Consequence: projects without a proper proof system fully rely on single entities to safely update the state. A malicious proposer can finalize an invalid state, which can cause loss of funds.

There are less than 5 external actors that can attest data availability

Consequence: projects without a sufficiently decentralized data availability committee rely on few entities to safely attest data availability on Ethereum. A small set of entities can collude with the proposer to finalize an unavailable state, which can cause loss of funds.

Learn more about the recategorisation

Value Secured

2024 Feb 22 — 2025 Feb 21

Milestones & Incidents

Mainnet v2 Tectonic Upgrade

2024 Mar 15th

Mantle completes Mainnet v2 Tectonic Upgrade.

Learn more

Mainnet launch

2023 Jul 14th

Mantle is live on mainnet.

Learn more

Risk summary

Sequencer failureState validationData availabilityExit windowProposer failure

Sequencer failure

Self sequence

In the event of a sequencer failure, users can force transactions to be included in the project’s chain by sending them to L1. There can be up to a 12h delay on this operation.

State validation

None

Currently the system permits invalid state roots. More details in project overview.

Data availability

External

Proof construction and state derivation rely fully on data that is NOT published on chain. Mantle DA contracts are forked from EigenDA with significant modifications, most importantly removal of slashing conditions. DA fraud proof mechanism is not live yet.

Exit window

None

There is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.

Proposer failure

Cannot withdraw

Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.

Technology

Fraud proofs are not enabled

OP Stack projects can use the OP fault proof system, already being deployed on some. This project though is not using fault proofs yet and is relying on the honesty of the permissioned Proposer and Challengers to ensure state correctness. The smart contract system permits invalid state roots.

Funds can be stolen if an invalid state root is submitted to the system (CRITICAL).

L2OutputOracle.sol - source code, deleteL2Outputs function

Data is not stored on chain

The transaction data is not recorded on the Ethereum main chain. The sequencer posts the transactions data batch root, and then propagates the data to off-chain permissioned nodes to sign. It subsequently posts the nodes signatures on chain to verify they belong to the specified members of the quorum, and that the minimum stake threshold is met.

Funds can be lost if the external data becomes unavailable (CRITICAL).

Data availability

Mantle DA is a data availability solution built on EigenDA contracts, which have been forked and significantly modified.

7.1

Risk analysis

DA Layer Risks

Economic security

No slashing

Although node operators are required to stake MNT tokens to become members of the DA network, there is no slashing mechanism in place for misbehaving nodes.

Fraud detection

None

There is no fraud detection mechanism in place. A data withholding attack can only be detected by nodes downloading the full data from the DA layer.

DA Bridge Risks

Committee security

9/10

The committee requires an honest minority (less than 1/3) of members (or the network stake) to prevent the DA bridge from accepting an unavailable data commitment. However, the committee is not diverse enough to prevent a single entity from controlling the majority of the committee.

Upgradeability

No delay

There is no delay in the upgradeability of the bridge. Users have no time to exit the system before the bridge implementation update is completed.

Relayer failure

No mechanism

The relayer role is permissioned, and the DA bridge does not have a Security Council or a governance mechanism to propose new relayers. In case of relayer failure, the DA bridge will halt and be unable to recover without the intervention of a centralized entity.

7.2

Technology

Architecture

MantleDA architecture Mantle DA is an independent DA module that is built on top of an early version of EigenDA smart contracts. The system is made up of two main component: onchain smart contracts for storing and verifying data commitments, and an offchain network of permissioned nodes storing the data. The permissioned set of nodes is tasked with providing data availability to the Mantle network. They receive Mantle network transaction data, sign it using a BLS signature scheme, and send back signatures to the sequencer to post commitments to the DataLayrServiceManager (DA Bridge) contract on Ethereum. The DA DataLayrServiceManager acts as a verifier smart contract, verifying that the signatures provided by the sequencer are indeed from node operators who have agreed to be in the quorum. To become members of the DA network, node operators are required to stake 100,000 MNT tokens, and can only be registered by an authorized entity. There is no slashing mechanism in place for misbehaving nodes.

DA Bridge

MantleDA bridge

The DA bridge contract is used for storing transaction data headers and confirming the data store by verifying operators signatures. The Mantle sequencer posts the data hash as a commitment to the DataLayrServiceManager contract on Ethereum through an InitDataStore() transaction. Once the commitment is posted, the sequencer sends the data to the permissioned set of nodes, who sign the data and send back the signatures to the sequencer. The sequencer then posts the signatures to the DataLayrServiceManager contract on Ethereum through a confirmDataStore() transaction. The confirmDataStore() function verify the signatures and if the quorum is reached, the data is considered available.

Operator

The system has a centralized operator

The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system.

MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

Users can force any transaction

Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly.

Withdrawals

Regular messaging

The user initiates L2->L1 messages by submitting a regular transaction on this chain. When the block containing that transaction is settled, the message becomes available for processing on L1. The process of block finalization takes a challenge period of 7d to complete.

Funds can be frozen if the centralized validator goes down. Users cannot produce blocks themselves and exiting the system requires new block production (CRITICAL).

Forced messaging

If the user experiences censorship from the operator with regular L2->L1 messaging they can submit their messages directly on L1. The system is then obliged to service this request or halt all messages, including forced withdrawals from L1 and regular messages initiated on L2. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular message.

Forced withdrawal from an OP Stack blockchain

Other considerations

EVM compatible smart contracts are supported

OP stack chains are pursuing the EVM Equivalence model. No changes to smart contracts are required regardless of the language they are written in, i.e. anything deployed on L1 can be deployed on L2.

Introducing EVM Equivalence

Permissions

Ethereum

Roles:

Challenger MantleEngineeringMultisig

Allowed to challenge or delete state roots proposed by a Proposer.

Guardian MantleEngineeringMultisig

Allowed to pause deposits and withdrawals.

Proposer 0x6667…d77D

Allowed to post new state roots of the current layer to the host chain.

Sequencer 0x2f40…d749

Allowed to commit transactions from the current layer to the host chain.

Actors:

PauserRegistry 0x075a…A86f

Is allowed to interact with InvestmentManager - defines addresses that can pause or unpause ability to invest into strategies.
Is allowed to interact with MantleSecondStrat, MantleFirstStrat - defines addresses that can pause or unpause ability to deposit tokens into strategies.

MantleEngineeringMultisig 0x2F44…daC9

A Multisig with 3 / 7 threshold.
A Challenger.
A Guardian.

Participants (7):

0xC376…15eb EOA 3 0x5a02…B317 0x00da…b524 0xbE73…e34e 0x3Dc5…8eB8 0x915d…172a

MantleSecurityMultisig 0x4e59…D40f

A Multisig with 6 / 13 threshold.
Can act on behalf of ProxyAdmin, ProxyAdmin, ProxyAdmin.
Can act on behalf of TimelockController with 1d delay.
Is allowed to interact with SystemConfig - it can update the preconfer address, the batch submitter (Sequencer) address and the gas configuration of the system.
Is allowed to interact with TimelockController - cancel queued transactions.
Is allowed to interact with TimelockController - execute transactions that are ready.
Is allowed to interact with TimelockController - manage all access control roles - acting via TimelockController with 1d delay.
Is allowed to interact with TimelockController - manage all access control roles.
Is allowed to interact with TimelockController - propose transactions.
Is allowed to interact with Lib_AddressManager - set and change address mappings - acting via ProxyAdmin.
Can upgrade the implementation of BLSRegistry, InvestmentManager, L2OutputOracle, SystemConfig, DataLayrServiceManager, PubkeyCompendium, MantleSecondStrat, RegistryPermission, OptimismPortal, DataLayrChallenge, MantleFirstStrat, DataLayrChallengeUtils, Delegation - acting via ProxyAdmin.
Can upgrade the implementation of L1MantleToken - acting via MantleTokenProxyAdmin, TimelockController with 1d delay.
Can upgrade the implementation of EigenDataLayerChain.
Can upgrade the implementation of L1StandardBridge - upgrading the bridge implementation can give access to all funds escrowed therein - acting via ProxyAdmin.

Participants (13):

0xf735…5089 0x61Af…5fE3 0x50dC…95CE 0xA3C8…5C2F 0xdC36…8Af3 0x4A42…f5B1 0x4b6C…8498 0x3Dc5…8eB8 0xf5b1…9070 0xe75D…2d2B 0x3000…eCeb 0xc414…2A93 0x915d…172a

EOA 1 0x0B6F…e323