Optimism logoOptimism

TVL: $1.40 B

-1.71% / 7 days






Fraud proof system is currently under development. Users need to trust block Proposer to submit correct L1 state roots.

Optimistic Ethereum is an EVM-compatible Optimistic Rollup chain. It aims to be fast, simple, and secure. With the Nov 2021 upgrade to "EVM equivalent" OVM 2.0 old fraud proof system has been disabled while the new fraud-proof system is being built (https://github.com/geohot/cannon).

If you find something wrong on this page you can submit an issue or edit the information.

Risk summary


Fraud proofs are in development

Ultimately, Optimism will use interactive fraud proofs to enforce state correctness. This feature is currently in development and the system permits invalid state roots.

  • Funds can be stolen if an invalid state root is submitted to the system (CRITICAL).
  1. Introducing EVM Equivalence

All transaction data is recorded on chain

All executed transactions are submitted to an on chain smart contract. The execution of the rollup is based entirely on the submitted transactions, so anyone monitoring the contract can know the correct state of the rollup chain.

    1. Data Availability Batches - Paradigm Research


    The system has a centralized sequencer

    While proposing blocks is open to anyone the system employs a privileged sequencer that has priority for submitting transaction batches and ordering transactions.

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.
    1. How will the sequencer be decentralized over time? - Optimism documentation

    Users can force any transaction

    Because the state of the system is based on transactions submitted on-chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract directly.

      1. Chain Contracts - Optimism documentation


      Regular exit

      The user initiates the withdrawal by submitting a transaction on L2. When the block containing that transaction is finalized the funds become available for withdrawal on L1. The process of block finalization usually takes several days to complete. Finally the user submits an L1 transaction to claim the funds. This transaction requires a merkle proof.

      • Funds can be frozen if the centralized validator goes down. Users cannot produce blocks themselves and exiting the system requires new block production (CRITICAL).
      1. Withdrawing back to L1 - Optimism Help Center
      2. mockOVM_BondManager.sol#L71 - Etherscan source code

      Other considerations

      EVM compatible smart contracts are supported

      Optimism is pursuing the EVM Equivalence model. No changes to smart contracts are required regardless of the language they are written in, i.e. anything deployed on L1 can be deployed on Optimism.

        1. Introducing EVM Equivalence

        Permissioned Addresses

        The system uses the following set of permissioned addresses:

        Smart Contracts

        A diagram of the smart contract architecture
        A diagram of the smart contract architecture

        The system consists of the following smart contracts:

        • CanonicalTransactionChain 0x5E4e…9dD2
          The Canonical Transaction Chain (CTC) contract is an append-only log of transactions which must be applied to the OVM state. It defines the ordering of transactions by writing them to the CTC:batches instance of the Chain Storage Container. CTC batches can only be submitted by OVM_Sequencer. The CTC also allows any account to enqueue() an L2 transaction, which the Sequencer must eventually append to the rollup state.
        • StateCommitmentChain 0xBe5d…EB19
          The State Commitment Chain (SCC) contract contains a list of proposed state roots which Proposers assert to be a result of each transaction in the Canonical Transaction Chain (CTC). Elements here have a 1:1 correspondence with transactions in the CTC, and should be the unique state root calculated off-chain by applying the canonical transactions one by one. Currenlty olny OVM_Proposer can submit new state roots.
        • ChainStorageContainer-CTC-batches 0xD164…c024
        • ChainStorageContainer-SCC-batches 0xb0dd…8EbE
        • BondManager 0xcd62…c8d1
          The Bond Manager contract will handle deposits in the form of an ERC20 token from bonded Proposers. It will also handle the accounting of gas costs spent by a Verifier during the course of a challenge. In the event of a successful challenge, the faulty Proposer's bond will be slashed, and the Verifier's gas costs will be refunded. Current mock implementation allows only OVM_Proposer to propose new state roots. No slashing is implemented.
        • The L1 Cross Domain Messenger (L1xDM) contract sends messages from L1 to L2, and relays messages from L2 onto L1. In the event that a message sent from L1 to L2 is rejected for exceeding the L2 epoch gas limit, it can be resubmitted via this contract's replay function.
        • Lib_AddressManager 0xdE1F…d81F
          This is a library that stores the mappings between names such as OVM_Sequencer, OVM_Proposer and other contracts and their addresses.
        • Main entry point for users depositing ERC20 tokens and ETH that do not require custom gateway. This contract can store any token
        • SynthetixBridgeToOptimism 0xCd9D…5068
          Custom SNX Gateway, main entry point for users depositing SNX to L2 where "canonical" L2 SNX token managed by Synthetix will be minted. Managed by Synthetix. This contract stores the following tokens: SNX.
        • SynthetixBridgeEscrow 0x5Fd7…eF9f
          SNX Vault for custom SNX Gateway managed by Synthetix. This contract stores the following tokens: SNX.
        • L1DaiGateway 0x10E6…5f2F
          Custom DAI Gateway, main entry point for users depositing DAI to L2 where "canonical" L2 DAI token managed by MakerDAO will be minted. Managed by MakerDAO.
        • L1Escrow 0x4671…6C65
          DAI Vault for custom DAI Gateway managed by MakerDAO. This contract stores the following tokens: DAI.

        The current deployment carries some associated risks:

        • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).