Mantle
Badges
About
Mantle is an under development EVM compatible Optimium, based on the OP Stack.
Badges
About
Mantle is an under development EVM compatible Optimium, based on the OP Stack.
Recategorisation
The project will be classified as "Other" due to its specific risks that set it apart from the standard classifications.
The project will move to Others because:
Consequence: projects without a proper proof system fully rely on single entities to safely update the state. A malicious proposer can finalize an invalid state, which can cause loss of funds.
Consequence: projects without a sufficiently decentralized data availability committee rely on few entities to safely attest data availability on Ethereum. A small set of entities can collude with the proposer to finalize an unavailable state, which can cause loss of funds.
Learn more about the recategorisation here.
Funds can be stolen if
Funds can be lost if
Funds can be frozen if
MEV can be extracted if
Sequencer failure
Self sequenceState validation
NoneCurrently the system permits invalid state roots. More details in project overview.
Data availability
ExternalProof construction and state derivation rely fully on data that is NOT published on chain. Mantle DA contracts are forked from EigenDA with significant modifications, most importantly removal of slashing conditions. DA fraud proof mechanism is not live yet.
Exit window
NoneThere is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.
Proposer failure
Cannot withdrawOnly the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.
Fraud proofs are not enabled
OP Stack projects can use the OP fault proof system, already being deployed on some. This project though is not using fault proofs yet and is relying on the honesty of the permissioned Proposer and Challengers to ensure state correctness. The smart contract system permits invalid state roots.
Funds can be stolen if an invalid state root is submitted to the system (CRITICAL).
Data is not stored on chain
The transaction data is not recorded on the Ethereum main chain. The sequencer posts the transactions data batch root, and then propagates the data to off-chain permissioned nodes to sign. It subsequently posts the nodes signatures on chain to verify they belong to the specified members of the quorum, and that the minimum stake threshold is met.
Funds can be lost if the external data becomes unavailable (CRITICAL).
- DataLayrServiceManager.sol#L389 - Etherscan source code, confirmDataStore function
- DataLayrServiceManager.sol#L404 - Etherscan source code, signature verification check
- Derivation: Batch submission - OP Mainnet specs
- BatchInbox - address
- OptimismPortal.sol - source code, depositTransaction function
Mantle DAThe system has a centralized operator
The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system.
MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.
Users can force any transaction
Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly.
Regular exit
The user initiates the withdrawal by submitting a regular transaction on this chain. When the block containing that transaction is finalized the funds become available for withdrawal on L1. The process of block finalization takes a challenge period of 7d to complete. Finally the user submits an L1 transaction to claim the funds. This transaction requires a merkle proof.
Funds can be frozen if the centralized validator goes down. Users cannot produce blocks themselves and exiting the system requires new block production (CRITICAL).
Forced exit
If the user experiences censorship from the operator with regular exit they can submit their withdrawal requests directly on L1. The system is then obliged to service this request or halt all withdrawals, including forced withdrawals from L1 and regular withdrawals initiated on L2. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular exit.
EVM compatible smart contracts are supported
OP stack chains are pursuing the EVM Equivalence model. No changes to smart contracts are required regardless of the language they are written in, i.e. anything deployed on L1 can be deployed on L2.
The system uses the following set of permissioned addresses:
Challenger is an actor allowed to challenge or delete state roots proposed by a Proposer.
Guardian is an actor allowed to pause deposits and withdrawals.
Proposer is an actor allowed to post new state roots of the current layer to the host chain.
- A Gnosis Safe with 3 / 7 threshold.
- A Challenger.
- A Guardian.
- A Gnosis Safe with 6 / 13 threshold.
- Can act on behalf of MantleTokenProxyAdmin, ProxyAdmin, ProxyAdmin, ProxyAdmin.
- Can change the configuration of SystemConfig - it can update the preconfer address, the batch submitter (Sequencer) address and the gas configuration of the system.
- Can change the configuration of Lib_AddressManager (acting via ProxyAdmin) - set and change address mappings.
- Can upgrade the implementation of BLSRegistry, InvestmentManager, L2OutputOracle, SystemConfig, DataLayrServiceManager, PubkeyCompendium, MantleSecondStrat, RegistryPermission, OptimismPortal, DataLayrChallenge, MantleFirstStrat, DataLayrChallengeUtils, Delegation (acting via ProxyAdmin).
- Can upgrade the implementation of L1MantleToken (acting via MantleTokenProxyAdmin).
- Can upgrade the implementation of EigenDataLayerChain.
- Can upgrade the implementation of L1StandardBridge (acting via ProxyAdmin) - upgrading the bridge implementation can give access to all funds escrowed therein.
- A Gnosis Safe with 2 / 2 threshold.
- Member of MantleSecurityMultisig.
A Sequencer.
A Proposer.
The system consists of the following smart contracts on the host chain (Ethereum):
Can be used to upgrade implementation of L1MantleToken.
This contract stores the number of Mantle DA operators and their public keys. It also store the quorum threshold and the minimum stake required to be part of the quorum.
Upgrade delay: No delay
Contract managing different investment strategies, forked from EigenLayer StrategyManager.
Upgrade delay: No delay
Can be used to upgrade implementation of InvestmentManager, MantleSecondStrat, RegistryPermission, MantleFirstStrat, Delegation.
Contains a list of proposed state roots which Proposers assert to be a result of block execution. Currently only the PROPOSER address can submit new state roots.
Upgrade delay: No delay
Can be used to upgrade implementation of BLSRegistry, DataLayrServiceManager, PubkeyCompendium, DataLayrChallenge, DataLayrChallengeUtils.
Upgrade delay: No delay
This contract is the main entry point for data availability. It is responsible for storing transaction data headers and confirming the data store by verifying operators signatures.
Upgrade delay: No delay
Sends messages from host chain to this chain, and relays messages back onto host chain. In the event that a message sent from host chain to this chain is rejected for exceeding this chain’s epoch gas limit, it can be resubmitted via this contract’s replay function.
Legacy contract used to manage a mapping of string names to addresses. Modern OP stack uses a different standard proxy system instead, but this contract is still necessary for backwards compatibility with several older contracts.
Upgrade delay: No delay
The main entry point to deposit ERC20 tokens from host chain to this chain. This contract can store any token.
Upgrade delay: No delay
Basic do-nothing investment strategy.
Upgrade delay: No delay
Upgrade delay: No delay
The main entry point to deposit funds from host chain to this chain. It also allows to prove and finalize withdrawals. This contract stores the following tokens: ETH, MNT.
Upgrade delay: No delay
Upgrade delay: No delay
- Can be used to configure Lib_AddressManager - set and change address mappings.
- Can be used to upgrade implementation of L2OutputOracle, SystemConfig, OptimismPortal.
- Can be used to upgrade implementation of L1StandardBridge - upgrading the bridge implementation can give access to all funds escrowed therein.
Basic do-nothing investment strategy.
Upgrade delay: No delay
Upgrade delay: No delay
Upgrade delay: No delay
Value Secured is calculated based on these smart contracts and tokens:
Main entry point for users depositing ERC20 token that do not require custom gateway.
Upgrade delay: No delay
Main entry point for users depositing ETH, MNT.
Upgrade delay: No delay
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
