Fraxtal
Badges
About
Fraxtal is an EVM equivalent Optimium utilizing the OP stack as its smart contract platform and execution environment.
Badges
About
Fraxtal is an EVM equivalent Optimium utilizing the OP stack as its smart contract platform and execution environment.
Recategorisation
The project will be classified as "Other" due to its specific risks that set it apart from the standard classifications.
The project will move to Others because:
Consequence: projects without a proper proof system fully rely on single entities to safely update the state. A malicious proposer can finalize an invalid state, which can cause loss of funds.
Consequence: projects without a data availability bridge fully rely on single entities (the sequencer) to honestly rely available data roots on Ethereum. A malicious sequencer can collude with the proposer to finalize an unavailable state, which can cause loss of funds.
Learn more about the recategorisation here.
Funds can be stolen if
Funds can be lost if
Funds can be frozen if
MEV can be extracted if
Sequencer failure
Self sequenceState validation
NoneCurrently the system permits invalid state roots. More details in project overview.
Data availability
ExternalProof construction and state derivation rely fully on data that is NOT published on chain. Fraxtal uses a separate data availability module developed by the Frax Core Team, and data availability attestations are not published on chain.
Exit window
NoneThere is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.
Proposer failure
Cannot withdrawOnly the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.
Fraud proofs are not enabled
OP Stack projects can use the OP fault proof system, already being deployed on some. This project though is not using fault proofs yet and is relying on the honesty of the permissioned Proposer and Challengers to ensure state correctness. The smart contract system permits invalid state roots.
Funds can be stolen if an invalid state root is submitted to the system (CRITICAL).
Data required to compute fraud proof is not published on chain, and currently not publicly accessible
Fraxtal uses a separate data availability module developed by the Frax Core Team. Data is posted off chain, and only hashes of blob data is published on an on chain inbox.
Funds can be lost if the data is not made available on the external provider (CRITICAL).
Funds can be lost if the sequencer posts an unavailable or malicious transaction root (CRITICAL).
FraxtalDA is a custom data availability solution built by the Fraxtal team.
There are no onchain assets at risk of being slashed in case of a data withholding attack, and the committee members are not publicly known.
There is no fraud detection mechanism in place. A data withholding attack can only be detected by nodes downloading the full data from the DA layer.
Architecture
FraxtalDA is a custom data availability solution built by the Fraxtal team. The data is posted by the OP batcher to three separate locations: AWS, IPFS, and Cloudfare R2. The IPFS hash is then submitted to the onchain inbox contract on Ethereum. FraxtalDA relies on a single DA endpoint to manage data posting between the three different locations.
The sequencer attests to data availability by posting an IPFS hash to an onchain inbox contract on Ethereum. L2 nodes derive the L2 chain from the L1 by reading transactions commitments from this sequencer inbox. When reading from the inbox, the op-node verifies that the commitment hash is a valid IPFS CID. If the data corresponding to the hash is missing from IPFS, the op-node will halt, preventing further derivation of the L2 chain.
DA Bridge
The SequencerInbox only stores IPFS hash commitments posted by the sequencer. It is not possible to verify blob inclusion against the data commitments onchain. Projects not integrating with a functional DA bridge rely only on the data availability attestation of the sequencer.There is no committee attesting to the availability of the data. For L2 chain derivation, the system relies on sequencer commitments to an L1 onchain inbox. See DA layer technology section for more details.
Funds can be lost if the sequencer posts an invalid data availability commitment.
The system has a centralized operator
The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system.
MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.
Users can force any transaction
Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly.
Regular messaging
The user initiates L2->L1 messages by submitting a regular transaction on this chain. When the block containing that transaction is settled, the message becomes available for processing on L1. The process of block finalization takes a challenge period of 7d to complete.
Funds can be frozen if the centralized validator goes down. Users cannot produce blocks themselves and exiting the system requires new block production (CRITICAL).
Forced messaging
If the user experiences censorship from the operator with regular L2->L1 messaging they can submit their messages directly on L1. The system is then obliged to service this request or halt all messages, including forced withdrawals from L1 and regular messages initiated on L2. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular message.
EVM compatible smart contracts are supported
OP stack chains are pursuing the EVM Equivalence model. No changes to smart contracts are required regardless of the language they are written in, i.e. anything deployed on L1 can be deployed on L2.
Ethereum
Roles:
Challenger is an actor allowed to challenge or delete state roots proposed by a Proposer.
Guardian is an actor allowed to pause deposits and withdrawals.
Proposer is an actor allowed to post new state roots of the current layer to the host chain.
Sequencer is an actor allowed to commit transactions from the current layer to the host chain.
Actors:
- Accepts user-supplied ETH to convert it to frxETH using auxiliary contracts like the EtherRouter.
- Is allowed to interact with frxETH - can mint frxETH tokens.
- A Multisig with 4 / 7 threshold.
- Is allowed to interact with EtherRouter - set the default AMO and lending pool contracts among the registered ones and trigger the predefined rebalancing functions of the router.
- Is allowed to interact with EtherRouter - withdraw all escrowed ETH and ERC-20s and configure important addresses like the operator, AMO(s) or the lending pool(s).
- Is allowed to interact with FraxEtherMinter - configure important addresses like the operator or the EtherRouter and withdraw ETH and ERC-20s from the contract (usually not escrowed here).
- Is allowed to interact with FraxEtherMinter - pause ETH deposits / frxETH mints and withdraw ETH and ERC-20s from the contract (usually not escrowed here).
- A Multisig with 3 / 5 threshold.
- Can act on behalf of Timelock.
- Is allowed to interact with frxETH - can add and remove frxETH minters and set a new timelock address - acting via Timelock with 2d delay.
- Is allowed to interact with frxETHMinter - can withdraw all escrowed ETH, pause the contract and set user fees for minting frxETH (
submit()) - acting via Timelock with 2d delay.
- Accepts user-supplied ETH and converts it to frxETH.
- Is allowed to interact with frxETH - can mint frxETH tokens.
- A Multisig with 3 / 5 threshold.
- Can act on behalf of ProxyAdmin.
- A Challenger.
- A Guardian.
- Is allowed to interact with SystemConfig - it can update the preconfer address, the batch submitter (Sequencer) address and the gas configuration of the system.
- Is allowed to interact with AddressManager - set and change address mappings - acting via ProxyAdmin.
- Can upgrade the implementation of OptimismMintablePermitERC20Factory, SystemConfig, OptimismPortal, SuperchainConfig, L2OutputOracle, L1ERC721Bridge - acting via ProxyAdmin.
- Can upgrade the implementation of L1StandardBridge - upgrading the bridge implementation can give access to all funds escrowed therein - acting via ProxyAdmin.
Ethereum
A helper contract that generates OptimismMintableERC20 contracts on the network it’s deployed to. OptimismMintableERC20 is a standard extension of the base ERC20 token contract designed to allow the L1StandardBridge contracts to mint and burn tokens. This makes it possible to use an OptimismMintablERC20 as this chain’s representation of a token on the host chain, or vice-versa.
Upgrade delay: No delay
Sends messages from host chain to this chain, and relays messages back onto host chain. In the event that a message sent from host chain to this chain is rejected for exceeding this chain’s epoch gas limit, it can be resubmitted via this contract’s replay function.
- Can be used to interact with AddressManager - set and change address mappings.
- Can be used to upgrade implementation of OptimismMintablePermitERC20Factory, SystemConfig, OptimismPortal, SuperchainConfig, L2OutputOracle, L1ERC721Bridge.
- Can be used to upgrade implementation of L1StandardBridge - upgrading the bridge implementation can give access to all funds escrowed therein.
The main entry point to deposit ERC20 tokens from host chain to this chain. This contract can store any token.
Upgrade delay: No delay
The main entry point to deposit funds from host chain to this chain. It also allows to prove and finalize withdrawals. This contract stores the following tokens: ETH, frxETH.
Upgrade delay: No delay
ETH deposited by users via the FraxEtherMinter is forwarded to this contract and then routed further to either lending pools or AMOs.
frxETH token contract. Fraxtal uses Frax Ether as the designated gas token, allowing users to pay for blockspace with frxETH.
This is NOT the shared SuperchainConfig contract of the OP stack Superchain but rather a local fork. It manages the PAUSED_SLOT, a boolean value indicating whether the local chain is paused, and GUARDIAN_SLOT, the address of the guardian which can pause and unpause the system.
Upgrade delay: No delay
Contains a list of proposed state roots which Proposers assert to be a result of block execution. Currently only the PROPOSER address can submit new state roots.
Upgrade delay: No delay
- Allows for time-delayed execution of transactions. Current delay is 2d.
- Can be used to interact with frxETH - can add and remove frxETH minters and set a new timelock address.
- Can be used to interact with frxETHMinter - can withdraw all escrowed ETH, pause the contract and set user fees for minting frxETH (
submit()).
Legacy contract used to manage a mapping of string names to addresses. Modern OP stack uses a different standard proxy system instead, but this contract is still necessary for backwards compatibility with several older contracts.
Used to bridge ERC-721 tokens from host chain to this chain.
Upgrade delay: No delay
Vault token contract (ERC-4626) for staked frxETH. The smart contract receives frxETH tokens and mints sfrxETH tokens.
Value Secured is calculated based on these smart contracts and tokens:
Main entry point for users depositing ERC20 token that do not require custom gateway.
Upgrade delay: No delay
Main entry point for users depositing ETH, frxETH.
Upgrade delay: No delay
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. Both regular and emergency upgrades must be approved by both the Security Council and the Foundation. There is no delay on regular upgrades.
