Search

Search for projects by name or address

SummaryValue SecuredActivityRisk summaryRisk analysisStageData availabilityState validationUpgrades & GovernanceUpdatesOperatorWithdrawalsOther considerationsPermissionsSmart contracts

Donatuz logo
Donatuz

This project is archived and no longer maintained.

Critical contracts can be upgraded by an EOA which could result in the loss of all funds.

Badges

About

Donatuz is a Layer-3 that aims at providing social media creators with innovative monetization tools to earn money from their content.

  • Total Value SecuredTVS
    $1.60 K8.73%
  • Past day UOPSDaily UOPS
    No data
  • Gas token
    ETH
  • Type
    Other
  • Purposes
    Universal, Social
  • Host chain
    Base Chain
  • Chain ID
    42026

    • Tokens breakdown

    Sequencer failureState validationData availabilityExit windowProposer failure
    Explore more in Discovery UI

    Badges

    About

    Donatuz is a Layer-3 that aims at providing social media creators with innovative monetization tools to earn money from their content.

    Why is the project listed in others?

    The proof system isn't fully functional

    Consequence: projects without a proper proof system fully rely on single entities to safely update the state. A malicious proposer can finalize an invalid state, which can cause loss of funds.

    There is no data availability bridge

    Consequence: projects without a data availability bridge fully rely on single entities (the sequencer) to honestly rely available data roots on Ethereum. A malicious sequencer can collude with the proposer to finalize an unavailable state, which can cause loss of funds.

    Learn more about the recategorisation here.

    Value SecuredView TVS breakdown
    Total
    Canonically BridgedCanonically Bridged ValueCanonical
    Natively MintedNatively Minted TokensNative
    Externally BridgedExternally Bridged ValueExternal
    ETH & derivatives
    Stablecoins
    BTC & derivatives
    Other
    View TVS breakdown
    Activity

    2024 Jun 25 — 2026 Jun 27

    Past Day UOPS
    0.000.00%
    Past Day Ops count
    0
    Max. UOPS
    1.00
    2024 Sep 02
    Past day UOPS/TPS Ratio
    No data
    Risk summary
    There are 1 additional risks coming from the host chain Base Chain logoBase Chain
    Fraud proof system is currently under development. Users need to trust the block proposer to submit correct L1 state roots.

    Funds can be stolen if

    1. a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL),
    2. an invalid state root is submitted to the system (CRITICAL).

    Funds can be lost if

    1. the sequencer posts an unavailable transaction root (CRITICAL),
    2. the data is not available on the external provider (CRITICAL).

    Funds can be frozen if

    1. the centralized validator goes down. Users cannot produce blocks themselves and exiting the system requires new block production (CRITICAL).

    MEV can be extracted if

    1. the operator exploits their centralized position and frontruns user transactions.
    Risk analysis
    The L3 risks depend on the individual properties of L3 and those of the host chain combined.
    Critical contracts can be upgraded by an EOA which could result in the loss of all funds.
    Fraud proof system is currently under development. Users need to trust the block proposer to submit correct L1 state roots.
    SEQUENCER
    FAILURE    		STATE
    VALIDATION    		DATA
    AVAILABILITY    		EXIT WINDOWPROPOSER
    FAILURE
    Base Chain
    L2
    		Self sequenceFraud proofs (1R, ZK)OnchainNoneSelf propose
    Donatuz
    L3 • Individual
    		Self sequenceNoneExternalNoneCannot withdraw
    Donatuz
    L3 • Combined
    		Self sequenceNoneExternalNoneCannot withdraw
    L2 & L3 individual risks
    Sequencer failureState validationData availabilityExit windowProposer failure
    L3 combined risks
    Sequencer failureState validationData availabilityExit windowProposer failure
    L3 combined risks
    The information below reflects combined L2 & L3 risks.
    Sequencer failure
    Self sequence

    In the event of a sequencer failure, users can force transactions to be included in the project’s chain by sending them to L1. There can be up to a 1d delay on this operation.

    State validation
    None

    Currently the system permits invalid state roots. More details in project overview.

    Data availability
    External

    Proof construction and state derivation fully rely on data that is posted on EigenDA. Sequencer transaction data roots are not checked against the ServiceManager DA bridge data roots onchain.

    Exit window
    None

    There is no window for users to exit in case of an unwanted upgrade since contracts are instantly upgradable.

    Proposer failure
    Cannot withdraw

    Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.

    Stage
    Donatuz
    Donatuz is not even a
    Stage 0
    project.
    Learn more about Stages
    Please keep in mind that these stages do not reflect project security, this is an opinionated assessment of project maturity based on subjective criteria, created with a goal of incentivizing projects to push toward better decentralization. Each team may have taken different paths to achieve this goal.
    Data availability

    Data is posted to EigenDA

    Transactions roots are posted onchain and the full data is posted on EigenDA. Since the ServiceManager bridge is not used, availability of the data is not verified against EigenDA operators, meaning that the Sequencer can single-handedly publish unavailable commitments.

    • Funds can be lost if the sequencer posts an unavailable transaction root (CRITICAL).

    • Funds can be lost if the data is not available on the external provider (CRITICAL).

    1. EigenDA Docs - Overview
    2. Derivation: Batch submission - OP Mainnet specs
    3. BatchInbox - address
    4. OptimismPortal.sol - source code, depositTransaction function
    Learn more about the DA layer here: EigenDA logoEigenDA
    State validation
    No state validation

    OP Stack projects can use the OP fault proof system, already being deployed on some. This project though is not using fault proofs yet and is relying on the honesty of the permissioned Proposer and Challengers to ensure state correctness. The smart contract system permits invalid state roots.

    • Funds can be stolen if an invalid state root is submitted to the system (CRITICAL).

    1. L2OutputOracle.sol - source code, deleteL2Outputs function
    Upgrades & Governance

    Past upgrades

    The metrics include upgrades on the currently used proxy contracts. Historical proxy contracts and changes of such are not included.

    Count of upgrades
    1
    Last upgrade
    2y ago
    Avg upgrade interval
    1y
    Updates
    2025 December 10, 15:39 UTC
    5changes

    Conduit msig change.

    Conduit msig change.

    contract Conduit Multisig 3 (base:0x7dCe2FEE5e30EFf298cD3d9B92649f00EBDfc104) {
    +++ description: None
    values.$members.0:
    + "base:0x2103c69696CB2D3779f5445393808239034E911c"
    values.$members.0:
    - "base:0xFe0ab87ebE03DD0bF52DaF34Dfda6639c335e2d4"
    + "base:0x65D1d44B8B2fE15d45A03708E0835C7E98a56007"
    values.multisigThreshold:
    - "4 of 9 (44%)"
    + "4 of 10 (40%)"
    }
    2025 October 03, 08:49 UTC
    13changes

    Member removed from multisig.

    Member removed from multisig.

    contract Conduit Multisig 3 (base:0x7dCe2FEE5e30EFf298cD3d9B92649f00EBDfc104) {
    +++ description: None
    values.$members.2:
    - "base:0x860e06Fe384D1A3340111e7D142E02642178c053"
    values.$members.3:
    - "base:0x50930d652266EF4127FA3A1906B7Cb9951076628"
    values.multisigThreshold:
    - "4 of 11 (36%)"
    + "4 of 9 (44%)"
    receivedPermissions.2:
    - {"permission":"interact","from":"base:0x5416B7421c42B9218B29f688C47a46020c23cF0d","description":"set and change address mappings.","role":".owner","via":[{"address":"base:0x85519ecD4E4c59E62B68dB2082dB1F5c75da1E15"}]}
    receivedPermissions.4:
    - {"permission":"upgrade","from":"base:0x4A2b7478B9646c06C3517E6f06e1232684143C00","role":"admin","via":[{"address":"base:0x85519ecD4E4c59E62B68dB2082dB1F5c75da1E15"}]}
    receivedPermissions.5:
    - {"permission":"upgrade","from":"base:0x88dBaaeCDa265241a1BABe4A0ce69ad4957da8a2","role":"admin","via":[{"address":"base:0x85519ecD4E4c59E62B68dB2082dB1F5c75da1E15"}]}
    receivedPermissions.6:
    - {"permission":"upgrade","from":"base:0xa096dD38362bd2cE3C696474329989960722A7Fd","role":"admin","via":[{"address":"base:0x85519ecD4E4c59E62B68dB2082dB1F5c75da1E15"}]}
    receivedPermissions.7:
    - {"permission":"upgrade","from":"base:0xb765Df9d2925a82678F4B7bc60eF5294c1604514","role":"admin","via":[{"address":"base:0x85519ecD4E4c59E62B68dB2082dB1F5c75da1E15"}]}
    receivedPermissions.8:
    - {"permission":"upgrade","from":"base:0xBbea8Cc549702F67cc082d2cAA9842Ba3767536B","description":"upgrading the bridge implementation can give access to all funds escrowed therein.","role":".$admin","via":[{"address":"base:0x85519ecD4E4c59E62B68dB2082dB1F5c75da1E15"}]}
    directlyReceivedPermissions:
    - [{"permission":"act","from":"base:0x85519ecD4E4c59E62B68dB2082dB1F5c75da1E15","role":".owner"}]
    }
    contract ProxyAdmin (base:0x85519ecD4E4c59E62B68dB2082dB1F5c75da1E15) {
    +++ description: None
    values.owner:
    - "base:0x7dCe2FEE5e30EFf298cD3d9B92649f00EBDfc104"
    + "base:0xb02b6c8e9970D7Fd54a000a95AC4fBAA3bb11288"
    }
    2025 August 12, 15:53 UTC
    3changes

    Conduit Multisig signer added.

    Conduit Multisig signer added.

    contract Conduit Multisig 3 (0x7dCe2FEE5e30EFf298cD3d9B92649f00EBDfc104) {
    +++ description: None
    values.$members.0:
    + "base:0xFe0ab87ebE03DD0bF52DaF34Dfda6639c335e2d4"
    values.multisigThreshold:
    - "4 of 10 (40%)"
    + "4 of 11 (36%)"
    }
    2025 July 15, 11:24 UTC
    2changes

    archive this disco (project archived).

    archive this disco (project archived).

    contract SystemConfig (0xa096dD38362bd2cE3C696474329989960722A7Fd) {
    +++ description: Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.
    values.opStackDA.isUsingEigenDA:
    - true
    + false
    }
    2025 May 30, 06:16 UTC
    11changes

    signer change.

    signer change.

    contract Conduit Multisig 3 (0x7dCe2FEE5e30EFf298cD3d9B92649f00EBDfc104) {
    +++ description: None
    values.$members.9:
    + "0xA0737fea60F0601A192E3d2c98865A883ab0bda2"
    values.$members.8:
    - "0xA0737fea60F0601A192E3d2c98865A883ab0bda2"
    + "0xa0C600a6e85bf225958FFAcC70B5FDDF9A059038"
    values.$members.7:
    - "0xa0C600a6e85bf225958FFAcC70B5FDDF9A059038"
    + "0xF3313C48BD8E17b823d5498D62F37019dFEA647D"
    values.$members.6:
    - "0xF3313C48BD8E17b823d5498D62F37019dFEA647D"
    + "0xefCf0c8faFB425997870f845e26fC6cA6EE6dD5C"
    values.$members.5:
    - "0xefCf0c8faFB425997870f845e26fC6cA6EE6dD5C"
    + "0x81175155D85377C337d92f1FA52Da166C3A4E7Ac"
    values.multisigThreshold:
    - "4 of 9 (44%)"
    + "4 of 10 (40%)"
    }
    Operator
    The section considers only the L3 properties. For more details please refer to Base Chain logoBase Chain

    The system has a centralized operator

    The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system.

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

    1. L2OutputOracle.sol - source code, CHALLENGER address
    2. L2OutputOracle.sol - source code, PROPOSER address

    Users can force any transaction

    Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly.

    1. Sequencing Window - OP Mainnet Specs
    2. OptimismPortal.sol - source code, depositTransaction function
    Withdrawals
    The section considers only the L3 properties. For more details please refer to Base Chain logoBase Chain

    Regular messaging

    The user initiates L2->L1 messages by submitting a regular transaction on this chain. When the block containing that transaction is settled, the message becomes available for processing on L1. The process of block finalization takes a challenge period of 7d to complete.

    • Funds can be frozen if the centralized validator goes down. Users cannot produce blocks themselves and exiting the system requires new block production (CRITICAL).

    1. OptimismPortal.sol - source code, proveWithdrawalTransaction function
    2. OptimismPortal.sol - source code, finalizeWithdrawalTransaction function
    3. L2OutputOracle.sol - source code, PROPOSER check

    Forced messaging

    If the user experiences censorship from the operator with regular L2->L1 messaging they can submit their messages directly on L1. The system is then obliged to service this request or halt all messages, including forced withdrawals from L1 and regular messages initiated on L2. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular message.

    1. Forced withdrawal from an OP Stack blockchain
    Other considerations

    EVM compatible smart contracts are supported

    OP stack chains are pursuing the EVM Equivalence model. No changes to smart contracts are required regardless of the language they are written in, i.e. anything deployed on L1 can be deployed on L2.

    1. Introducing EVM Equivalence
    Permissions
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    Disco UI BannerExplore in Disco

    Base Chain

    Actors:

    Conduit Multisig 30x7dCe…c104

    A Multisig with 4/10 threshold.

    • Can interact with L2OutputOracle
    • Can interact with SystemConfig
      • it can update the preconfer address, the batch submitter (Sequencer) address and the gas configuration of the system
    • Can interact with OptimismPortal
      • Allowed to pause withdrawals. In op stack systems with a proof system, the Guardian can also blacklist dispute games and set the respected game type (permissioned / permissionless)

    Participants (10):

    0x2103…911c0x65D1…60070x8117…E7Ac0xF331…647D0xA073…bda20x4D80…5BAe0x3840…Fd5f0xa0C6…90380xefCf…dD5C0xa400…e6e4
    Used in:
    EOA 10xb02b…1288
    • Can upgrade with no delay
      • L1CrossDomainMessenger
      • L2OutputOracle
      • SystemConfig
      • OptimismPortal
      • L1StandardBridge
    • Can interact with AddressManager
      • set and change address mappings
    EOA 20x9C56…D8b0
    • Can interact with SystemConfig
      • Allowed to commit transactions from the current layer to the host chain
    EOA 30xfB04…306B
    • Can interact with L2OutputOracle
      • Allowed to post new state roots of the current layer to the host chain
    Smart contracts
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    Disco UI BannerExplore in Disco
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    Base Chain

    L2OutputOracle0x88dB…a8a2Implementation (Upgradable)Admin

    Contains a list of proposed state roots which Proposers assert to be a result of block execution. Currently only the PROPOSER address can submit new state roots.

    • Roles:
      • admin: ProxyAdmin; ultimately EOA 1
      • challenger: Conduit Multisig 3
      • proposer: EOA 3
    Can be upgraded by:
    EOA 1 with no delay
    SystemConfig0xa096…A7FdImplementation (Upgradable)Admin

    Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.

    • Roles:
      • admin: ProxyAdmin; ultimately EOA 1
      • batcherHash: EOA 2
      • owner: Conduit Multisig 3
    Can be upgraded by:
    EOA 1 with no delay
    OptimismPortal
    Escrow
    0xb765…4514Implementation (Upgradable)Admin

    The main entry point to deposit funds from host chain to this chain. It also allows to prove and finalize withdrawals.

    • Roles:
      • admin: ProxyAdmin; ultimately EOA 1
      • guardian: Conduit Multisig 3
    The following tokens are included in the value secured calculation:
    ETH token logo
    Can be upgraded by:
    EOA 1 with no delay
    L1CrossDomainMessenger0x4A2b…3C00Implementation (Upgradable)Admin

    Sends messages from host chain to this chain, and relays messages back onto host chain. In the event that a message sent from host chain to this chain is rejected for exceeding this chain’s epoch gas limit, it can be resubmitted via this contract’s replay function.

    • Roles:
      • admin: ProxyAdmin; ultimately EOA 1
    Can be upgraded by:
    EOA 1 with no delay
    L1StandardBridge
    Escrow
    0xBbea…536BImplementation (Upgradable)Admin

    The main entry point to deposit ERC20 tokens from host chain to this chain.

    • Roles:
      • admin: ProxyAdmin; ultimately EOA 1

    All supported tokens in this escrow are included in the value secured calculation.

    Can be upgraded by:
    EOA 1 with no delay
    ProxyAdmin0x8551…1E15
    • Roles:
      • owner: EOA 1

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).