L’Optimism Foundation temporarily suspends permissionless fraud proofs on its network following the discovery of critical vulnerabilities during community audits, reverting to a permission-based model until an update planned for September 10th.
The audits revealed serious flaws in the fraud proof system, although they were not exploited, prompting Optimism to activate fallback mechanisms to protect the network’s security.
A major update called Granite, including a hard fork, is planned to enhance network security and address the identified issues, although this update has not yet been independently audited.
The Optimism Foundation recently made the decision to disable permissionless fraud proofs on its network, just two months after their implementation.
This decision follows community audits that highlighted several vulnerabilities, prompting the foundation to temporarily revert to a permission-based operational model while awaiting a critical network update scheduled for September 10th.
The implementation and retraction of permissionless fraud proofs
The deployment of permissionless fraud proofs (or fault proofs) on the Optimism network represented a significant advancement for the decentralization of this Ethereum layer 2. This mechanism allowed any user to challenge potentially fraudulent transactions, marking a step towards what Vitalik Buterin, co-founder of Ethereum, describes as “level 1 decentralization” or the activation of “limited liability.” This means that even though the network is decentralized, a restricted set of trusted parties can still intervene in case of issues.
However, despite the initial enthusiasm, community audits conducted after the implementation of permissionless fraud proofs revealed critical bugs that could potentially compromise the network’s security. In response to these findings, the Optimism Foundation chose to return to a permission-based fraud proof model, where only certain trusted entities can intervene to challenge transactions.
The identified vulnerabilities and Optimism’s response
The vulnerabilities identified during the audits varied in severity, with two issues considered highly critical according to Optimism’s bug severity scale. Although these flaws were not exploited, the foundation chose to activate fallback mechanisms to mitigate any potential network destabilization risks.
Mofi Taiwo, a protocol engineer at OP Labs, explained in a proposal submitted to the Optimism governance forum that the fallback mechanisms were activated as a precaution. These mechanisms had already been audited, but some critical contracts in the fraud proof system were not included in the scope of the audits. Taiwo emphasized that although the discovered problems were serious, Optimism’s monitoring tools would have detected them before causing harm to users.
Granite: a critical update with a hard fork
To address these issues and strengthen network security, OP Labs proposed a major update called Granite, which includes a hard fork on Optimism’s layer 2. Scheduled for September 10th, this update is expected to bring several improvements, including modifications to the fraud proof system and adjustments to network smart contracts.
However, it is important to note that this update, although crucial, has not yet been independently audited. OP Labs has nonetheless conducted a security review of the changes and deemed them low-risk.