Search

Search for projects by name or address

Badges

About

X Layer is an OP Stack Layer 2 by OKX with seamless integration with OKX products. It is connected to the Agglayer shared bridge.


  • Total Value SecuredTVS
    $115.74 M2.84%
  • Past day UOPSDaily UOPS
    6.1813.5%
  • Gas token
    OKB
  • Type
    Other

  • Purpose
    Universal
  • Chain ID
    196

  • Tokens breakdown

    Sequencer failureState validationData availabilityExit windowProposer failure

    Badges

    About

    X Layer is an OP Stack Layer 2 by OKX with seamless integration with OKX products. It is connected to the Agglayer shared bridge.

    Why is the project listed in others?

    There are less than 5 external actors that can submit challenges

    Consequence: projects without a sufficiently decentralized set of challengers rely on few entities to safely update the state. A small set of challengers can collude with the proposer to finalize an invalid state, which can cause loss of funds.

    Learn more about the recategorisation here.


    Total
    Canonically BridgedCanonically Bridged ValueCanonical
    Natively MintedNatively Minted TokensNative
    Externally BridgedExternally Bridged ValueExternal

    ETH & derivatives
    Stablecoins
    BTC & derivatives
    Other

    2025 Jul 05 — 2026 Jul 05

    Past Day UOPS
    6.1813.5%
    Past Day Ops count
    534.51 K
    Max. UOPS
    24.89
    2026 Jun 18
    Past day UOPS/TPS Ratio
    1.03

    The section shows the operating costs that L2s pay to Ethereum.


    2025 Oct 27 — 2026 Jul 05


    Total cost
    $18.99 K
    Avg cost per L2 UOP
    $0.000323
    Avg cost per day
    $75.68

    This section shows how much data the project publishes to its data-availability (DA) layer over time. The project currently posts data to; previously it posted toEthereumEthereum.


    2025 Oct 27 — 2026 Jul 05


    Data posted
    14.18 GiB
    Avg size per day
    57.86 MiB
    Avg size per L2 UOP
    258.98 B

    This section shows how "live" the project's operators are by displaying how frequently they submit transactions of the selected type. It also highlights anomalies - significant deviations from their typical schedule.

    No ongoing anomalies detected

    2026 Jun 05 — Jul 05

    Avg. tx data subs. interval
    3 minutes
    Avg. state updates interval
    29 minutes
    Past 30 days anomalies
    95% normal uptime

    Last 30 day anomalies

    All liveness anomalies detected for this project in the last 30 days, helping you review recent downtime and availability issues.

    No State updates were performed for 27h 52m (from 2026 Jul 02, 03:16 UTC until 2026 Jul 03, 07:08 UTC). These typically occur every 29min 11s on average.

    No Tx data submissions were performed for 27h 33m 36s (from 2026 Jul 02, 03:29 UTC until 2026 Jul 03, 07:03 UTC). These typically occur every 3min 55s on average.

    No Tx data submissions were performed for 1h 7m (from 2026 Jun 30, 13:52 UTC until 2026 Jun 30, 14:59 UTC). These typically occur every 3min 55s on average.

    No Tx data submissions were performed for 1h 38m 48s (from 2026 Jun 25, 07:23 UTC until 2026 Jun 25, 09:02 UTC). These typically occur every 3min 55s on average.

    No State updates were performed for 8h 2m (from 2026 Jun 05, 13:02 UTC until 2026 Jun 05, 21:04 UTC). These typically occur every 29min 11s on average.

    OP Succinct Lite dispute game activated

    2026 Jun 30th

    X Layer activates OP Succinct Lite to resolve challenged OP Stack state proposals with ZK proofs.

    Learn more

    Migration to Pessimistic Proofs

    2025 Aug 5th

    X Layer stops validating the full L2 state and moves to bridge accounting proofs.

    Learn more
    This project includes unverified contracts.
    (CRITICAL)
    This project includes unverified contracts.
    (CRITICAL)
    Sequencer failureState validationData availabilityExit windowProposer failure
    Sequencer failure
    Self sequence

    In the event of a sequencer failure, users can force transactions to be included in the project’s chain by sending them to L1. There can be up to a 12h delay on this operation.

    State validation
    Fraud proofs (1R, ZK)

    Fraud proofs allow actors watching the chain to prove that the state is incorrect. Single round proofs (1R) only require a single transaction to resolve. ZK proofs are used to prove the correctness of the state transition. Challenges are currently restricted to 1 whitelisted challenger and proposals are restricted to 1 whitelisted proposer.

    Data availability
    Onchain

    All of the data needed for proof construction is published on Ethereum L1.

    Exit window
    None

    There is no window for users to exit in case of an unwanted upgrade since contracts are instantly upgradable.

    Proposer failure
    Cannot withdraw

    Only whitelisted proposers can publish state roots. Permissionless proposing becomes available only after 1000y of proposer inactivity, which is not a practical recovery path.

    Data is posted on Ethereum

    Transaction data is posted to Ethereum L1 as compressed calldata or blobs through the OP Stack batch inbox.

    Learn more about the DA layer here: Ethereum logoEthereum
    Fraud proofs

    State roots are proposed by whitelisted proposers who create dispute games via the DisputeGameFactory by posting a bond of 0.00000001 ETH. Once created, the game enters a challenge period of 1h during which whitelisted challengers can dispute the proposal by posting a bond of 0.00000001 ETH. If challenged, anyone can submit a ZK proof to prove the correct state within the proving period of 7d. After the challenge period passes without a successful challenge, or after a valid proof is submitted, anyone can resolve the game and finalize the state root.

    • Funds can be stolen if the validity proof cryptography is broken or implemented incorrectly.

    • Funds can be stolen if no whitelisted challenger disputes an invalid state root before the challenge window expires.

    • Funds can be stolen if the SP1 verifier gateway owner routes proof verification through a malicious or faulty verifier.

    • Funds can be frozen if the permissioned proposer fails to publish state roots to L1.

    1. OP Succinct Lite architecture
    2. OPSuccinctFaultDisputeGame.sol - Etherscan source code
    3. SP1VerifierGateway.sol - Etherscan source code

    Trusted Setups

    Onchain verifier

    Used in

    Mantle logoCelo logoX Layer logoKatana logoMorph logo

    Projects used in

    Search for projects used in

    Onchain verifier

    Used in

    Base Chain logoX Layer logoApeChain logoFluent logoAppchain logo

    Onchain verifier

    Used in

    X Layer logoFluent logo

    Onchain verifier

    Used in

    Mantle logoCelo logoX Layer logoKatana logoMorph logo

    Projects used in

    Search for projects used in

    Onchain verifier

    Used in

    Base Chain logoX Layer logoApeChain logoFluent logoAppchain logo

    Onchain verifier

    Used in

    X Layer logoFluent logo

    Program Hashes

    Name
    Hash
    Repository
    Verification
    Used in
    0x00ef...cc30
    X Layer logoKatana logoLumia Prism logoHaust Network logoPolygon zkEVM logo

    Projects used in

    Search for projects used in

    0x0000...b639
    X Layer logoKatana logoLumia Prism logoHaust Network logoPolygon zkEVM logo

    Projects used in

    Search for projects used in

    0x00d1...578e
    X Layer logoKatana logoLumia Prism logoHaust Network logoPolygon zkEVM logo

    Projects used in

    Search for projects used in

    0x00d9...a085
    Code unknown
    None
    X Layer logo
    0x464b...46fc
    Code unknown
    None
    X Layer logo
    A diagram of the upgrades and governance
    A diagram of the upgrades and governance

    The regular upgrade process for shared system contracts and L2-specific validium contracts starts at the PolygonAdminMultisig. For the shared contracts, they schedule a transaction that targets the ProxyAdmin via the Timelock, wait for 3d and then execute the upgrade. An upgrade of the Layer 2 specific validium contract requires first adding a new rollupType through the Timelock and the AgglayerManager (defining the new implementation and verifier contracts). Now that the rollupType is created, either the local admin or the PolygonAdminMultisig can immediately upgrade the local system contracts to it. Chains using pessimistic proofs often have completely sovereign upgrade paths from the ones described here, but the shared contracts still remain relevant to them because they use them as escrow.

    The PolygonSecurityCouncil can expedite the upgrade process by declaring an emergency state. This state pauses both the shared bridge and the AgglayerManager and allows for instant upgrades through the timelock. Accordingly, instant upgrades for all system contracts are possible with the cooperation of the SecurityCouncil. The emergency state has been activated 1 time(s) since inception.

    Furthermore, the PolygonAdminMultisig is permissioned to manage the shared trusted aggregator (proposer and prover) for all participating Layer 2s, deactivate the emergency state, obsolete rollupTypes and manage operational parameters and fees in the AgglayerManager directly. The local admin of a specific Aggchain can manage their chain by choosing the trusted sequencer, manage forced batches and set the data availability config. For sovereign chains using pessimistic proofs they can manage any proof logic that might be used on top of the minimal pessimistic one. Creating new Layer 2s (of existing rollupType) is outsourced to the PolygonCreateRollupMultisig but can also be done by the PolygonAdminMultisig. Custom non-shared bridge escrows have their custom upgrade admins listed in the permissions section.

    Past upgrades

    The metrics include upgrades on the currently used proxy contracts. Historical proxy contracts and changes of such are not included.

    Count of upgrades
    20
    Last upgrade
    7mo 6d ago
    Avg upgrade interval
    6mo 14d
    2026 July 01, 13:10 UTC
    High severity
    24changes

    X Layer switched the respected OP Stack dispute game from the PermissionedDisputeGame to OP Succinct Lite (game type 42). The new setup uses an OPSuccinctFaultDisputeGame deployed on 2026-06-30, an AccessManager for proposer/challenger allowlists, and SP1 verifier gateways for zk proof verification during challenged games.

    contract AnchorStateRegistry (eth:0x000590BB65ab1864a7AD46d6B957cC9a4F2C149d) [opstack/AnchorStateRegistry_post13_opsuccinct] {
    +++ description: Contains the latest confirmed state root that can be used as a starting point in a dispute game. It specifies which game type can be used for withdrawals, which currently is the OPSuccinctFaultDisputeGame. Variant for chains using OPSuccinct (SP1) games instead of Cannon, which omits Cannon-specific cross-contract fields (vm, oracle, weth, challengePeriod, absolutePrestate from game).
    description:
    - "Contains the latest confirmed state root that can be used as a starting point in a dispute game. It specifies which game type can be used for withdrawals, which currently is the PermissionedDisputeGame. Variant for chains using OPSuccinct (SP1) games instead of Cannon, which omits Cannon-specific cross-contract fields (vm, oracle, weth, challengePeriod, absolutePrestate from game)."
    + "Contains the latest confirmed state root that can be used as a starting point in a dispute game. It specifies which game type can be used for withdrawals, which currently is the OPSuccinctFaultDisputeGame. Variant for chains using OPSuccinct (SP1) games instead of Cannon, which omits Cannon-specific cross-contract fields (vm, oracle, weth, challengePeriod, absolutePrestate from game)."
    values.RespectedGameString:
    - "PermissionedDisputeGame"
    + "OPSuccinctFaultDisputeGame"
    +++ severity: HIGH
    values.respectedGameType:
    - 1
    + 42
    }
    contract OptimismPortal2 (eth:0x64057ad1DdAc804d0D26A7275b193D9DACa19993) [opstack/OptimismPortal2] {
    +++ description: Central message and gas token (dOKB) bridge of the OP stack part of this deployment. It finalizes withdrawals against the currently respected OP Succinct Lite dispute game and allows forced transactions.
    values.RespectedGameString:
    - "PermissionedDisputeGame"
    + "OPSuccinctFaultDisputeGame"
    +++ severity: HIGH
    values.respectedGameType:
    - 1
    + 42
    }
    EOA (eth:0x6eE7BDa7AF04F61ccf93aB4b8DB2289aBe76C6aA) {
    +++ description: None
    receivedPermissions.1:
    + {"permission":"interact","from":"eth:0x98BA64d8c8Dd33bD75F2154214BFd849d0D5c17B","description":"Allowed to add or remove proposers and challengers, and transfer ownership of the AccessManager.","role":".owner"}
    }
    EOA (eth:0x736E68Af2CbF2aB0E46E4310fE5Ae568b3642FF6) {
    +++ description: None
    receivedPermissions.0:
    + {"permission":"interact","from":"eth:0x98BA64d8c8Dd33bD75F2154214BFd849d0D5c17B","description":"Allowed to challenge or delete state roots proposed by a Proposer.","role":".challengers"}
    }
    contract DisputeGameFactory (eth:0x9D4c8FAEadDdDeeE1Ed0c92dAbAD815c2484f675) [opstack/DisputeGameFactory] {
    +++ description: The dispute game factory allows the creation of dispute games, used to propose state roots and eventually challenge them.
    +++ severity: HIGH
    values.game42:
    - "eth:0x0000000000000000000000000000000000000000"
    + "eth:0x8841FA06099FEdfE7DB6962926C6A281e9E1e607"
    values.initBondGame42:
    - 0
    + 10000000000
    }
    EOA (eth:0xE43944421681170648E10007f73816e04F74394F) {
    +++ description: None
    receivedPermissions.0:
    + {"permission":"interact","from":"eth:0x98BA64d8c8Dd33bD75F2154214BFd849d0D5c17B","description":"Allowed to post new state roots of the current layer to the host chain.","role":".proposers"}
    }
    + Status: CREATED
    contract SP1VerifierGateway (eth:0x397A5f7f3dBd538f23DE225B51f532c34448dA9B) [succinct/SP1VerifierGateway]
    +++ description: This contract is the router for zk proof verification. It stores the mapping between identifiers and the address of onchain verifier contracts, routing each identifier to the corresponding verifier contract.
    + Status: CREATED
    contract SP1Verifier (eth:0x50ACFBEdecf4cbe350E1a86fC6f03a821772f1e5) [succinct/SP1Verifier]
    +++ description: Verifier contract for SP1 proofs (v5.0.0).
    + Status: CREATED
    contract OPSuccinctFaultDisputeGame (eth:0x8841FA06099FEdfE7DB6962926C6A281e9E1e607) [succinct/OPSuccinct/OPSuccinctFaultDisputeGame]
    +++ description: Logic of the dispute game. When a state root is proposed, a dispute game contract is deployed. Challengers can use such contracts to challenge the proposed state root.
    + Status: CREATED
    contract AccessManager (eth:0x98BA64d8c8Dd33bD75F2154214BFd849d0D5c17B) [succinct/OPSuccinct/AccessManager]
    +++ description: Contract managing access control for proposers and challengers in OPSuccinct.
    + Status: CREATED
    contract SP1Verifier (eth:0x99A74A05a0FaBEB217C1A329b0dac59a1FA52508) [succinct/SP1Verifier]
    +++ description: Verifier contract for SP1 proofs (v6.0.0).
    + Status: CREATED
    contract SP1Verifier (eth:0xb69f2584CBcFf99a58C4e7002E8b89Af54a6f4e2) [succinct/SP1Verifier]
    +++ description: Verifier contract for SP1 proofs (v6.1.0).
    + Status: CREATED
    contract SP1VerifierGatewayMultisig (eth:0xCafEf00d348Adbd57c37d1B77e0619C6244C6878) [GnosisSafe]
    +++ description: None
    2026 April 07, 11:33 UTC
    2changes

    Raised gas limit.

    contract SystemConfig (eth:0x5065809Af286321a05fBF85713B5D5De7C8f0433) {
    +++ description: Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.
    +++ description: Gas limit for blocks on L2.
    +++ severity: LOW
    values.gasLimit:
    - 50000000
    + 210000000
    }
    2026 March 16, 12:57 UTC
    4changes

    fee config changes.

    contract SystemConfig (eth:0x5065809Af286321a05fBF85713B5D5De7C8f0433) {
    +++ description: Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.
    +++ description: volatility param: lower denominator -> quicker fee changes on L2
    values.eip1559Denominator:
    - 100000000
    + 50
    values.minBaseFee:
    - 0
    + 20000000
    }
    2026 January 21, 12:34 UTC
    30changes

    move to new multisig owner.

    contract AnchorStateRegistry (eth:0x000590BB65ab1864a7AD46d6B957cC9a4F2C149d) {
    +++ description: Contains the latest confirmed state root that can be used as a starting point in a dispute game. It specifies which game type can be used for withdrawals, which currently is the PermissionedDisputeGame.
    values.proxyAdminOwner:
    - "eth:0xe58C365Da30c746204022e61482bBE828cAA9091"
    + "eth:0xC290bE56089BCC83c6993583ce2cF51a7951D45A"
    }
    contract DelayedWETH (eth:0x1B8A252A71bC8997d3871aF420895B5845212fC6) {
    +++ description: Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds.
    values.proxyAdminOwner:
    - "eth:0xe58C365Da30c746204022e61482bBE828cAA9091"
    + "eth:0xC290bE56089BCC83c6993583ce2cF51a7951D45A"
    }
    contract ProxyAdmin (eth:0x313ce9Cec2070B519f13BDaFe07eabb4f215FEE6) {
    +++ description: None
    values.owner:
    - "eth:0xe58C365Da30c746204022e61482bBE828cAA9091"
    + "eth:0xC290bE56089BCC83c6993583ce2cF51a7951D45A"
    }
    contract SystemConfig (eth:0x5065809Af286321a05fBF85713B5D5De7C8f0433) {
    +++ description: Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.
    values.proxyAdminOwner:
    - "eth:0xe58C365Da30c746204022e61482bBE828cAA9091"
    + "eth:0xC290bE56089BCC83c6993583ce2cF51a7951D45A"
    }
    contract OptimismPortal2 (eth:0x64057ad1DdAc804d0D26A7275b193D9DACa19993) {
    +++ description: Central message and gas token (dOKB) bridge of the OP stack part of this deployment. It allows for permissioned state proposals without public challenges, and forced transactions.
    values.proxyAdminOwner:
    - "eth:0xe58C365Da30c746204022e61482bBE828cAA9091"
    + "eth:0xC290bE56089BCC83c6993583ce2cF51a7951D45A"
    }
    contract L1ERC721Bridge_neutered (eth:0x85d37236f063C687d056b3604CBEe4B60d124858) {
    +++ description: Used to bridge ERC-721 tokens from host chain to this chain.
    values.proxyAdminOwner:
    - "eth:0xe58C365Da30c746204022e61482bBE828cAA9091"
    + "eth:0xC290bE56089BCC83c6993583ce2cF51a7951D45A"
    }
    contract DisputeGameFactory (eth:0x9D4c8FAEadDdDeeE1Ed0c92dAbAD815c2484f675) {
    +++ description: The dispute game factory allows the creation of dispute games, used to propose state roots and eventually challenge them.
    values.proxyAdminOwner:
    - "eth:0xe58C365Da30c746204022e61482bBE828cAA9091"
    + "eth:0xC290bE56089BCC83c6993583ce2cF51a7951D45A"
    }
    contract L1StandardBridge_neutered (eth:0xAecF995ABf9E7eDE7ae0CE65E60622C9eD84823a) {
    +++ description: This OP stack bridge contract has been modified to disallow ETH and ERC-20 bridging.
    values.proxyAdminOwner:
    - "eth:0xe58C365Da30c746204022e61482bBE828cAA9091"
    + "eth:0xC290bE56089BCC83c6993583ce2cF51a7951D45A"
    }
    contract OwnerContract (eth:0xe58C365Da30c746204022e61482bBE828cAA9091) {
    +++ description: None
    receivedPermissions.0:
    - {"permission":"interact","from":"eth:0xE88CfA9D4a4fae1413914baD9796A72D13d035b9","description":"set and change address mappings.","role":".owner","via":[{"address":"eth:0x313ce9Cec2070B519f13BDaFe07eabb4f215FEE6"}]}
    receivedPermissions.1:
    - {"permission":"upgrade","from":"eth:0x000590BB65ab1864a7AD46d6B957cC9a4F2C149d","role":"admin","via":[{"address":"eth:0x313ce9Cec2070B519f13BDaFe07eabb4f215FEE6"}]}
    receivedPermissions.2:
    - {"permission":"upgrade","from":"eth:0x1B8A252A71bC8997d3871aF420895B5845212fC6","role":"admin","via":[{"address":"eth:0x313ce9Cec2070B519f13BDaFe07eabb4f215FEE6"}]}
    receivedPermissions.3:
    - {"permission":"upgrade","from":"eth:0x5065809Af286321a05fBF85713B5D5De7C8f0433","role":"admin","via":[{"address":"eth:0x313ce9Cec2070B519f13BDaFe07eabb4f215FEE6"}]}
    receivedPermissions.4:
    - {"permission":"upgrade","from":"eth:0x62e1Aaeba9A8AA4654980653dB4B21FC82C61c15","role":"admin","via":[{"address":"eth:0x313ce9Cec2070B519f13BDaFe07eabb4f215FEE6"}]}
    receivedPermissions.5:
    - {"permission":"upgrade","from":"eth:0x64057ad1DdAc804d0D26A7275b193D9DACa19993","role":"admin","via":[{"address":"eth:0x313ce9Cec2070B519f13BDaFe07eabb4f215FEE6"}]}
    receivedPermissions.7:
    - {"permission":"upgrade","from":"eth:0x85d37236f063C687d056b3604CBEe4B60d124858","role":"admin","via":[{"address":"eth:0x313ce9Cec2070B519f13BDaFe07eabb4f215FEE6"}]}
    receivedPermissions.8:
    - {"permission":"upgrade","from":"eth:0x9D4c8FAEadDdDeeE1Ed0c92dAbAD815c2484f675","role":"admin","via":[{"address":"eth:0x313ce9Cec2070B519f13BDaFe07eabb4f215FEE6"}]}
    receivedPermissions.9:
    - {"permission":"upgrade","from":"eth:0xAecF995ABf9E7eDE7ae0CE65E60622C9eD84823a","description":"upgrading the bridge implementation can give access to all funds escrowed therein.","role":".$admin","via":[{"address":"eth:0x313ce9Cec2070B519f13BDaFe07eabb4f215FEE6"}]}
    receivedPermissions.10:
    - {"permission":"upgrade","from":"eth:0xF94B553F3602a03931e5D10CaB343C0968D793e3","role":"admin","via":[{"address":"eth:0x313ce9Cec2070B519f13BDaFe07eabb4f215FEE6"}]}
    directlyReceivedPermissions.0:
    - {"permission":"act","from":"eth:0x313ce9Cec2070B519f13BDaFe07eabb4f215FEE6","role":".owner"}
    }
    contract L1CrossDomainMessenger (eth:0xF94B553F3602a03931e5D10CaB343C0968D793e3) {
    +++ description: Sends messages from host chain to this chain, and relays messages back onto host chain. In the event that a message sent from host chain to this chain is rejected for exceeding this chain's epoch gas limit, it can be resubmitted via this contract's replay function.
    values.proxyAdminOwner:
    - "eth:0xe58C365Da30c746204022e61482bBE828cAA9091"
    + "eth:0xC290bE56089BCC83c6993583ce2cF51a7951D45A"
    }
    + Status: CREATED
    contract Xlayer Multisig (eth:0xC290bE56089BCC83c6993583ce2cF51a7951D45A)
    +++ description: None
    2025 December 29, 10:13 UTC
    2changes

    Rotated batcher address.

    contract SystemConfig (eth:0x5065809Af286321a05fBF85713B5D5De7C8f0433) {
    +++ description: Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.
    values.batcherHash:
    - "eth:0xdfd6C636Dcb5a013c2431316c4A0762B84e70a5d"
    + "eth:0x98245d0ADF4595C66F0a9Db8E13c44CBFF6be459"
    }

    Users can force any transaction

    Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly.

    Regular messaging

    The user initiates L2->L1 messages by submitting a regular transaction on this chain. When the block containing that transaction is settled, the message becomes available for processing on L1. ZK proofs are required to settle blocks.

    1. AgglayerBridge.sol - source code, claimAsset function

    Agglayer shared bridge and OP Stack state validation

    X Layer uses OP Stack dispute games for state validation and withdrawal finalization. Separately, the Agglayer shared bridge uses pessimistic proofs to constrain cross-chain bridge accounting for assets in the shared bridge.

    • Funds can be lost if the Agglayer pessimistic proof system for shared bridge accounting is implemented incorrectly.

    • Funds can be frozen if the OP Succinct Lite proof system or verifier gateway cannot accept valid proofs during a challenge.

    1. Pessimistic Proof - Polygon Knowledge Layer
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner

    Ethereum

    Actors:

    PolygonAdminMultisig0x242d…3e21

    A Multisig with 5/9 threshold.

    • Can upgrade with 3d delay
      • AgglayerGateway
      • AgglayerBridge
      • AgglayerManager
      • AgglayerGER
    • Can interact with AgglayerGateway
      • add new routes from proof selector to verifier / pessimisticVkey for pessimistic proofs with 3d delay
      • add or update default aggchain verification keys (aggchainVkey) for any given selectors
      • change the aggchainSigners and threshold (a multisig used for permissioned state transitions)
      • freeze routes from proof selector to verifier / pessimisticVkey for pessimistic proofs
    • Can interact with AgglayerBridge
      • upgrade the implementation of wrapped tokens deployed by the bridge with 3d delay
    • Can interact with AgglayerManager
      • deploy new projects that use predefined rollup types (implementations) and connect them or other Agglayer chains to the PolygonRollupManager
      • manage all access control roles, add new rollup types (which are implementation contracts that can then be upgraded to by connected projects), update any connected projects to new rollup types, migrate to pessimistic proofs and rollback batches, connect existing rollups to the PolygonRollupManager with 3d delay
      • manage parameters like fees for all connected projects, set the trusted aggregator, stop the emergency state, update projects and obsolete rollup types
    • Can interact with Timelock
      • propose, cancel and execute transactions in the timelock, manage all access control roles and change the minimum delay with 6d delay or with 3d delay
    Used in:
    Xlayer Multisig0xC290…D45A

    A Multisig with 2/3 threshold.

    • Can upgrade with no delay
      • AnchorStateRegistry
      • DelayedWETH
      • SystemConfig
      • OptimismMintableERC20Factory
      • OptimismPortal2
      • L1ERC721Bridge_neutered
      • DisputeGameFactory
      • L1StandardBridge_neutered
      • L1CrossDomainMessenger
    • Can interact with AddressManager
      • set and change address mappings
    PolygonSecurityCouncil0x37c5…Dcb6

    A Multisig with 6/8 threshold.

    • Can interact with AgglayerManager
      • activate the emergency state in the PolygonRollupManager and in the shared bridge immediately, effectively pausing all projects connected to them and making system contracts instantly upgradable
    Used in:
    PolygonCreateRollupMultisig0xC74e…79dB

    A Multisig with 3/5 threshold.

    • Can interact with AgglayerManager
      • deploy new projects that use predefined rollup types (implementations) and connect them or other Agglayer chains to the PolygonRollupManager
    Used in:
    SP1VerifierGatewayMultisig0xCafE…6878

    A Multisig with 2/3 threshold.

    • Can interact with SP1VerifierGateway
      • affect the liveness and safety of the gateway - can transfer ownership, add and freeze verifier routes
    Used in:
    OwnerContract0xe58C…9091
    • Can upgrade with no delay
      • SuperchainConfig
    • Can interact with AggchainECDSAMultisig
      • sole address that can force batches
    • Can interact with AggchainECDSAMultisig
      • sign state transitions (replaces state validation for this aggchain)

    Member of Xlayer Multisig.

    • Can interact with SystemConfig
      • it can update the preconfer address, the batch submitter (Sequencer) address and the gas configuration of the system
    • Can interact with AccessManager
      • Allowed to add or remove proposers and challengers, and transfer ownership of the AccessManager
    • Can interact with SystemConfig
      • Allowed to commit transactions from the current layer to the host chain
    • Can interact with AggchainECDSAMultisig
    • Can interact with AgglayerManager
      • Permissioned to post new state roots and global exit roots accompanied by ZK proofs
    • Can interact with AccessManager
    • Can interact with PermissionedDisputeGame
    • Can interact with AccessManager
      • Allowed to post new state roots of the current layer to the host chain
    • Can interact with PermissionedDisputeGame
      • Allowed to post new state roots of the current layer to the host chain
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    Ethereum

    System contract defining the X Layer Aggchain logic. It only enforces bridge accounting (pessimistic) proofs to protect the shared bridge while the Aggchain state transitions are not proven. They must instead be signed by 1 aggchainSigner(s).

    • Roles:
      • admin: EOA 5
      • aggchainSigners: EOA 2
      • forceBatchAddress: EOA 1
    Implementation used in:

    Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.

    • Roles:
      • admin: ProxyAdmin; ultimately Xlayer Multisig
      • batcherHash: EOA 4
      • owner: EOA 3

    Central message and gas token (dOKB) bridge of the OP stack part of this deployment. It finalizes withdrawals against the currently respected OP Succinct Lite dispute game and allows forced transactions.

    • Roles:
      • admin: ProxyAdmin; ultimately Xlayer Multisig

    The dispute game factory allows the creation of dispute games, used to propose state roots and eventually challenge them.

    • Roles:
      • admin: ProxyAdmin; ultimately Xlayer Multisig
    Implementation used in:

    A verifier gateway for pessimistic proofs. Manages a map of chains and their verifier keys and is used to route proofs based on the first 4 bytes of proofBytes data in a proof submission. The SP1 verifier is used for all proofs.

    • Roles:
      • addPpRoute: Timelock; ultimately PolygonAdminMultisig
      • admin: SharedProxyAdmin; ultimately PolygonAdminMultisig
      • aggchainDefaultVKey: PolygonAdminMultisig
      • alMultisig: PolygonAdminMultisig
      • freezePpRoute: PolygonAdminMultisig
    Proxy used in:

    The shared bridge contract, escrowing user funds sent to Agglayer chains. It is usually mirrored on each chain and can be used to transfer both ERC20 assets and arbitrary messages.

    • Roles:
      • admin: SharedProxyAdmin; ultimately PolygonAdminMultisig
      • proxiedTokensManager: Timelock; ultimately PolygonAdminMultisig

    All supported tokens in this escrow are included in the value secured calculation.

    Proxy used in:

    The central shared managing contract for Polygon Agglayer chains. This contract coordinates chain deployments and proof validation. All connected Layer 2s can be globally paused by activating the ‘Emergency State’. This can be done by the PolygonSecurityCouncil or by anyone after 1 week of inactive verifiers.

    • Roles:
      • admin: SharedProxyAdmin; ultimately PolygonAdminMultisig
      • createRollup: PolygonAdminMultisig, PolygonCreateRollupMultisig
      • defaultAdmin: Timelock; ultimately PolygonAdminMultisig
      • emergencyCouncilAdmin: PolygonSecurityCouncil
      • trustedAggregator: EOA 6, EOA 7
      • tweakParameters: PolygonAdminMultisig
    Proxy used in:

    A merkle tree storage contract aggregating state roots of each participating Layer 2, thus creating a single global merkle root representing the global state of the Agglayer, the ‘global exit root’. The global exit root is synchronized to all connected Layer 2s to help with their interoperability.

    • Roles:
      • admin: SharedProxyAdmin; ultimately PolygonAdminMultisig
    Proxy used in:

    A timelock with access control. In the case of an activated emergency state in the AgglayerManager, all transactions through this timelock are immediately executable. The current minimum delay is 3d.

    • Roles:
      • timelockAdmin: PolygonAdminMultisig (no delay if in emergency state), Timelock (no delay if in emergency state); ultimately PolygonAdminMultisig (no delay if in emergency state)
    Implementation used in:

    Sends messages from host chain to this chain, and relays messages back onto host chain. In the event that a message sent from host chain to this chain is rejected for exceeding this chain’s epoch gas limit, it can be resubmitted via this contract’s replay function.

    • Roles:
      • admin: ProxyAdmin; ultimately Xlayer Multisig
    Implementation used in:

    Contains the latest confirmed state root that can be used as a starting point in a dispute game. It specifies which game type can be used for withdrawals, which currently is the OPSuccinctFaultDisputeGame. Variant for chains using OPSuccinct (SP1) games instead of Cannon, which omits Cannon-specific cross-contract fields (vm, oracle, weth, challengePeriod, absolutePrestate from game).

    • Roles:
      • admin: ProxyAdmin; ultimately Xlayer Multisig
    Implementation used in:

    Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds.

    • Roles:
      • admin: ProxyAdmin; ultimately Xlayer Multisig
    Implementation used in:
    PreimageOracle0x1fb8…aDD3

    The PreimageOracle contract is used to load the required data from L1 for a dispute game.

    Implementation used in:

    The MIPS contract is used to execute the final step of the dispute game which objectively determines the winner of the dispute.

    ProxyAdmin0x313c…FEE6
    • Roles:
      • owner: Xlayer Multisig
    SP1VerifierGateway0x397A…dA9B

    This contract is the router for zk proof verification. It stores the mapping between identifiers and the address of onchain verifier contracts, routing each identifier to the corresponding verifier contract.

    • Roles:
      • owner: SP1VerifierGatewayMultisig
    Implementation used in:
    SP1Verifier0x50AC…f1e5

    Verifier contract for SP1 proofs (v5.0.0).

    Implementation used in:

    A helper contract that generates OptimismMintableERC20 contracts on the network it’s deployed to. OptimismMintableERC20 is a standard extension of the base ERC20 token contract designed to allow the L1StandardBridge contracts to mint and burn tokens. This makes it possible to use an OptimismMintableERC20 as this chain’s representation of a token on the host chain, or vice-versa.

    • Roles:
      • admin: ProxyAdmin; ultimately Xlayer Multisig
    Implementation used in:

    Used to bridge ERC-721 tokens from host chain to this chain.

    • Roles:
      • admin: ProxyAdmin; ultimately Xlayer Multisig
    OPSuccinctFaultDisputeGame0x8841…e607

    Logic of the dispute game. When a state root is proposed, a dispute game contract is deployed. Challengers can use such contracts to challenge the proposed state root.

    AccessManager0x98BA…c17B

    Contract managing access control for proposers and challengers in OPSuccinct.

    • Roles:
      • challengers: EOA 8
      • owner: EOA 3
      • proposers: EOA 9
    SP1Verifier0x99A7…2508

    Verifier contract for SP1 proofs (v6.0.0).

    Implementation used in:

    This OP stack bridge contract has been modified to disallow ETH and ERC-20 bridging.

    • Roles:
      • admin: ProxyAdmin; ultimately Xlayer Multisig
    SP1Verifier0xb69f…f4e2

    Verifier contract for SP1 proofs (v6.1.0).

    Implementation used in:
    ProxyAdmin0xC690…0552
    • Roles:
      • owner: OwnerContract
    PermissionedDisputeGame0xEeDa…08e8

    Same as FaultDisputeGame, but only two permissioned addresses are designated as proposer and challenger.

    • Roles:
    SP1Verifier0x0459…C459

    Verifier contract for SP1 proofs (v5.0.0).

    Implementation used in:
    SharedProxyAdmin0x0F99…CC4A
    • Roles:
      • owner: Timelock
    Implementation used in:
    BridgeLib0x3622…8aB3

    Extension contract of the AgglayerBridge for asset metadata…

    Implementation used in:
    SP1Verifier0xc3c6…AF2A
    Implementation used in:

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

    • Funds can be stolen if the source code of unverified contracts contains malicious code (CRITICAL).

    Program Hashes

    Name
    Hash
    Repository
    Verification
    Used in
    0x00ef...cc30
    X Layer logoKatana logoLumia Prism logoHaust Network logoPolygon zkEVM logo

    Projects used in

    Search for projects used in

    0x0000...b639
    X Layer logoKatana logoLumia Prism logoHaust Network logoPolygon zkEVM logo

    Projects used in

    Search for projects used in

    0x00d1...578e
    X Layer logoKatana logoLumia Prism logoHaust Network logoPolygon zkEVM logo

    Projects used in

    Search for projects used in

    0x00d9...a085
    Code unknown
    None
    X Layer logo
    0x464b...46fc
    Code unknown
    None
    X Layer logo