Search

Search for projects by name

SummaryValue SecuredActivityOnchain costsData postedLivenessMilestones & IncidentsRisk summaryRisk analysisData availabilityState validationOperatorWithdrawalsOther considerationsPermissionsSmart contracts

Mantle logo
Mantle

Badges

About

Mantle is a modular general-purpose validium with a protocol design philosophy that aims to offer users a less costly and more user-friendly experience, provide developers with a simpler and more flexible development environment, and deliver a...

  • Total Value SecuredTVS
    $2.44 B9.74%
  • Past day UOPSDaily UOPS
    0.3135.9%
  • Gas token
    MNT
  • Type
    Other
  • Purpose
    Universal
  • Chain ID
    5000

    • Tokens breakdown

    Value secured breakdown

    View TVS breakdown
    Sequencer failureState validationData availabilityExit windowProposer failure
    Explore more in Discovery UI

    Badges

    About

    Mantle is a modular general-purpose validium with a protocol design philosophy that aims to offer users a less costly and more user-friendly experience, provide developers with a simpler and more flexible development environment, and deliver a...

    Why is the project listed in others?

    There is no data availability bridge

    Consequence: projects without a data availability bridge fully rely on single entities (the sequencer) to honestly rely available data roots on Ethereum. A malicious sequencer can collude with the proposer to finalize an unavailable state, which can cause loss of funds.

    Learn more about the recategorisation here.

    Value SecuredView TVS breakdown

    2024 Oct 06 — 2025 Oct 05

    Total
    $2.44 B9.74%
    Canonically BridgedCanonically Bridged ValueCanonical
    $1.86 B9.92%
    Natively MintedNatively Minted TokensNative
    $35.03 M20.7%
    Externally BridgedExternally Bridged ValueExternal
    $548.19 M8.51%
    ETH & derivatives
    $831.69 M11.4%
    Stablecoins
    $713.66 M0.63%
    BTC & derivatives
    $48.13 M10.7%
    Other
    $850.68 M16.7%
    View TVS breakdown
    Activity

    2024 Oct 04 — 2025 Oct 04

    Past Day UOPS
    0.31
    Past Day Ops count
    26.82 K
    Max. UOPS
    25.47
    2023 Dec 27
    Past day UOPS/TPS Ratio
    1.01
    Onchain costs

    The section shows the operating costs that L2s pay to Ethereum.

    2024 Oct 05 — 2025 Oct 04

    1 year total cost
    $18.16 K
    Avg cost per L2 UOP
    $0.000177
    Avg cost per day
    $49.61
    Data posted

    This section shows the amount of data the project has posted to the EigenDAEigenDA.

    Data source: API provided by EigenLayer

    2025 Feb 06 — Oct 04

    1 year data posted
    184.67 GiB
    Avg size per day
    784.66 MiB
    Avg size per L2 UOP
    3.39 KiB
    Liveness

    This section shows how "live" the project's operators are by displaying how frequently they submit transactions of the selected type. It also highlights anomalies - significant deviations from their typical schedule.

    No ongoing anomalies detected

    2025 Sep 05 — Oct 05

    30D avg. tx data subs. interval
    8 minutes
    30D avg. state updates interval
    1 hour
    Past 30 days anomalies
    Milestones & Incidents

    Upgrade to OP Succinct

    2025 Sep 16th

    Mantle upgrades to OP Succinct, integrating ZK proofs for state validation.

    Learn more

    Move to EigenDA

    2025 Mar 19th

    Mantle deactivates MantleDA and data availability migrates to EigenDA.

    Learn more
    Risk summary

    Funds can be stolen if

    1. a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL),
    2. in non-optimistic mode, the validity proof cryptography is broken or implemented incorrectly,
    3. optimistic mode is enabled and no challenger checks the published state,
    4. the proposer routes proof verification through a malicious or faulty verifier by specifying an unsafe route id.

    Funds can be lost if

    1. the sequencer posts an unavailable transaction root (CRITICAL).

    Funds can be frozen if

    1. the permissioned proposer fails to publish state roots to the L1,
    2. in non-optimistic mode, the SuccinctGateway is unable to route proof verification to a valid verifier.

    MEV can be extracted if

    1. the operator exploits their centralized position and frontruns user transactions.
    Risk analysis
    Sequencer failureState validationData availabilityExit windowProposer failure
    Sequencer failure
    Self sequence

    In the event of a sequencer failure, users can force transactions to be included in the project’s chain by sending them to L1. There can be up to a 12h delay on this operation.

    State validation
    Validity proofs (ST, SN)

    STARKs and SNARKs are zero knowledge proofs that ensure state correctness. STARKs proofs are wrapped in SNARKs proofs for efficiency. SNARKs require a trusted setup.

    Data availability
    External

    Proof construction and state derivation fully rely on data that is posted on EigenDA. Sequencer transaction data roots are not checked against the ServiceManager DA bridge data roots onchain.

    Exit window
    None

    There is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.

    Proposer failure
    Cannot withdraw

    Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.

    Data availability

    Data is posted to EigenDA

    Transactions roots are posted onchain and the full data is posted on EigenDA. Since the ServiceManager bridge is not used, availability of the data is not verified against EigenDA operators, meaning that the Sequencer can single-handedly publish unavailable commitments. Mantle uses Hokulea, a Rust implementation that provides EigenDA blob derivation for OP stack chains.

    • Funds can be lost if the sequencer posts an unavailable transaction root (CRITICAL).

    1. EigenDA Docs - Overview
    2. Hokulea - EigenDA blob derivation library
    3. Derivation: Batch submission - OP Mainnet specs
    Learn more about the DA layer here: EigenDA logoEigenDA
    State validation
    Validity proofs

    Each update to the system state must be accompanied by a ZK proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. These proofs are then verified on Ethereum by a smart contract. Through the SuccinctL2OutputOracle, the system also allows to switch to an optimistic mode, in which no proofs are required and a challenger can challenge the proposed output state root within the finalization period.

    • Funds can be stolen if in non-optimistic mode, the validity proof cryptography is broken or implemented incorrectly.

    • Funds can be stolen if optimistic mode is enabled and no challenger checks the published state.

    • Funds can be stolen if the proposer routes proof verification through a malicious or faulty verifier by specifying an unsafe route id.

    • Funds can be frozen if the permissioned proposer fails to publish state roots to the L1.

    • Funds can be frozen if in non-optimistic mode, the SuccinctGateway is unable to route proof verification to a valid verifier.

    1. Op-Succinct architecture
    Learn more about the proof system here: SP1 logoSP1
    Operator

    The system has a centralized operator

    The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system.

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

    Users can force any transaction

    Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly.

    1. Sequencing Window - OP Mainnet Specs
    2. OptimismPortal.sol - source code, depositTransaction function
    Withdrawals

    Forced messaging

    If the user experiences censorship from the operator with regular L2->L1 messaging they can submit their messages directly on L1. The system is then obliged to service this request or halt all messages, including forced withdrawals from L1 and regular messages initiated on L2. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular message.

    1. Forced withdrawal from an OP Stack blockchain
    Other considerations

    EVM compatible smart contracts are supported

    OP stack chains are pursuing the EVM Equivalence model. No changes to smart contracts are required regardless of the language they are written in, i.e. anything deployed on L1 can be deployed on L2.

    1. Introducing EVM Equivalence
    Permissions
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    Disco UI BannerExplore in Disco

    Ethereum

    Roles:

    Guardian MantleEngineeringMultisig

    Allowed to pause withdrawals. In op stack systems with a proof system, the Guardian can also blacklist dispute games and set the respected game type (permissioned / permissionless).

    Proposer EOA 2

    Allowed to post new state roots of the current layer to the host chain.

    Sequencer EOA 1

    Allowed to commit transactions from the current layer to the host chain.

    Actors:

    MantleSecurityMultisig 0x4e59…D40f

    A Multisig with 6/13 threshold.

    • Can upgrade with no delay
      • OPSuccinctL2OutputOracle
      • SystemConfig
      • L1CrossDomainMessenger
      • L1StandardBridge
      • OptimismPortal
    • Can upgrade with 1d delay
      • L1MantleToken
    • Can interact with OPSuccinctL2OutputOracle
      • can toggle between the optimistic mode and not optimistic (ZK) mode
    • Can interact with SystemConfig
      • it can update the preconfer address, the batch submitter (Sequencer) address and the gas configuration of the system
    • Can interact with TimelockController
      • cancel queued transactions
      • execute transactions that are ready
      • manage all access control roles with 1d delay or with no delay
      • propose transactions
    • Can interact with AddressManager
      • set and change address mappings

    Participants (13):

    0xf735…50890x61Af…5fE30x50dC…95CE0xA3C8…5C2F0xdC36…8Af30x4A42…f5B10x4b6C…84980x3Dc5…8eB80xf5b1…90700xe75D…2d2B0x3000…eCeb0xc414…2A930x915d…172a
    MantleEngineeringMultisig 0x2F44…daC9

    A Multisig with 3/7 threshold.

    • A Guardian - acting directly

    Participants (7):

    0xC376…15eb0x207E…82f80x5a02…B3170x00da…b5240xbE73…e34e0x3Dc5…8eB80x915d…172a
    SP1VerifierGatewayMultisig 0xCafE…6878

    A Multisig with 2/3 threshold.

    • Can interact with SP1VerifierGateway
      • affect the liveness and safety of the gateway - can transfer ownership, add and freeze verifier routes

    Participants (3):

    0xBaB2…11260x72Ff…4f540x9395…8885
    Used in:
    EOA 1 0x2f40…d749
    EOA 2 0x6667…d77D
    Smart contracts
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    Disco UI BannerExplore in Disco
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    Ethereum

    SystemConfig 0x427E…6cAfImplementation (Upgradable)Admin

    Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.

    • Roles:
      • admin: ProxyAdmin; ultimately MantleSecurityMultisig
      • batcherHash: EOA 1
      • owner: MantleSecurityMultisig
    Can be upgraded by:
    MantleSecurityMultisig with no delay
    OptimismPortal 0xc54c…A8FbImplementation (Upgradable)Admin

    The main entry point to deposit funds from host chain to this chain. It also allows to prove and finalize withdrawals.

    • Roles:
      • admin: ProxyAdmin; ultimately MantleSecurityMultisig
      • guardian: MantleEngineeringMultisig
    • This contract stores the following tokens: ETH.
    Can be upgraded by:
    MantleSecurityMultisig with no delay
    L1CrossDomainMessenger 0x676A…7120Implementation (Upgradable)Admin

    Sends messages from host chain to this chain, and relays messages back onto host chain. In the event that a message sent from host chain to this chain is rejected for exceeding this chain’s epoch gas limit, it can be resubmitted via this contract’s replay function.

    • Roles:
      • admin: ProxyAdmin; ultimately MantleSecurityMultisig
    Can be upgraded by:
    MantleSecurityMultisig with no delay
    L1StandardBridge 0x95fC…3012Implementation (Upgradable)Admin

    The main entry point to deposit ERC20 tokens from host chain to this chain.

    • Roles:
      • admin: ProxyAdmin; ultimately MantleSecurityMultisig
    • This contract can store any token.
    Can be upgraded by:
    MantleSecurityMultisig with no delay
    MantleTokenProxyAdmin 0x0cac…9ADd
    • Roles:
      • owner: TimelockController
    OPSuccinctL2OutputOracle 0x31d5…f481Implementation (Upgradable)Admin

    Contains a list of proposed state roots which Proposers assert to be a result of block execution. The SuccinctL2OutputOracle modifies the L2OutputOracle to support whenNotOptimistic mode, in which a validity proof can be passed as input argument to the proposeL2Output function.

    • Roles:
      • admin: ProxyAdmin; ultimately MantleSecurityMultisig
      • initialProposer: EOA 2
      • owner: MantleSecurityMultisig
    Can be upgraded by:
    MantleSecurityMultisig with no delay
    SP1VerifierGateway 0x397A…dA9B

    This contract is the router for zk proof verification. It stores the mapping between identifiers and the address of onchain verifier contracts, routing each identifier to the corresponding verifier contract.

    • Roles:
      • owner: SP1VerifierGatewayMultisig
    L1MantleToken 0x3c3a…f354Implementation (Upgradable)Admin

    MNT token contract: Mantle uses Mantle (MNT) as the designated gas token, allowing users pay for gas in MNT.

    • Roles:
      • admin: MantleTokenProxyAdmin; ultimately MantleSecurityMultisig
    Can be upgraded by:
    MantleSecurityMultisig with 1d delay
    SP1Verifier 0x50AC…f1e5

    Verifier contract for SP1 proofs (v5.0.0).

    Implementation used in:
    TimelockController 0x6533…447F

    A timelock with access control. The current minimum delay is 1d.

    • Roles:
      • canceller: MantleSecurityMultisig
      • defaultAdmin: MantleSecurityMultisig, TimelockController; ultimately MantleSecurityMultisig
      • executor: MantleSecurityMultisig
      • proposer: MantleSecurityMultisig
    ProxyAdmin 0xca35…7794
    • Roles:
      • owner: MantleSecurityMultisig

    Value Secured is calculated based on these smart contracts and tokens:

    Generic escrow 0x95fC…3012Implementation (Upgradable)Admin

    Main entry point for users depositing ERC20 token that do not require custom gateway.

    Can be upgraded by:
    ProxyAdmin with no delay
    Generic escrow 0xc54c…A8FbImplementation (Upgradable)Admin
    Escrow for ETH 0xc54c…A8FbImplementation (Upgradable)Admin

    Main entry point for users depositing ETH.

    Can be upgraded by:
    ProxyAdmin with no delay

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).