OP Mainnet logoOP Mainnet

This project is under review.
OP Mainnet has reverted to permissioned proposals as part of a bug fix procedure. The network is expected to return to permissionless fault proofs on the week of September 9th.

Badges

About

OP Mainnet is an EVM-equivalent Optimistic Rollup. It aims to be fast, simple, and secure.


Value Locked

$5.82 B

5.43%

Canonically Bridged
$3.54 B
Externally Bridged
$13.58 M
Natively Minted
$2.26 B

  • Tokens
  • Daily TPS
    7.224.52%
  • 30D tx count
    16.83 M

  • Stage
    In review
  • Type
    Optimistic Rollup
  • Purpose
    Universal
  • Sequencer failureState validationData availabilityExit windowProposer failure

    Badges

    About

    OP Mainnet is an EVM-equivalent Optimistic Rollup. It aims to be fast, simple, and secure.


    Value Locked
    Activity
    Onchain costs
    Milestones & Incidents

    Fallback to permissioned proposals

    2024 Aug 16th

    OP Mainnet preventively disables the fraud proof system due to a bug.

    Learn more

    OP Mainnet becomes Stage 1

    2024 Jun 10th

    OP Mainnet introduces fraud proofs and updates permissions.

    Learn more
    Risk summary
    Risk analysis
    Project Under Review

    Projects under review might present incomplete information & data.
    L2BEAT Team is working to research & validate content before publishing.

    Rollup stage
    Project Under Review

    Projects under review might present incomplete information & data.
    L2BEAT Team is working to research & validate content before publishing.

    OP MainnetOP Mainnet is currently
    In review
    for stage assignment.
    Technology
    Project Under Review

    Projects under review might present incomplete information & data.
    L2BEAT Team is working to research & validate content before publishing.

    State derivation
    Project Under Review

    Projects under review might present incomplete information & data.
    L2BEAT Team is working to research & validate content before publishing.

    Operator
    Project Under Review

    Projects under review might present incomplete information & data.
    L2BEAT Team is working to research & validate content before publishing.

    Withdrawals
    Project Under Review

    Projects under review might present incomplete information & data.
    L2BEAT Team is working to research & validate content before publishing.

    Other considerations
    Project Under Review

    Projects under review might present incomplete information & data.
    L2BEAT Team is working to research & validate content before publishing.

    Upgrades & Governance
    Project Under Review

    Projects under review might present incomplete information & data.
    L2BEAT Team is working to research & validate content before publishing.

    A diagram of the upgrades and governance
    A diagram of the upgrades and governance

    All contracts are upgradable by the SuperchainProxyAdmin which is controlled by a 2/2 multisig composed by the Optimism Foundation and a Security Council. The Guardian role is assigned to the Security Council multisig, with a Safe Module that allows the Foundation to act through it to stop withdrawals in the whole Superchain or blacklist dispute games in case of emergencies. The Security Council can remove the module if the Foundation becomes malicious. The single Sequencer actor can be modified by the FoundationMultisig_2 via the SystemConfig contract. The SuperchainProxyAdminOwner can recover dispute bonds in case of bugs that would distribute them incorrectly.

    At the moment, for regular upgrades, the DAO signals its intent by voting on upgrade proposals, but has no direct control over the upgrade process.

    Permissions
    Project Under Review

    Projects under review might present incomplete information & data.
    L2BEAT Team is working to research & validate content before publishing.

    The system uses the following set of permissioned addresses:

    Sequencer 0x6887…2985

    Central actor allowed to submit transaction batches to L1.

    SuperchainProxyAdmin 0x543b…fB04

    Admin of OptimismPortal, L1StandardBridge, L1ERC721Bridge, OptimismMintableERC20Factory, SuperchainConfig, DelayedWETH, DisputeGameFactory, AnchorStateRegistry and SystemConfig contracts.

    Used in:

    SuperchainProxyAdminOwner 0x5a0A…3d2A

    This is a Gnosis Safe with 2 / 2 threshold. Owner of the SuperchainProxyAdmin. It can upgrade the bridge implementation potentially gaining access to all funds, and change any system component. It also controls the L2ProxyAdmin, meaning it can upgrade L2 system components.

    Used in:

    SuperchainProxyAdminOwner participants (2) FoundationMultisig_1SecurityCouncilMultisig

    Those are the participants of the SuperchainProxyAdminOwner.

    GuardianMultisig 0x09f7…dAf2

    This is a Gnosis Safe with 1 / 1 threshold. It uses the following modules: DeputyGuardianModule (allows the FoundationMultisig_2, called the deputy guardian, to act on behalf of the Gnosis Safe). Address allowed to pause withdrawals or blacklist dispute games in case of an emergency. It is controlled by the Security Council multisig, but a module allows the Foundation to act through it. The Security Council can disable the module if the Foundation acts maliciously.

    Used in:

    GuardianMultisig participants (1) SecurityCouncilMultisig

    Those are the participants of the GuardianMultisig.

    FoundationMultisig_1 0x847B…9D92

    This is a Gnosis Safe with 5 / 7 threshold. Member of the SuperchainProxyAdminOwner.

    Used in:

    Those are the participants of the FoundationMultisig_1.

    SecurityCouncilMultisig 0xc281…Bd03

    This is a Gnosis Safe with 10 / 13 threshold. It uses the following modules: LivenessModule (used to remove members inactive for 8467200 while making sure that the threshold remains above 75%. If the number of members falls below 8, the FoundationMultisig_1 takes ownership of the multisig). Member of the SuperchainProxyAdminOwner. It implements a LivenessModule used to remove inactive (98d) members while making sure that the threshold remains above 75%. If the number of members falls below 8, the Foundation takes ownership of the Security Council.

    Used in:

    FoundationMultisig_2 0x9BA6…6b3A

    This is a Gnosis Safe with 5 / 7 threshold. This address is the owner of the following contracts: SystemConfig.

    Used in:

    Those are the participants of the FoundationMultisig_2.

    FeesCollector 0xa3d5…ADEa

    Address collecting sequencer, base and L1 fees from L2.

    The system consists of the following permissions on OP Mainnet:

    L2ProxyAdmin 0x4200…0018

    Admin of L2CrossDomainMessenger, GasPriceOracle, L2StandardBridge, SequencerFeeVault, OptimismMintableERC20Factory, L1BlockNumber, L2ERC721Bridge, L1Block, L1ToL2MessagePasser, OptimismMintableERC721Factory, BaseFeeVault, L1FeeVault, SchemaRegistry and EAS contracts.

    L2ProxyAdminOwner 0x6B1B…4E3b

    Owner of the L2ProxyAdmin. It can update the L2 bridge implementation potentially gaining access to all funds, and change any L2 system component. Assigned as the (aliased) L1 ProxyAdminOwner, meaning that upgrades has to be done through the L1 -> L2 bridge.

    MintManagerOwner 0x2A82…3a26

    This is a Gnosis Safe with 3 / 5 threshold. Owner of the MintManager. It can change the OP token owner to a different MintManager and therefore change the inflation policy.

    Those are the participants of the MintManagerOwner.

    Smart contracts
    Project Under Review

    Projects under review might present incomplete information & data.
    L2BEAT Team is working to research & validate content before publishing.

    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    The system consists of the following smart contracts on the host chain (Ethereum):

    The OptimismPortal contract is the main entry point to deposit funds from L1 to L2. It also allows to prove and finalize withdrawals. It specifies which game type can be used for withdrawals. The current game type is PermissionedDisputeGame. This contract stores the following tokens: ETH.

    Can be upgraded by:

    Upgrade delay: No delay

    Proxy used in:

    The L1CrossDomainMessenger (L1xDM) contract sends messages from L1 to L2, and relays messages from L2 onto L1. In the event that a message sent from L1 to L2 is rejected for exceeding the L2 epoch gas limit, it can be resubmitted via this contract’s replay function.

    Can be upgraded by:

    Upgrade delay: No delay

    Proxy used in:

    The L1StandardBridge contract is the main entry point to deposit ERC20 tokens from L1 to L2. This contract can store any token. This contract can store any token.

    Can be upgraded by:

    Upgrade delay: No delay

    Proxy used in:

    The L1ERC721Bridge contract is used to bridge ERC-721 tokens from L1 to L2.

    Can be upgraded by:

    Upgrade delay: No delay

    Proxy used in:

    It contains configuration parameters such as the Sequencer address, the L2 gas limit and the unsafe block signer address.

    Can be upgraded by:

    Upgrade delay: No delay

    Proxy used in:

    The dispute game factory allows the creation of dispute games, used to propose state roots and eventually challenge them.

    Can be upgraded by:

    Upgrade delay: No delay

    Proxy used in:

    FaultDisputeGame 0xf691…33BA

    Logic of the dispute game. When a state root is proposed, a dispute game contract is deployed. Challengers can use such contracts to challenge the proposed state root.

    PermissionedDisputeGame 0xc307…b62f

    Same as FaultDisputeGame, but only two permissioned addresses are designated as proposer and challenger.

    The MIPS contract is used to execute the final step of the dispute game which objectively determines the winner of the dispute.

    Contains the latest confirmed state root that can be used as a starting point in a dispute game.

    Can be upgraded by:

    Upgrade delay: No delay

    Proxy used in:

    PreimageOracle 0xD326…8b34

    The PreimageOracle contract is used to load the required data from L1 for a dispute game.

    Contract designed to hold the bonded ETH for each dispute game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds. It is owned by the SuperchainProxyAdminOwner multisig.

    Can be upgraded by:

    Upgrade delay: No delay

    Proxy used in:

    The SuperchainConfig contract is used to manage global configuration values for multiple OP Chains within a single Superchain network. The SuperchainConfig contract manages the PAUSED_SLOT, a boolean value indicating whether the Superchain is paused, and GUARDIAN_SLOT, the address of the guardian which can pause and unpause the system.

    Can be upgraded by:

    Upgrade delay: No delay

    Proxy used in:

    The system consists of the following smart contracts on OP Mainnet:

    The OP token contract. It is owned by the MintManager and can inflate the token supply by 2% annually.

    MintManager 0x5C4e…1005

    Controls the OP inflation rate, which is currently hardcoded to 2% annually. It is controlled by the MintManagerOwner multisig, which can also change the OP token owner and therefore the inflation rate.

    The L2CrossDomainMessenger (L2xDM) contract sends messages from L2 to L1, and relays messages from L1 onto L2 with a system tx. In the event that a message sent from L2 to L1 is rejected for exceeding the L1 gas limit, it can be resubmitted via this contract’s replay function.

    Can be upgraded by:

    Upgrade delay: No delay

    Contracts that provide L1 and L2 gas price information, which is derived permissionlessly from the L1 chain.

    Can be upgraded by:

    Upgrade delay: No delay

    The L2StandardBridge contract is the main entry point to deposit or withdraw ERC20 tokens from L2 to L1. This contract can store any token.

    Can be upgraded by:

    Upgrade delay: No delay

    Factory contract to create bridge compliant ERC20 IOU token representations of bridged L1 ERC20 tokens.

    Can be upgraded by:

    Upgrade delay: No delay

    OptimismMintableERC721Factory 0x4200…0017Implementation (Upgradable)Admin

    Factory contract to create bridge compliant ERC721 IOU token representations of bridged L1 ERC721 tokens.

    Can be upgraded by:

    Upgrade delay: No delay

    Simple contract that returns the latest L1 block number.

    Can be upgraded by:

    Upgrade delay: No delay

    The L2ERC721Bridge contract is the main entry point to deposit or withdraw ERC721 tokens from L2 to L1. This contract can store any token.

    Can be upgraded by:

    Upgrade delay: No delay

    Simple contract that returns information about the latest L1 block, which is derived permissionlessly from the L1 chain.

    Can be upgraded by:

    Upgrade delay: No delay

    Contract used internally by the L2CrossDomainMessenger to send messages to L1, including withdrawals. It can also be used directly as a low-level interface.

    Can be upgraded by:

    Upgrade delay: No delay

    Contract collecting base fees, which are withdrawable to the FeesCollector on L1.

    Can be upgraded by:

    Upgrade delay: No delay

    Contract collecting L1 fees, which are withdrawable to the FeesCollector on L1.

    Can be upgraded by:

    Upgrade delay: No delay

    Contract collecting sequencer fees, which are withdrawable to the FeesCollector on L1.

    Can be upgraded by:

    Upgrade delay: No delay

    Contracts to register schemas for the Ethereum Attestation Service (EAS).

    Can be upgraded by:

    Upgrade delay: No delay

    Contract containing the main logic for the Ethereum Attestation Service (EAS).

    Can be upgraded by:

    Upgrade delay: No delay

    Value Locked is calculated based on these smart contracts and tokens:

    Proxy used in:

    Proxy used in:

    Escrow for DAI 0x4671…6C65

    DAI Vault for custom DAI Gateway managed by MakerDAO.

    Escrow for SNX 0x5Fd7…eF9f

    SNX Vault for custom SNX Gateway managed by Synthetix.

    wstETH Vault for custom wstETH Gateway. Fully controlled by Lido governance.

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. Both regular and emergency upgrades must be approved by both the Security Council and the Foundation. There is no delay on regular upgrades.

    Knowledge nuggets