. The DACert Verifier is used to verify attestations from the EigenDA operator set that the data is indeed available. If EigenDA becomes unavailable, the sequencer falls back to Ethereum.

Funds can be lost if the sequencer posts an unavailable transaction root (CRITICAL).
Funds can be lost if the data is not available on the external provider (CRITICAL).

Learn more about the DA layer here:

EigenDA

State validation

Fraud proofs

State roots are proposed by whitelisted proposers who create dispute games via the DisputeGameFactory by posting a bond of 0.01 ETH. Once created, the game enters a challenge period of 3d 12h during which whitelisted challengers can dispute the proposal by posting a bond of 0.01 ETH. If challenged, anyone can submit a ZK proof to prove the correct state within the proving period of 1d. After the challenge period passes without a successful challenge, or after a valid proof is submitted, anyone can resolve the game and finalize the state root.

Funds can be stolen if the validity proof cryptography is broken or implemented incorrectly.
Funds can be stolen if the proposer routes proof verification through a malicious or faulty verifier.
Funds can be frozen if the permissioned proposer fails to publish state roots to the L1.

PROVER

SP1 Hypercube

Trusted Setups

Onchain verifier

SP1Verifier

Used in

Onchain verifier

SP1Verifier

Used in

Program Hashes

Name	Hash	Repository	Verification	Used in

	0x004f...0377	Code unknown
	0x1fff...7c2c	Code unknown

Upgrades & Governance

Past upgrades

The metrics include upgrades on the currently used proxy contracts. Historical proxy contracts and changes of such are not included.

Count of upgrades

Last upgrade

2mo 13d ago

Avg upgrade interval

3mo 16d

Updates

2026 April 24, 13:43 UTC

2changes

SystemConfig minBaseFee raised from 50 gwei to 100 gwei.

	contract SystemConfig (eth:0x89E31965D844a309231B1f17759Ccaf1b7c09861) {
	+++ description: Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.
	values.minBaseFee:
-	50000000000
+	100000000000
	}

2026 April 17, 13:47 UTC

3changes

New SP1 Hypercube Plonk v6.1.0 verifier (0xc3c6dDD) registered in SP1VerifierGateway with selector 0x5a093a2f. Added to activeVerifiers and allVerifiers ; SP1 proofs using this selector are now routed to the new contract. The verifier is the canonical Succinct deployment at that address on Ethereum mainnet (V6 1 0 SP1 VERIFIER PLONK). Registered in sp1hypercube catalog.

New SP1 Hypercube Plonk v6.1.0 verifier (0xc3c6dDD) registered in SP1VerifierGateway with selector 0x5a093a2f. Added to activeVerifiers and allVerifiers; SP1 proofs using this selector are now routed to the new contract. The verifier is the canonical Succinct deployment at that address on Ethereum mainnet (V6_1_0_SP1_VERIFIER_PLONK). Registered in sp1hypercube catalog.

	contract SP1VerifierGateway (eth:0x3B6041173B80E77f038f3F2C0f9744f04837185e) {
	+++ description: This contract is the router for zk proof verification. It stores the mapping between identifiers and the address of onchain verifier contracts, routing each identifier to the corresponding verifier contract.
	+++ description: Verifiers that are routed to by their selector and not frozen.
	values.activeVerifiers.2:
+	{"selector":"0x5a093a2f","verifier":"eth:0xc3c6dDDAc8829b233Dc6536Ec024775a57b0AF2A"}
	+++ description: All verifiers that were ever routed to by this gateway.
	values.allVerifiers.11:
+	{"selector":"0x5a093a2f","verifier":"eth:0xc3c6dDDAc8829b233Dc6536Ec024775a57b0AF2A"}
	}

+	Status: CREATED
	contract SP1Verifier (eth:0xc3c6dDDAc8829b233Dc6536Ec024775a57b0AF2A)
	+++ description: None

2026 April 16, 09:28 UTC

5changes

SystemConfig minBaseFee raised from 25 gwei to 50 gwei. AccessManager (OPSuccinct proposer/challenger access control) owner transferred from an EIP-7702 delegator EOA (0x95FFAC, now deleted from discovery) to the Celo cLabs Multisig (0x9Eb44D).

	contract SystemConfig (eth:0x89E31965D844a309231B1f17759Ccaf1b7c09861) {
	+++ description: Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.
	values.minBaseFee:
-	25000000000
+	50000000000
	}

-	Status: DELETED
	EOA (eth:0x95FFAC468e37DdeEF407FfEf18f0cC9E86D8f13B)
	+++ description: None

	contract AccessManager (eth:0xF59a19c5578291cB7fd22618D16281aDf76f2816) {
	+++ description: Contract managing access control for proposers and challengers in OPSuccinct.
	values.owner:
-	"eth:0x95FFAC468e37DdeEF407FfEf18f0cC9E86D8f13B"
+	"eth:0x9Eb44Da23433b5cAA1c87e35594D15FcEb08D34d"
	}

2026 April 01, 15:28 UTC

High severity

170changes

Major upgrade to op-contracts v5.x. Two-phase upgrade executed on 2026-03-31. OptimismPortal2 v3.14→v5.1.1, SystemConfig v2.5→v3.11, L1CrossDomainMessenger v2.6→v2.11, L1StandardBridge v2.3→v2.8, L1ERC721Bridge v2.4→v2.9, DisputeGameFactory v1.0.1→v1.3. SuperchainConfigLocal replaced by CeloSuperchainConfig - all contracts now reference the new local superchain config (0x25035d). Guardian changed to Celo cLabs Multisig (0x9Eb44D). SystemConfig maximumGasLimit increased from 200M to 500M. New AnchorStateRegistry, DelayedWETH contracts, and redeployed dispute game implementations (FaultDisputeGame, PermissionedDisputeGame, OPSuccinctFaultDisputeGame). New MIPS64 contract. OptimismPortal2: diff SystemConfig: diff L1CrossDomainMessenger: diff L1StandardBridge: diff L1ERC721Bridge: diff DisputeGameFactory: diff OptimismMintableERC20Factory: diff MIPS (MIPS32→MIPS64): diff FaultDisputeGame: diff PermissionedDisputeGame: diff OPSuccinctFaultDisputeGame: diff

Major upgrade to op-contracts v5.x. Two-phase upgrade executed on 2026-03-31.

OptimismPortal2 v3.14→v5.1.1, SystemConfig v2.5→v3.11, L1CrossDomainMessenger v2.6→v2.11, L1StandardBridge v2.3→v2.8, L1ERC721Bridge v2.4→v2.9, DisputeGameFactory v1.0.1→v1.3. SuperchainConfigLocal replaced by CeloSuperchainConfig - all contracts now reference the new local superchain config (0x25035d). Guardian changed to Celo cLabs Multisig (0x9Eb44D). SystemConfig maximumGasLimit increased from 200M to 500M. New AnchorStateRegistry, DelayedWETH contracts, and redeployed dispute game implementations (FaultDisputeGame, PermissionedDisputeGame, OPSuccinctFaultDisputeGame). New MIPS64 contract.

OptimismPortal2: diff SystemConfig: diff L1CrossDomainMessenger: diff L1StandardBridge: diff L1ERC721Bridge: diff DisputeGameFactory: diff OptimismMintableERC20Factory: diff MIPS (MIPS32→MIPS64): diff FaultDisputeGame: diff PermissionedDisputeGame: diff OPSuccinctFaultDisputeGame: diff

	contract L1CrossDomainMessenger (eth:0x1AC1181fc4e4F877963680587AEAa2C90D7EbB95) {
	+++ description: Sends messages from host chain to this chain, and relays messages back onto host chain. In the event that a message sent from host chain to this chain is rejected for exceeding this chain's epoch gas limit, it can be resubmitted via this contract's replay function.
	sourceHashes.1:
-	"0x6831ab5545aca99fd05c64f6718bff61dc5cbdb7d5b248257ea6e95a132024c3"
+	"0x9db9942f58670bab2d2f04cd659483dd804b63208c5c83a704972a47b551b85e"
	values.$implementation:
-	"eth:0x807124F75FF2120b2f26D7e6f9e39C03ee9DE212"
+	"eth:0xE45D2d835d0b2D3C7f4fEe1eaa19A068d0ba8A88"
	values.$pastUpgrades.3:
+	["2026-03-31T07:05:23.000Z","0x66a97a8a6934d37b3ed077e788fb02fbce53e02ad7d95d3159ba6347ede395c8",["eth:0xA183A771B6c5F6e88cd351bBDC40E1ECD4521Cad"]]
	values.$pastUpgrades.4:
+	["2026-03-31T07:08:11.000Z","0xce8f5d953104dbe1a793fdcf76a16290f1c8765f87fcef729c2ad7e2e95a07dc",["eth:0xE45D2d835d0b2D3C7f4fEe1eaa19A068d0ba8A88"]]
	values.$upgradeCount:
-	3
+	5
	values.superchainConfig:
-	"eth:0xa440975E5A6BB19Bc3Bee901d909BB24b0f43D33"
+	"eth:0x25035d2233d099f0BA710ca1e5a3834842870C66"
	values.version:
-	"2.6.0"
+	"2.11.0"
	values.initVersion:
+	3
	values.proxyAdmin:
+	"eth:0x783A434532Ee94667979213af1711505E8bFE374"
	values.proxyAdminOwner:
+	"eth:0x4092A77bAF58fef0309452cEaCb09221e556E112"
	implementationNames.eth:0x807124F75FF2120b2f26D7e6f9e39C03ee9DE212:
-	"L1CrossDomainMessenger"
	implementationNames.eth:0xE45D2d835d0b2D3C7f4fEe1eaa19A068d0ba8A88:
+	"L1CrossDomainMessenger"
	}

-	Status: DELETED
	contract PermissionedDisputeGame (eth:0x25c2e07A24a74F9FA54f7CA5ddAfedB2264a5d02)
	+++ description: Same as FaultDisputeGame, but only two permissioned addresses are designated as proposer and challenger.

	contract L1ERC721Bridge (eth:0x3C519816C5BdC0a0199147594F83feD4F5847f13) {
	+++ description: Used to bridge ERC-721 tokens from host chain to this chain.
	sourceHashes.1:
-	"0x28669b49da3effd51f0f9424ca9cdd455c5b9327c09a40c65fc06f114a6eb837"
+	"0x75cd470a9d1c1afc343b599b1c14731f55bb36fe8a4e844ddb88a0b791918795"
	values.$implementation:
-	"eth:0x7aE1d3BD877a4C5CA257404ce26BE93A02C98013"
+	"eth:0x74f1aC50EB0BE98853805D381C884f5f9abDEcf9"
	values.$pastUpgrades.3:
+	["2026-03-31T07:05:23.000Z","0x66a97a8a6934d37b3ed077e788fb02fbce53e02ad7d95d3159ba6347ede395c8",["eth:0x7f1d12fB2911EB095278085f721e644C1f675696"]]
	values.$pastUpgrades.4:
+	["2026-03-31T07:08:11.000Z","0xce8f5d953104dbe1a793fdcf76a16290f1c8765f87fcef729c2ad7e2e95a07dc",["eth:0x74f1aC50EB0BE98853805D381C884f5f9abDEcf9"]]
	values.$upgradeCount:
-	3
+	5
	values.superchainConfig:
-	"eth:0xa440975E5A6BB19Bc3Bee901d909BB24b0f43D33"
+	"eth:0x25035d2233d099f0BA710ca1e5a3834842870C66"
	values.version:
-	"2.4.0"
+	"2.9.0"
	values.initVersion:
+	3
	values.proxyAdmin:
+	"eth:0x783A434532Ee94667979213af1711505E8bFE374"
	values.proxyAdminOwner:
+	"eth:0x4092A77bAF58fef0309452cEaCb09221e556E112"
	values.systemConfig:
+	"eth:0x89E31965D844a309231B1f17759Ccaf1b7c09861"
	implementationNames.eth:0x7aE1d3BD877a4C5CA257404ce26BE93A02C98013:
-	"L1ERC721Bridge"
	implementationNames.eth:0x74f1aC50EB0BE98853805D381C884f5f9abDEcf9:
+	"L1ERC721Bridge"
	}

	contract CeloProxyAdminOwner (eth:0x4092A77bAF58fef0309452cEaCb09221e556E112) {
	+++ description: None
	receivedPermissions.1:
-	{"permission":"interact","from":"eth:0x89E31965D844a309231B1f17759Ccaf1b7c09861","description":"it can update the preconfer address, the batch submitter (Sequencer) address and the gas configuration of the system.","role":".owner"}
	receivedPermissions.2:
-	{"permission":"interact","from":"eth:0xa316D42E8Fd98D2Ec364b8bF853d2623E768f95a","description":"can pull funds from the contract in case of emergency.","role":".owner"}
	receivedPermissions.3:
+	{"permission":"upgrade","from":"eth:0x25035d2233d099f0BA710ca1e5a3834842870C66","role":"admin","via":[{"address":"eth:0x783A434532Ee94667979213af1711505E8bFE374"}]}
	receivedPermissions.7:
+	{"permission":"upgrade","from":"eth:0x8fE58d2168b5412Cf1Bd212cE6137f8b7300222d","role":"admin","via":[{"address":"eth:0x783A434532Ee94667979213af1711505E8bFE374"}]}
	receivedPermissions.8.from:
-	"eth:0x9c314E8057025F2982aa4B3923Abd741A8e8DE91"
+	"eth:0x91FA5B653aFe81A79890A93ad83768A04cc011b4"
	receivedPermissions.10:
-	{"permission":"upgrade","from":"eth:0x9F18D91949731E766f294A14027bBFE8F28328CC","role":"admin","via":[{"address":"eth:0x783A434532Ee94667979213af1711505E8bFE374"}]}
	receivedPermissions.11:
-	{"permission":"upgrade","from":"eth:0xa316D42E8Fd98D2Ec364b8bF853d2623E768f95a","role":"admin","via":[{"address":"eth:0x783A434532Ee94667979213af1711505E8bFE374"}]}
	receivedPermissions.12:
-	{"permission":"upgrade","from":"eth:0xa440975E5A6BB19Bc3Bee901d909BB24b0f43D33","role":"admin","via":[{"address":"eth:0x783A434532Ee94667979213af1711505E8bFE374"}]}
	receivedPermissions.11:
+	{"permission":"upgrade","from":"eth:0xC700d16428cF5Bfa71D91E66fA54Fc11A73f2552","role":"admin","via":[{"address":"eth:0x783A434532Ee94667979213af1711505E8bFE374"}]}
	}

	contract OptimismMintableERC20Factory (eth:0x6f0E4f1EB98A52EfaCF7BE11d48B9d9d6510A906) {
	+++ description: A helper contract that generates OptimismMintableERC20 contracts on the network it's deployed to. OptimismMintableERC20 is a standard extension of the base ERC20 token contract designed to allow the L1StandardBridge contracts to mint and burn tokens. This makes it possible to use an OptimismMintableERC20 as this chain's representation of a token on the host chain, or vice-versa.
	sourceHashes.1:
-	"0x9650b4bba6299e410f01a369a95a2c57e1c3ca35f0d80c13f4f59fc468f370e5"
+	"0x25bad2bdb7df4347412a48e271dea1489299460192b43b8ca52ed191b4940992"
	values.$implementation:
-	"eth:0x5493f4677A186f64805fe7317D6993ba4863988F"
+	"eth:0x149BD036f5F57D0FF4b5F102C9d46E3c0EB2C016"
	values.$pastUpgrades.2:
+	["2026-03-31T07:08:11.000Z","0xce8f5d953104dbe1a793fdcf76a16290f1c8765f87fcef729c2ad7e2e95a07dc",["eth:0x149BD036f5F57D0FF4b5F102C9d46E3c0EB2C016"]]
	values.$upgradeCount:
-	2
+	3
	values.version:
-	"1.10.1"
+	"1.10.2"
	implementationNames.eth:0x5493f4677A186f64805fe7317D6993ba4863988F:
-	"OptimismMintableERC20Factory"
	implementationNames.eth:0x149BD036f5F57D0FF4b5F102C9d46E3c0EB2C016:
+	"OptimismMintableERC20Factory"
	}

	contract ProxyAdmin (eth:0x783A434532Ee94667979213af1711505E8bFE374) {
	+++ description: None
	directlyReceivedPermissions.3:
+	{"permission":"upgrade","from":"eth:0x25035d2233d099f0BA710ca1e5a3834842870C66","role":"admin"}
	directlyReceivedPermissions.7:
+	{"permission":"upgrade","from":"eth:0x8fE58d2168b5412Cf1Bd212cE6137f8b7300222d","role":"admin"}
	directlyReceivedPermissions.6.from:
-	"eth:0x9c314E8057025F2982aa4B3923Abd741A8e8DE91"
+	"eth:0x91FA5B653aFe81A79890A93ad83768A04cc011b4"
	directlyReceivedPermissions.8:
-	{"permission":"upgrade","from":"eth:0x9F18D91949731E766f294A14027bBFE8F28328CC","role":"admin"}
	directlyReceivedPermissions.9:
-	{"permission":"upgrade","from":"eth:0xa316D42E8Fd98D2Ec364b8bF853d2623E768f95a","role":"admin"}
	directlyReceivedPermissions.10:
-	{"permission":"upgrade","from":"eth:0xa440975E5A6BB19Bc3Bee901d909BB24b0f43D33","role":"admin"}
	directlyReceivedPermissions.11:
+	{"permission":"upgrade","from":"eth:0xC700d16428cF5Bfa71D91E66fA54Fc11A73f2552","role":"admin"}
	}

	contract SystemConfig (eth:0x89E31965D844a309231B1f17759Ccaf1b7c09861) {
	+++ description: Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.
	sourceHashes.1:
-	"0x91eb7a11bc6b22871adb21c12699c6d110b59393d358aa82559927584f1bf804"
+	"0xec811d054ae19d6bf9a5a9be07ae9ec060a10d411e1cd81528489e4450a5e313"
	values.$implementation:
-	"eth:0x9c61C5a8FF9408B83ac92571278550097A9d2BB5"
+	"eth:0xe5Dc3C0a3489b81A6F3AE3bB49bF9CcBFB85a3dB"
	values.$pastUpgrades.3:
+	["2026-03-31T07:05:23.000Z","0x66a97a8a6934d37b3ed077e788fb02fbce53e02ad7d95d3159ba6347ede395c8",["eth:0xa9c79551eA70D311f5153a27Cba12396e5128b9c"]]
	values.$pastUpgrades.4:
+	["2026-03-31T07:08:11.000Z","0xce8f5d953104dbe1a793fdcf76a16290f1c8765f87fcef729c2ad7e2e95a07dc",["eth:0xe5Dc3C0a3489b81A6F3AE3bB49bF9CcBFB85a3dB"]]
	values.$upgradeCount:
-	3
+	5
	values.DISPUTE_GAME_FACTORY_SLOT:
-	"0x52322a25d9f59ea17656545543306b7aef62bc0cc53a0e65ccfa0c75b97aa906"
	values.getAddresses.disputeGameFactory:
-	"eth:0xFbAC162162f4009Bb007C6DeBC36B1dAC10aF683"
	values.maximumGasLimit:
-	200000000
+	500000000
	values.opStackDA.isUsingEigenDA:
-	"v2"
+	"v3"
	values.owner:
-	"eth:0x4092A77bAF58fef0309452cEaCb09221e556E112"
+	"eth:0x9Eb44Da23433b5cAA1c87e35594D15FcEb08D34d"
	values.version:
-	"2.5.0"
+	"3.11.0"
	values.daFootprintGasScalar:
+	1
	values.guardian:
+	"eth:0x9Eb44Da23433b5cAA1c87e35594D15FcEb08D34d"
	values.initVersion:
+	3
	values.l2ChainId:
+	42220
	values.minBaseFee:
+	25000000000
	values.paused:
+	false
	values.proxyAdmin:
+	"eth:0x783A434532Ee94667979213af1711505E8bFE374"
	values.proxyAdminOwner:
+	"eth:0x4092A77bAF58fef0309452cEaCb09221e556E112"
	values.superchainConfig:
+	"eth:0x25035d2233d099f0BA710ca1e5a3834842870C66"
	implementationNames.eth:0x9c61C5a8FF9408B83ac92571278550097A9d2BB5:
-	"SystemConfig"
	implementationNames.eth:0xe5Dc3C0a3489b81A6F3AE3bB49bF9CcBFB85a3dB:
+	"SystemConfig"
	}

	contract SuperchainConfig (eth:0x95703e0982140D16f8ebA6d158FccEde42f04a4C) {
	+++ description: Used to manage global configuration values for multiple OP Chains within a single Superchain network. The SuperchainConfig contract manages individual pause states for each chain connected to it, as well as a global pause state for all chains. The guardian role can pause either separately, but each pause expires after 3 months if left untouched.
	receivedPermissions:
-	[{"permission":"interact","from":"eth:0xa440975E5A6BB19Bc3Bee901d909BB24b0f43D33","description":"act as an override that pauses the SuperchainConfigLocal.","role":".superchainConfig","condition":"if the (global) eth:0x95703e0982140D16f8ebA6d158FccEde42f04a4C is paused."}]
	}

-	Status: DELETED
	contract DelayedWETH (eth:0x9c314E8057025F2982aa4B3923Abd741A8e8DE91)
	+++ description: Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds.

	contract L1StandardBridge (eth:0x9C4955b92F34148dbcfDCD82e9c9eCe5CF2badfe) {
	+++ description: The main entry point to deposit ERC20 tokens from host chain to this chain.
	sourceHashes.1:
-	"0xcc038053dba84fe88b91f9062f3927165798c810fed5cb953c2045de301daf95"
+	"0xf687ceb2d3a3ac5806864ef0c440ed6639eb8570b227e7bdb1748d7d24be0d18"
	values.$implementation:
-	"eth:0x28841965B26d41304905A836Da5C0921DA7dBB84"
+	"eth:0xfA707F45A23370d9154AF4457401274E38FA2d8A"
	values.superchainConfig:
-	"eth:0xa440975E5A6BB19Bc3Bee901d909BB24b0f43D33"
+	"eth:0x25035d2233d099f0BA710ca1e5a3834842870C66"
	values.version:
-	"2.3.0"
+	"2.8.0"
	values.initVersion:
+	3
	values.proxyAdmin:
+	"eth:0x783A434532Ee94667979213af1711505E8bFE374"
	values.proxyAdminOwner:
+	"eth:0x4092A77bAF58fef0309452cEaCb09221e556E112"
	implementationNames.eth:0x28841965B26d41304905A836Da5C0921DA7dBB84:
-	"L1StandardBridge"
	implementationNames.eth:0xfA707F45A23370d9154AF4457401274E38FA2d8A:
+	"L1StandardBridge"
	}

	contract Celo cLabs Multisig (eth:0x9Eb44Da23433b5cAA1c87e35594D15FcEb08D34d) {
	+++ description: None
	receivedPermissions:
+	[{"permission":"interact","from":"eth:0x89E31965D844a309231B1f17759Ccaf1b7c09861","description":"it can update the preconfer address, the batch submitter (Sequencer) address and the gas configuration of the system.","role":".owner"}]
	}

-	Status: DELETED
	contract AnchorStateRegistry (eth:0x9F18D91949731E766f294A14027bBFE8F28328CC)
	+++ description: Contains the latest confirmed state root that can be used as a starting point in a dispute game.

-	Status: DELETED
	contract DelayedWETH (eth:0xa316D42E8Fd98D2Ec364b8bF853d2623E768f95a)
	+++ description: Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds.

-	Status: DELETED
	contract SuperchainConfigLocal (eth:0xa440975E5A6BB19Bc3Bee901d909BB24b0f43D33)
	+++ description: A local contract acting as source of truth for the paused status and the guardian role for the local chain.

-	Status: DELETED
	contract MIPS (eth:0xaA59A0777648BC75cd10364083e878c1cCd6112a)
	+++ description: The MIPS contract is used to execute the final step of the dispute game which objectively determines the winner of the dispute.

-	Status: DELETED
	contract OPSuccinctFaultDisputeGame (eth:0xc5bd131ceAEb72F15C66418bc2668332AB99DE37)
	+++ description: Logic of the dispute game. When a state root is proposed, a dispute game contract is deployed. Challengers can use such contracts to challenge the proposed state root.

	contract OptimismPortal2 (eth:0xc5c5D157928BDBD2ACf6d0777626b6C75a9EAEDC) {
	+++ description: The OptimismPortal contract is the main entry point to deposit funds from L1 to L2. It also allows to prove and finalize withdrawals. It specifies which game type can be used for withdrawals, which currently is the 42.
	sourceHashes.1:
-	"0x61779e0cf81852e74f9420c1500237e5c588b39f95b03369daca20d2e624b741"
+	"0x2747309564448749b20795c515708ee56536208ae4dadd4096a4819135b2b71f"
	values.$implementation:
-	"eth:0x215A5fF85308A72A772F09B520dA71D3520e9aC7"
+	"eth:0x2c431080Fc733E259654f3b91E39468d9A85Ac9b"
	values.$pastUpgrades.4:
+	["2026-03-31T07:05:23.000Z","0x66a97a8a6934d37b3ed077e788fb02fbce53e02ad7d95d3159ba6347ede395c8",["eth:0x661DfA933f77148Dc8d84b06646a2868D7ae5DeB"]]
	values.$pastUpgrades.5:
+	["2026-03-31T07:08:11.000Z","0xce8f5d953104dbe1a793fdcf76a16290f1c8765f87fcef729c2ad7e2e95a07dc",["eth:0x2c431080Fc733E259654f3b91E39468d9A85Ac9b"]]
	values.$upgradeCount:
-	4
+	6
	values.guardian:
-	"eth:0x6E226fa22e5F19363d231D3FA048aaBa73CC1f47"
+	"eth:0x9Eb44Da23433b5cAA1c87e35594D15FcEb08D34d"
	values.respectedGameTypeUpdatedAt:
-	1741879583
+	1774940723
	values.superchainConfig:
-	"eth:0xa440975E5A6BB19Bc3Bee901d909BB24b0f43D33"
+	"eth:0x25035d2233d099f0BA710ca1e5a3834842870C66"
	values.version:
-	"3.14.0"
+	"5.1.1"
	values.anchorStateRegistry:
+	"eth:0x8fE58d2168b5412Cf1Bd212cE6137f8b7300222d"
	values.ethLockbox:
+	"eth:0x0000000000000000000000000000000000000000"
	values.initVersion:
+	3
	values.proxyAdmin:
+	"eth:0x783A434532Ee94667979213af1711505E8bFE374"
	values.proxyAdminOwner:
+	"eth:0x4092A77bAF58fef0309452cEaCb09221e556E112"
	implementationNames.eth:0x215A5fF85308A72A772F09B520dA71D3520e9aC7:
-	"OptimismPortal2"
	implementationNames.eth:0x2c431080Fc733E259654f3b91E39468d9A85Ac9b:
+	"OptimismPortal2"
	}

-	Status: DELETED
	contract FaultDisputeGame (eth:0xcc744008aD3306a716fED303b0A6eA5b5d0690a5)
	+++ description: Logic of the dispute game. When a state root is proposed, a dispute game contract is deployed. Challengers can use such contracts to challenge the proposed state root.

	contract DisputeGameFactory (eth:0xFbAC162162f4009Bb007C6DeBC36B1dAC10aF683) {
	+++ description: The dispute game factory allows the creation of dispute games, used to propose state roots and eventually challenge them.
	sourceHashes.1:
-	"0x85ca17941ef36ac6b28a4f8f89803d0d41ef419c47586dcd3acdb47ee9617285"
+	"0x19f3f7c7ee3977705261bfb86f826d5f97b885796f2246be7cc3e815c3e95dca"
	values.$implementation:
-	"eth:0x4bbA758F006Ef09402eF31724203F316ab74e4a0"
+	"eth:0x74Fac1D45B98bae058F8F566201c9A81B85C7D50"
	values.$pastUpgrades.2:
+	["2026-03-31T07:05:23.000Z","0x66a97a8a6934d37b3ed077e788fb02fbce53e02ad7d95d3159ba6347ede395c8",["eth:0x33D1e8571a85a538ed3D5A4d88f46C112383439D"]]
	values.$pastUpgrades.3:
+	["2026-03-31T07:08:11.000Z","0xce8f5d953104dbe1a793fdcf76a16290f1c8765f87fcef729c2ad7e2e95a07dc",["eth:0x74Fac1D45B98bae058F8F566201c9A81B85C7D50"]]
	values.$upgradeCount:
-	2
+	4
	+++ severity: HIGH
	values.game42:
-	"eth:0xc5bd131ceAEb72F15C66418bc2668332AB99DE37"
+	"eth:0xE7bd695d6A17970A2D9dB55cfeF7F2024d630aE1"
	+++ severity: HIGH
	values.gameImpls.0:
-	"eth:0xcc744008aD3306a716fED303b0A6eA5b5d0690a5"
+	"eth:0x25Bd434Aa96EE31D6661c89CF4290281f1ed856F"
	+++ severity: HIGH
	values.gameImpls.1:
-	"eth:0x25c2e07A24a74F9FA54f7CA5ddAfedB2264a5d02"
+	"eth:0xa83a2E8595b602aD98C928E9cD123c0E05C84FD9"
	values.permissionedGameArgs:
-	"EXPECT_REVERT"
+	"0x"
	values.version:
-	"1.0.1"
+	"1.3.0"
	values.initVersion:
+	1
	values.proxyAdmin:
+	"eth:0x783A434532Ee94667979213af1711505E8bFE374"
	values.proxyAdminOwner:
+	"eth:0x4092A77bAF58fef0309452cEaCb09221e556E112"
	implementationNames.eth:0x4bbA758F006Ef09402eF31724203F316ab74e4a0:
-	"DisputeGameFactory"
	implementationNames.eth:0x74Fac1D45B98bae058F8F566201c9A81B85C7D50:
+	"DisputeGameFactory"
	}

+	Status: CREATED
	contract CeloSuperchainConfig (eth:0x25035d2233d099f0BA710ca1e5a3834842870C66)
	+++ description: None

+	Status: CREATED
	contract FaultDisputeGame (eth:0x25Bd434Aa96EE31D6661c89CF4290281f1ed856F)
	+++ description: Logic of the dispute game. When a state root is proposed, a dispute game contract is deployed. Challengers can use such contracts to challenge the proposed state root.

+	Status: CREATED
	contract MIPS (eth:0x6463dEE3828677F6270d83d45408044fc5eDB908)
	+++ description: The MIPS contract is used to execute the final step of the dispute game which objectively determines the winner of the dispute.

+	Status: CREATED
	contract AnchorStateRegistry (eth:0x8fE58d2168b5412Cf1Bd212cE6137f8b7300222d)
	+++ description: Contains the latest confirmed state root that can be used as a starting point in a dispute game. It specifies which game type can be used for withdrawals, which currently is the 42.

+	Status: CREATED
	contract DelayedWETH (eth:0x91FA5B653aFe81A79890A93ad83768A04cc011b4)
	+++ description: Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds.

+	Status: CREATED
	contract PermissionedDisputeGame (eth:0xa83a2E8595b602aD98C928E9cD123c0E05C84FD9)
	+++ description: Same as FaultDisputeGame, but only two permissioned addresses are designated as proposer and challenger.

+	Status: CREATED
	contract DelayedWETH (eth:0xC700d16428cF5Bfa71D91E66fA54Fc11A73f2552)
	+++ description: Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds.

+	Status: CREATED
	contract OPSuccinctFaultDisputeGame (eth:0xE7bd695d6A17970A2D9dB55cfeF7F2024d630aE1)
	+++ description: Logic of the dispute game. When a state root is proposed, a dispute game contract is deployed. Challengers can use such contracts to challenge the proposed state root.

2026 March 25, 10:05 UTC

11changes

Three signers of the shared OpFoundation multisigs (OpFoundationUpgradeSafe) were rotated. The old signer at position 0 was a GnosisSafe (0x42d27eEA1AD6e22Af6284F609847CB3Cd56B9c64) which was replaced by a new EOA. Additionally, two signers of the Celo cLabs Multisig (members 3 and 4) were rotated.

-	Status: DELETED
	contract GnosisSafe (eth:0x42d27eEA1AD6e22Af6284F609847CB3Cd56B9c64)
	+++ description: None

	contract OpFoundationUpgradeSafe (eth:0x847B5c174615B1B7fDF770882256e2D3E95b9D92) {
	+++ description: None
	values.$members.0:
-	"eth:0x42d27eEA1AD6e22Af6284F609847CB3Cd56B9c64"
+	"eth:0x6419F81580343DF023E68715C6e269aFb00a2cc7"
	values.$members.2:
-	"eth:0xE7dEA1306D9F829bA469d1904c50903b46ebd02e"
+	"eth:0xC2Db495f5a1F91172A361AAFA6FdE47c41de6dF5"
	values.$members.6:
-	"eth:0x9bbFB9919062C29a5eE15aCD93c9D7c3b14d31aa"
+	"eth:0xc222ab08333109243B1f4E2a80e3D0A190714AB5"
	}

	contract Celo cLabs Multisig (eth:0x9Eb44Da23433b5cAA1c87e35594D15FcEb08D34d) {
	+++ description: None
	values.$members.3:
-	"eth:0x326b764CEb4FE11e70af538D3CB997Bb2e16659d"
+	"eth:0x812f7C111476D45998e6D0C615B41c180C362263"
	values.$members.4:
-	"eth:0x48139512241D32047760E7481eBf0b6BF3390f8F"
+	"eth:0x74bc9E59B52117Ccf5Ee457cFb0CBE83b339A065"
	}

Operator

The system has a centralized operator

The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system.

MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

Users can force any transaction

Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly.

Withdrawals

Regular exits

The user initiates the withdrawal by submitting a regular transaction on this chain. When a state root containing such transaction is settled, the funds become available for withdrawal on L1 after 3d 12h. Withdrawal inclusion can be proven before state root settlement, but a 7d period has to pass before it becomes actionable. The process of state root settlement takes a challenge period of at least 3d 12h to complete. Finally the user submits an L1 transaction to claim the funds. This transaction requires a merkle proof.

Forced messaging

If the user experiences censorship from the operator with regular L2->L1 messaging they can submit their messages directly on L1. The system is then obliged to service this request or halt all messages, including forced withdrawals from L1 and regular messages initiated on L2. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular message.

Forced withdrawal from an OP Stack blockchain

Other considerations

EVM compatible smart contracts are supported

OP stack chains are pursuing the EVM Equivalence model. No changes to smart contracts are required regardless of the language they are written in, i.e. anything deployed on L1 can be deployed on L2.

Introducing EVM Equivalence

Permissions

A dashboard to explore contracts and permissions

Go to Disco

Explore in Disco

Ethereum

Actors:

CeloProxyAdminOwner0x4092…E112

A Multisig with 2/2 threshold.

Can upgrade with no delay
- Celo native asset Token ProxyAdmin
- L1CrossDomainMessenger ProxyAdmin
- CeloSuperchainConfig ProxyAdmin
- L1ERC721Bridge ProxyAdmin
- OptimismMintableERC20Factory ProxyAdmin
- SystemConfig ProxyAdmin
- AnchorStateRegistry ProxyAdmin
- DelayedWETH ProxyAdmin
- L1StandardBridge ProxyAdmin
- OptimismPortal2 ProxyAdmin
- DelayedWETH ProxyAdmin
- DisputeGameFactory ProxyAdmin
Can interact with AddressManager
- set and change address mappings ProxyAdmin

Participants (2):

Celo Security Council Celo cLabs Multisig

Celo cLabs Multisig0x9Eb4…D34d

A Multisig with 6/8 threshold. Member of CeloProxyAdminOwner.

Can interact with SystemConfig
- it can update the preconfer address, the batch submitter (Sequencer) address and the gas configuration of the system

Participants (8):

0x0Bd0…25e0 0x21e5…875D 0x09c0…e797 0x812f…2263 0x74bc…A065 0x4D89…D02d 0x8b4b…0daE 0xE002…1A84

OpFoundationUpgradeSafe0x847B…9D92

A Multisig with 5/7 threshold. It uses the following modules: SaferSafes (A Gnosis Safe module combining LivenessModule and TimelockGuard. Provides liveness checks where a fallback owner can challenge and take over if Safe owners are unresponsive, plus optional timelock delays for transaction scheduling). Member of SuperchainProxyAdminOwner.

Can interact with SuperchainConfig
- Allowed to pause withdrawals. In op stack systems with a proof system, the Guardian can also blacklist dispute games and set the respected game type (permissioned / permissionless) LivenessModule if the number of Optimism Security Council members falls below 8 → Optimism Security Council → Optimism Guardian Multisig

Participants (7):

0x6419…2cc7 0x3041…1623 0xC2Db…6dF5 0xBF93…a2c8 0x4D01…6d15 0x69ac…Fd02 0xc222…4AB5

Used in:

SaferSafes0xA844…483a

A Gnosis Safe module combining LivenessModule and TimelockGuard. Provides liveness checks where a fallback owner can challenge and take over if Safe owners are unresponsive, plus optional timelock delays for transaction scheduling.

Can interact with SuperchainConfig
- Allowed to pause withdrawals. In op stack systems with a proof system, the Guardian can also blacklist dispute games and set the respected game type (permissioned / permissionless) OpFoundationUpgradeSafe → LivenessModule if the number of Optimism Security Council members falls below 8 → Optimism Security Council → Optimism Guardian Multisig

Used in:

Optimism Security Council0xc281…Bd03

A Multisig with 10/13 threshold. It uses the following modules: LivenessModule (used to remove members inactive for 3mo 8d while making sure that the threshold remains above 75%. If the number of members falls below 8, the OpFoundationUpgradeSafe takes ownership of the multisig). Member of Optimism Guardian Multisig, SuperchainProxyAdminOwner.

Can interact with SuperchainConfig
- Allowed to pause withdrawals. In op stack systems with a proof system, the Guardian can also blacklist dispute games and set the respected game type (permissioned / permissionless) Optimism Guardian Multisig

Participants (13):

0xE61F…76aE 0x652B…cB5f 0x5c1f…7a81 0x4A73…e61E 0x3A53…aa94 0xEF9A…877c 0x6323…c865 0xd5b7…aC90 0x7ed8…9E39 0x0aA3…75D7 0x0a87…efE6 0xbfA0…E0d9 0x9282…cACb

Used in:

SuperchainProxyAdminOwner0x5a0A…3d2A

A Multisig with 2/2 threshold.

Can upgrade with no delay
- SuperchainConfig SuperchainProxyAdmin
Can interact with AddressManager
- set and change address mappings SuperchainProxyAdmin

Participants (2):

OpFoundationUpgradeSafe Optimism Security Council

Used in:

LivenessGuard0x2442…4a25

Modular contract to be used together with the LivenessModule. Tracks liveness / activity of Safe owners.

Can interact with LivenessModule
- can remove members of Optimism Security Council inactive for 3mo 8d

Used in:

SP1VerifierGatewayMultisig0xCafE…6878

A Multisig with 2/3 threshold.

Can interact with SP1VerifierGateway
- affect the liveness and safety of the gateway - can transfer ownership, add and freeze verifier routes

Participants (3):

0xBaB2…1126 0x72Ff…4f54 0x9395…8885

Used in:

Optimism Guardian Multisig0x09f7…dAf2

A Multisig with 1/1 threshold. It uses the following modules: DeputyPauseModule (Allows 0x352f1defB49718e7Ea411687E850aA8d6299F7aC, called the deputy pauser, to act on behalf of the OpFoundationUpgradeSafe if set as its Safe module).

Participants (1):

Optimism Security Council

Used in:

Celo Security Council0xC031…4636

A Multisig with 6/8 threshold. Member of CeloProxyAdminOwner.

Participants (8):

0xB963…f3e2 0x6FDb…13A1 0xd0cE…c6Db 0x148d…B5Ca 0x5f70…fb85 Safe 0x2BE5…FaD8 0xC912…a29a

Security Council members - Celo Docs

EOA 10x0cd0…cA60

Can interact with SystemConfig
- Allowed to commit transactions from the current layer to the host chain

EOA 20x352f…F7aC

Can interact with SuperchainConfig
- Allowed to pause withdrawals. In op stack systems with a proof system, the Guardian can also blacklist dispute games and set the respected game type (permissioned / permissionless) DeputyPauseModule though restricted to the SuperchainConfig’s pause() function → Optimism Guardian Multisig

2 EOAs

EOA 3 EOA 8

Can interact with AccessManager
- Allowed to post new state roots of the current layer to the host chain

6 EOAs

EOA 4 EOA 5 EOA 6 EOA 7 EOA 9 EOA 10

Can interact with AccessManager
- Allowed to challenge or delete state roots proposed by a Proposer

Smart contracts

A dashboard to explore contracts and permissions

Go to Disco

Explore in Disco

Note: Contracts presented in this section had their implementations updated since the last time our team looked at this project. The information presented may be inaccurate.

A diagram of the smart contract architecture

Ethereum

SystemConfig0x89E3…9861 Implementation (Upgradable)Admin

Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.

Roles:
- admin: ProxyAdmin; ultimately CeloProxyAdminOwner
- batcherHash: EOA 1
- owner: Celo cLabs Multisig

Can be upgraded by:

CeloProxyAdminOwner with no delay

OptimismPortal2

Escrow

0xc5c5…AEDC Implementation (Upgradable)Admin

The OptimismPortal contract is the main entry point to deposit funds from L1 to L2. It also allows to prove and finalize withdrawals. It specifies which game type can be used for withdrawals, which currently is the 42.

Roles:
- admin: ProxyAdmin; ultimately CeloProxyAdminOwner

The following tokens are included in the value secured calculation:

Can be upgraded by:

CeloProxyAdminOwner with no delay

SuperchainConfig0x9570…4a4C Implementation (Upgradable)Admin

Used to manage global configuration values for multiple OP Chains within a single Superchain network. The SuperchainConfig contract manages individual pause states for each chain connected to it, as well as a global pause state for all chains. The guardian role can pause either separately, but each pause expires after 3 months if left untouched.

Roles:
- admin: SuperchainProxyAdmin; ultimately SuperchainProxyAdminOwner
- guardian: Optimism Guardian Multisig; ultimately EOA 2, OpFoundationUpgradeSafe, Optimism Security Council, SaferSafes

Can be upgraded by:

SuperchainProxyAdminOwner with no delay

Proxy used in:

Implementation used in:

L1CrossDomainMessenger0x1AC1…bB95 Implementation (Upgradable)Admin

Sends messages from host chain to this chain, and relays messages back onto host chain. In the event that a message sent from host chain to this chain is rejected for exceeding this chain’s epoch gas limit, it can be resubmitted via this contract’s replay function.

Roles:
- admin: ProxyAdmin; ultimately CeloProxyAdminOwner

Can be upgraded by:

CeloProxyAdminOwner with no delay

L1ERC721Bridge0x3C51…7f13 Implementation (Upgradable)Admin

Used to bridge ERC-721 tokens from host chain to this chain.

Roles:
- admin: ProxyAdmin; ultimately CeloProxyAdminOwner

Can be upgraded by:

CeloProxyAdminOwner with no delay

Implementation used in:

L1StandardBridge

Escrow

0x9C49…adfe Implementation (Upgradable)Admin

The main entry point to deposit ERC20 tokens from host chain to this chain.

Roles:
- admin: ProxyAdmin; ultimately CeloProxyAdminOwner

All supported tokens in this escrow are included in the value secured calculation.

Can be upgraded by:

CeloProxyAdminOwner with no delay

LivenessModule0x0454…a748

used to remove members inactive for 3mo 8d while making sure that the threshold remains above 75%. If the number of members falls below 8, the OpFoundationUpgradeSafe takes ownership of the multisig

Roles:
- fallbackOwner: OpFoundationUpgradeSafe if the number of Optimism Security Council members falls below 8
- livenessGuard: LivenessGuard

Implementation used in:

SP1Verifier0x0459…C459

Verifier contract for SP1 proofs (v5.0.0).

Implementation used in:

Celo native asset Token0x0578…b19f Implementation (Upgradable)Admin

Roles:
- admin: ProxyAdmin; ultimately CeloProxyAdminOwner

Can be upgraded by:

CeloProxyAdminOwner with no delay

PreimageOracle0x1fb8…aDD3

The PreimageOracle contract is used to load the required data from L1 for a dispute game.

Implementation used in:

CeloSuperchainConfig0x2503…0C66 Implementation (Upgradable)Admin

Roles:
- admin: ProxyAdmin; ultimately CeloProxyAdminOwner

Can be upgraded by:

CeloProxyAdminOwner with no delay

FaultDisputeGame0x25Bd…856F

Logic of the dispute game. When a state root is proposed, a dispute game contract is deployed. Challengers can use such contracts to challenge the proposed state root.

SP1VerifierGateway0x3B60…185e

This contract is the router for zk proof verification. It stores the mapping between identifiers and the address of onchain verifier contracts, routing each identifier to the corresponding verifier contract.

Roles:
- owner: SP1VerifierGatewayMultisig

Implementation used in:

SuperchainProxyAdmin0x543b…fB04

Roles:
- owner: SuperchainProxyAdminOwner

Implementation used in:

MIPS0x6463…B908

The MIPS contract is used to execute the final step of the dispute game which objectively determines the winner of the dispute.

Implementation used in:

OptimismMintableERC20Factory0x6f0E…A906 Implementation (Upgradable)Admin

A helper contract that generates OptimismMintableERC20 contracts on the network it’s deployed to. OptimismMintableERC20 is a standard extension of the base ERC20 token contract designed to allow the L1StandardBridge contracts to mint and burn tokens. This makes it possible to use an OptimismMintableERC20 as this chain’s representation of a token on the host chain, or vice-versa.

Roles:
- admin: ProxyAdmin; ultimately CeloProxyAdminOwner

Can be upgraded by:

CeloProxyAdminOwner with no delay

DeputyPauseModule0x76fC…1754

Allows 0x352f1defB49718e7Ea411687E850aA8d6299F7aC, called the deputy pauser, to act on behalf of the OpFoundationUpgradeSafe if set as its Safe module.

Roles:
- deputy: EOA 2 though restricted to the SuperchainConfig’s pause() function

Implementation used in:

ProxyAdmin0x783A…E374

Roles:
- owner: CeloProxyAdminOwner

SP1Verifier0x8a0f…Fc5C

Verifier contract for SP1 proofs (v6.0.0).

Implementation used in:

AnchorStateRegistry0x8fE5…222d Implementation (Upgradable)Admin

Contains the latest confirmed state root that can be used as a starting point in a dispute game. It specifies which game type can be used for withdrawals, which currently is the OPSuccinctFaultDisputeGame. Variant for chains using OPSuccinct (SP1) games instead of Cannon, which omits Cannon-specific cross-contract fields (vm, oracle, weth, challengePeriod, absolutePrestate from game).

Roles:
- admin: ProxyAdmin; ultimately CeloProxyAdminOwner

Can be upgraded by:

CeloProxyAdminOwner with no delay

Implementation used in:

DelayedWETH0x91FA…11b4 Implementation (Upgradable)Admin

Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds.

Roles:
- admin: ProxyAdmin; ultimately CeloProxyAdminOwner

Can be upgraded by:

CeloProxyAdminOwner with no delay

PermissionedDisputeGame0xa83a…4FD9

Same as FaultDisputeGame, but only two permissioned addresses are designated as proposer and challenger.

SP1Verifier0xc3c6…AF2A

Implementation used in:

DelayedWETH0xC700…2552 Implementation (Upgradable)Admin

Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds.

Roles:
- admin: ProxyAdmin; ultimately CeloProxyAdminOwner

Can be upgraded by:

CeloProxyAdminOwner with no delay

OPSuccinctFaultDisputeGame0xE7bd…0aE1

Logic of the dispute game. When a state root is proposed, a dispute game contract is deployed. Challengers can use such contracts to challenge the proposed state root.

AccessManager0xF59a…2816

Contract managing access control for proposers and challengers in OPSuccinct.

Roles:
- challengers: EOA 10, EOA 4, EOA 5, EOA 6, EOA 7, EOA 9
- proposers: EOA 3, EOA 8

There are impactful changes to the following contracts, and part of the information might be outdated.

DisputeGameFactory0xFbAC…F683 Implementation (Upgradable)Admin

The dispute game factory allows the creation of dispute games, used to propose state roots and eventually challenge them.

Roles:
- admin: ProxyAdmin; ultimately CeloProxyAdminOwner

Can be upgraded by:

CeloProxyAdminOwner with no delay

Implementation used in:

The current deployment carries some associated risks:

Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

Program Hashes

Name	Hash	Repository	Verification	Used in

	0x004f...0377	Code unknown
	0x1fff...7c2c	Code unknown

Search

Celo

Badges

About

Links: Website, Docs, etc.

Badges

About

Last 30 day anomalies

Funds can be stolen if

Funds can be lost if

Funds can be frozen if

MEV can be extracted if

Data is posted to EigenDA

Trusted Setups

Projects used in

Projects used in

Program Hashes

Past upgrades

The system has a centralized operator

Users can force any transaction

Regular exits

Forced messaging

EVM compatible smart contracts are supported

Ethereum

Actors:

Ethereum

Program Hashes