OP Mainnet Security Model
OP Mainnet is a work in progress. Constant, iterative improvement of the security mechanisms that safeguard OP Mainnet users is a top priority. At the moment, it's important to understand that the security of OP Mainnet is dependent on a multisig wallet (opens in a new tab) managed by several anonymous individuals. This multisig wallet can be used to upgrade core OP Mainnet smart contracts without upgrade delays. For more information, see Optimism's Security Council (opens in a new tab).
Please also read this Community Notice (opens in a new tab) containing important information about OP Mainnet, its security model, and the Optimism Foundation.
Please also keep in mind that just like any other system, the Optimism codebase may contain unknown bugs that could lead to the loss of some or all of the ETH or tokens held within the system. The 2222 smart contract codebase has been audited regularly (opens in a new tab), but audits are not a stamp of approval and a completed audit does not mean that the audited codebase is free of bugs. It's important to understand that using OP Mainnet inherently exposes you to the risk of bugs within the Optimism codebase, and that you use OP Mainnet at your own risk.
As part of the OVM 2.0 upgrade, the Optimism fault proof mechanism had to be temporarily disabled. This means that users of the OP Mainnet network currently need to trust the Sequencer node (run by Optimism Foundation) to publish valid state roots to Ethereum. You can also read more about our security model.
We're making progress on the upgrade fault proof mechanism and we expect to productionize our work in 2023. You can keep up with developments in the Cannon repository (opens in a new tab).
Currently, the Optimism Foundation runs the sole sequencer on OP Mainnet. This does not mean that Optimism can censor user transactions. However, it is still desirable to decentralize the sequencer over time, eliminating Optimism's role entirely so that anyone can participate in the network as a block producer.
The first step to decentralizing the sequencer is to still have one sequencer at a time, but rotate that sequencer with some frequency. The precise mechanic for sequencer rotation is not yet finalized, but will involve two components:
- an economic mechanism which creates a competitive market for sequencing, and redirects excess sequencer profits towards protocol development (opens in a new tab).
- a governance mechanism which prevents sequencers from prioritizing short-term profits over the long-term health of the network.
After this, the next step is to support multiple concurrent sequencers. This can be simply achieved by adopting a standard BFT consensus protocol, as used by other L1 protocols and sidechains like Polygon and Cosmos.
No, OP Mainnet does not currently have fault proofs. Fault proofs do not meaningfully improve the security of a system if that system can be upgraded within the 7 day challenge window ("fast upgrade keys"). A system with fast upgrade keys, such as OP Mainnet, is fully dependent on the upgrade keys for security. OP Mainnet's goal is to be the first system that deploys fault proofs that can secure the system by themselves, without fast upgrade keys.
The multisig is managed by an anonymous set of individuals. Members are anonymous in order to make the multisig more difficult to compromise.
Check out Optimism's detailed Pragmatic Path to Decentralization (opens in a new tab) post for a detailed view into how the multisig may be removed in a way that makes OP Mainnet the first chain with true fault proof security.
OP Mainnet has one of the biggest bug bounties (ever). You can earn up to $2,000,042 by finding critical bugs in the Optimism codebase. You can also run your own verifier node to detect network faults.
For details about reporting vulnerabilities and available bug bounty programs, see the Security Policy.