The Fault Proof System is available for the OP Stack

OP Labs is helping the Optimism Collective advance towards technical decentralization as detailed in our long-term decentralization strategy. We've recently updated on our progress on baseline decentralization and are excited to announce another major milestone – governance-approved, permissionless fault proofs are live on OP Mainnet. This advancement helps bring the OP Stack to Stage 1 decentralization and takes a substantial step towards reaching Stage 2. 

The Fault Proof System for securing withdrawals 

The feature-complete Fault Proof System enhances the security of bridged ETH and ERC-20 tokens with features paving the way for full decentralization.

Improved trust model 

The permissionless Fault Proof System enables users to withdraw ETH and ERC-20 tokens from L2 to L1 without the need to involve any trusted third party like the sequencer or any other centralized infrastructure. 

This means withdrawals no longer depend on the privileged proposer role posting an output root. Instead, anyone can now publish an output proposal via the fault dispute system. An output proposal makes a claim about the state of L2. Once finalized, this claim can then be used to facilitate withdrawals without any privileged actions, assuming the Security Council override.

Anyone can contribute to security

Invalid proposals can be challenged and removed by any user that wants to participate in the protocol. 

Dispute games provide a mechanism that determines the validity of output proposals. Anyone can challenge the validity of an output proposal by participating in its associated dispute game. Each action requires a bond in ETH to be placed and dishonest bonds are paid out to cover the honest bonders’ gas costs.

Security Council as a safety net

As outlined in Vitalik Buterin's vision, of a rollup decentralization path, there can exist temporary training wheels, a safety mechanism which can override the Fault Proof System in case of emergency. This led to the launch of the permissionless Fault Proof System, with Optimism Collective's Security Council acting as a fallback. With a signing threshold of 75% it can intervene during failures in the Fault Proof System or manual upgrades.

The system reduces the trust assumption and paves the way for full decentralization. The OP Labs team’s roadmap aims for Stage 2 decentralization for the OP Stack, removing training wheels when the technology is proven secure.

Modular design for multi-proof nirvana 

The modular nature of the Fault Proof System enables the integration of additional proving mechanisms, building a solid basis for a future multi-proof system. Thanks to a smart contract framework included in this upgrade, additional proof systems can be added easily. 

Working in unison, these proofs will provide an enhanced layer of security when in production. This will further reduce trust assumptions in later upgrades as the OP Stack moves towards achieving Stage 2 decentralization.

Forward to Stage 2: Shipping alternate fault proofs

The ultimate goal of the OP Stack's Fault Proof System is a multi-proof nirvana that will eliminate the dependency of L2s on training wheels. As more proof systems are established to support each other, the OP Stack can fully trust its proofs, with the Security Council needed only in case of disagreement among proofs.

With the first Fault Proof System in production, we anticipate more alternate versions of fault proofs shortly. Given the open-source nature of the OP Stack, several other proving mechanisms are concurrently being developed by teams such as State Channels, RISCZero, O(1) Labs, AltLayer, Sunnyside Labs, and individuals like Andreas Bigger, Ben Clabby, Proto Lambda (at OP Labs), and Chainsafe engineers Willem Olding and Eric Tu.

Responsible rollout 

The design philosophy of the OP Stack has always prioritized fundamental safety mechanisms. Each component undergoes rigorous security checks before being added to the OP Stack. This is why we’ve been rolling out fault proofs incrementally, including a lot of internal deployments, the public Fault Proof Alpha release, and upgrading OP Sepolia. Additionally, OP Labs ran a Sherlock bug hunt contest focused on the safety nets and overrides — the components of the Fault Proof System for which safety is of existential importance.

To maintain the safety of the current Fault Proof System, we have included a number of explicit fallback mechanisms that the Security Council can easily activate in the event of component failure — particularly, the ability for the Security Council to pause withdrawals or fall back to a permissioned dispute game. A new Deputy Guardian role was introduced for rapid response to incidents by the Foundation. However, the Guardian, held by the Security Council, can remove this role if needed, so the ultimate authority now lies with the more decentralized Security Council. This ensures that security response protocols can be executed with minimal effort and maximal impact, as quickly as possible, while ultimate control over the Guardian function lives with the Security Council.

The Fault Proof System is complex, and establishing confidence in the code's correctness will take time. Launching with limited training wheels in production is a necessary step for ensuring code quality before removing safeguards. As part of our proactive approach to this challenge, we've updated our bug bounty program, recognizing the value of collective effort in identifying and reporting potential issues. 

Breaking changes to withdrawal flow 

Since significant changes are being made to withdrawals in order to implement permissionless fault proofs on OP Mainnet, some breaking changes impacting bridges, CEXs, and custom withdrawal solutions are introduced with the upgrade. Visit the Optimism Developer Docs to learn about these changes, how to handle them, and how to get additional support.

Now that the permissionless Fault Proof System is live on OP Mainnet, the next step is to bring fault proofs to Superchain mainnets. Base, Metal, Mode, Zora, and other OP Stack chains will also eventually upgrade to include this functionality. Stay tuned for more updates!