OP Mainnet
Badges
About
OP Mainnet is an EVM-equivalent Optimistic Rollup. It aims to be fast, simple, and secure.
$6.45 B
6.75%
- Upgrades unrelated to on-chain provable bugs provide less than 30d to exit.
- The Security Council's actions are not confined to on-chain provable bugs.
Badges
About
OP Mainnet is an EVM-equivalent Optimistic Rollup. It aims to be fast, simple, and secure.
...
Choose token
Optimism (OP)
USD Coin (USDC)
VelodromeV2 (VELO)
LayerZero (ZRO)
Extra Finance (EXTRA)
Kwenta (KWENTA)
Frax Ether (frxETH)
Staked Frax Ether (sfrxETH)
Pika (PIKA)
Tarot (TAROT)
Frax (FRAX)
Protocol Token (KITE)
Staked FRAX (sFRAX)
exactly (EXA)
Frax Share (FXS)
Renzo Restaked ETH (ezETH)
StargateToken (STG)
Optimism tBTC v2 (tBTC)
KelpDao Restaked ETH (rsETH)
Staked USDe (sUSDe)
USDe (USDe)
Ether (ETH)
Tether USD (USDT)
Worldcoin (WLD)
Phemex Token (PT)
Synthetix Network Token (SNX)USD Coin (USDC.e)
Wrapped liquid staked Ether 2.0 (wstETH)
Wrapped BTC (WBTC)
Dai Stablecoin (DAI)
Perpetual (PERP)
Rocket Pool ETH (rETH)
HanChain (HAN)
Thales DAO Token (THALES)
ChainLink Token (LINK)
Dola USD Stablecoin (DOLA)...
...
OP Mainnet becomes Stage 1
2024 Jun 10th
OP Mainnet introduces fraud proofs and updates permissions.
OP Stack Introduced
2022 Oct 17th
OP Stack, modular, open-sourced blueprint on how to build scalable blockchains.
Mainnet for everyone
2021 Dec 16th
Whitelist got removed, there are no restrictions on who can transact with the network.
OVM 2.0 is live
2021 Nov 12th
Network upgrade to OVM 2.0 and removal of fraud-proof system.
Mainnet Soft Launch
2021 Jan 16th
Only selected contracts like Synthetix and Uniswap are available.
Funds can be stolen if
MEV can be extracted if
State validation
Fraud proofs (INT)Fraud proofs allow actors watching the chain to prove that the state is incorrect. Interactive proofs (INT) require multiple transactions over time to resolve.
Exit window
NoneThere is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.
Sequencer failure
Self sequenceOP Mainnet is a - The project calls itself a rollup.
- L2 state roots are posted to Ethereum L1.
- Inputs for the state transition function are posted to L1.
- A source-available node exists that can recreate the state from L1 data. Please note that the L2BEAT team has not verified the validity of the node source code. View code
- A complete and functional proof system is deployed.
- There are at least 5 external actors who can submit fraud proofs.
- Users are able to exit without the help of the permissioned operators.
- In case of an unwanted upgrade by actors more centralized than a Security Council, users have at least 7d to exit.
- The Security Council is properly set up.
- Fraud proof submission is open to everyone.
- Upgrades unrelated to on-chain provable bugs provide less than 30d to exit.
- The Security Council’s actions are not confined to on-chain provable bugs.
Fraud proofs ensure state correctness
After some period of time, the published state root is assumed to be correct. For a certain time period, one of the whitelisted actors can submit a fraud proof that shows that the state was incorrect.
Funds can be stolen if no validator checks the published state. Fraud proofs assume at least one honest and able validator.
All data required for proofs is published on chain
All the data that is used to construct the system state is published on chain in the form of cheap blobs or calldata. This ensures that it will be available for enough time.
Data batches are compressed using the zlib algorithm with best compression level.
The system has a centralized sequencer
While forcing transaction is open to anyone the system employs a privileged sequencer that has priority for submitting transaction batches and ordering transactions.
MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.
Users can force any transaction
Because the state of the system is based on transactions submitted on-chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract directly.
Regular exits
The user initiates the withdrawal by submitting a regular transaction on this chain. When a state root containing such transaction is settled, the funds become available for withdrawal on L1 after 3d 12h. Withdrawal inclusion can be proven before state root settlement, but a 7d period has to pass before it becomes actionable. The process of state root settlement takes a challenge period of at least 3d 12h to complete. Finally the user submits an L1 transaction to claim the funds. This transaction requires a merkle proof.
Forced exit
If the user experiences censorship from the operator with regular exit they can submit their withdrawal requests directly on L1. The system is then obliged to service this request or halt all withdrawals, including forced withdrawals from L1 and regular withdrawals initiated on L2. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular exit.
EVM compatible smart contracts are supported
OP stack chains are pursuing the EVM Equivalence model. No changes to smart contracts are required regardless of the language they are written in, i.e. anything deployed on L1 can be deployed on L2.
All contracts are upgradable by the SuperchainProxyAdmin which is controlled by a 2/2 multisig composed by the Optimism Foundation and a Security Council. The Guardian role is assigned to the Security Council multisig, with a Safe Module that allows the Foundation to act through it to stop withdrawals in the whole Superchain or blacklist dispute games in case of emergencies. The Security Council can remove the module if the Foundation becomes malicious. The single Sequencer actor can be modified by the FoundationMultisig_2 via the SystemConfig contract. The SuperchainProxyAdminOwner can recover dispute bonds in case of bugs that would distribute them incorrectly.
At the moment, for regular upgrades, the DAO signals its intent by voting on upgrade proposals, but has no direct control over the upgrade process.
The system uses the following set of permissioned addresses:
Central actor allowed to submit transaction batches to L1.
Admin of OptimismPortal, L1StandardBridge, L1ERC721Bridge, OptimismMintableERC20Factory, SuperchainConfig, DelayedWETH, DisputeGameFactory, AnchorStateRegistry and SystemConfig contracts.
Used in:
Owner of the SuperchainProxyAdmin. It can upgrade the bridge implementation potentially gaining access to all funds, and change any system component. It also controls the L2ProxyAdmin, meaning it can upgrade L2 system components. This is a Gnosis Safe with 2 / 2 threshold.
Used in:
Those are the participants of the SuperchainProxyAdminOwner.
Address allowed to pause withdrawals or blacklist dispute games in case of an emergency. It is controlled by the Security Council multisig, but a module allows the Foundation to act through it. The Security Council can disable the module if the Foundation acts maliciously. This is a Gnosis Safe with 1 / 1 threshold. It uses the following modules: DeputyGuardianModule.
Used in:
Those are the participants of the GuardianMultisig.
Member of the SuperchainProxyAdminOwner. This is a Gnosis Safe with 5 / 7 threshold.
Used in:
Those are the participants of the FoundationMultisig_1.
Member of the SuperchainProxyAdminOwner. It implements a LivenessModule used to remove inactive (98d) members while making sure that the threshold remains above 75%. If the number of members falls below 8, the Foundation takes ownership of the Security Council. This is a Gnosis Safe with 10 / 13 threshold. It uses the following modules: LivenessModule.
Used in:
Those are the participants of the SecurityCouncilMultisig.
This address is the owner of the following contracts: SystemConfig. This is a Gnosis Safe with 5 / 7 threshold.
Used in:
Those are the participants of the FoundationMultisig_2.
The system consists of the following permissions on OP Mainnet:
Admin of L2CrossDomainMessenger, GasPriceOracle, L2StandardBridge, SequencerFeeVault, OptimismMintableERC20Factory, L1BlockNumber, L2ERC721Bridge, L1Block, L1ToL2MessagePasser, OptimismMintableERC721Factory, BaseFeeVault, L1FeeVault, SchemaRegistry and EAS contracts.
Owner of the MintManager. It can change the OP token owner to a different MintManager and therefore change the inflation policy. This is a Gnosis Safe with 3 / 5 threshold.
Those are the participants of the MintManagerOwner.
The system consists of the following smart contracts on the host chain (Ethereum):
The L1CrossDomainMessenger (L1xDM) contract sends messages from L1 to L2, and relays messages from L2 onto L1. In the event that a message sent from L1 to L2 is rejected for exceeding the L2 epoch gas limit, it can be resubmitted via this contract’s replay function.
Upgrade delay: No delay
Implementation used in:
Upgrade delay: No delay
Implementation used in:
The dispute game factory allows the creation of dispute games, used to propose state roots and eventually challenge them.
Upgrade delay: No delay
Logic of the dispute game. When a state root is proposed, a dispute game contract is deployed. Challengers can use such contracts to challenge the proposed state root.
The MIPS contract is used to execute the final step of the dispute game which objectively determines the winner of the dispute.
Contains the latest confirmed state root that can be used as a starting point in a dispute game.
Upgrade delay: No delay
The PreimageOracle contract is used to load the required data from L1 for a dispute game.
Contract designed to hold the bonded ETH for each dispute game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds. It is owned by the SuperchainProxyAdminOwner multisig.
Upgrade delay: No delay
The SuperchainConfig contract is used to manage global configuration values for multiple OP Chains within a single Superchain network. The SuperchainConfig contract manages the PAUSED_SLOT, a boolean value indicating whether the Superchain is paused, and GUARDIAN_SLOT, the address of the guardian which can pause and unpause the system.
Upgrade delay: No delay
Proxy used in:
The system consists of the following smart contracts on OP Mainnet:
The OP token contract. It is owned by the MintManager and can inflate the token supply by 2% annually.
Controls the OP inflation rate, which is currently hardcoded to 2% annually. It is controlled by the MintManagerOwner multisig, which can also change the OP token owner and therefore the inflation rate.
The L2CrossDomainMessenger (L2xDM) contract sends messages from L2 to L1, and relays messages from L1 onto L2 with a system tx. In the event that a message sent from L2 to L1 is rejected for exceeding the L1 gas limit, it can be resubmitted via this contract’s replay function.
Upgrade delay: No delay
Upgrade delay: No delay
Contract used internally by the L2CrossDomainMessenger to send messages to L1, including withdrawals. It can also be used directly as a low-level interface.
Upgrade delay: No delay
Contract collecting base fees, which are withdrawable to the FeesCollector on L1.
Upgrade delay: No delay
Upgrade delay: No delay
Upgrade delay: No delay
Contracts to register schemas for the Ethereum Attestation Service (EAS).
Upgrade delay: No delay
Contract containing the main logic for the Ethereum Attestation Service (EAS).
Upgrade delay: No delay
Value Locked is calculated based on these smart contracts and tokens:
Implementation used in:
DAI Vault for custom DAI Gateway managed by MakerDAO.
SNX Vault for custom SNX Gateway managed by Synthetix.
wstETH Vault for custom wstETH Gateway. Fully controlled by Lido governance.
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. Both regular and emergency upgrades must be approved by both the Security Council and the Foundation. There is no delay on regular upgrades.
