Improving Superchain Incident Response Capabilities

OP Labs is introducing a proposed protocol upgrade to bolster the ability to respond to security incidents in a coordinated manner across all OP Chains. This upgrade stems from insights gathered through comprehensive incident response drills and valuable input from industry experts, and will enhance the resilience of the Superchain once live.

An exciting aspect of this upgrade is the introduction of a new [SuperchainConfig] contract. This contract is currently minimalistic, but it can grow over time as new capabilities are added to the Superchain.

Notably, these enhanced features have been active on OP Sepolia since December 11, 2023, without any issues.

Why is this important?

Securing a network as complex as the Superchain, with its many interconnected chains, poses unique challenges. This protocol upgrade is a direct response to these challenges. A critical aspect to consider is the shared implementation across all OP Chains where a single code bug could potentially affect every chain within the network.

The current incident response mechanism, which includes an onchain pause feature for ETH withdrawals, addresses possibly the most critical security concerns in the Optimism Protocol. The proposed upgrade takes this a step further. By introducing a Superchain-wide pause mechanism, we can enhance protection across multiple fronts, including the L1CrossDomainMessenger and withdrawals for ERC-20 and ERC-721 tokens, which are additional security critical code paths that protect user assets.

This upgrade is not just about strengthening individual chains; it's about leveraging the collective security intelligence of the entire Superchain.

Scope of upgrade

This is a security focused upgrade that pertains exclusively to the L1 smart contracts. It should not impact node or execution client software. Node operators should not be required to upgrade their nodes or take any action in response to this upgrade. Users similarly should not be impacted.

Building upon the existing network pause feature on OP Mainnet, the Improved Superchain Incident Response introduces a unified SuperchainConfig contract for the whole network, containing a “paused” variable. This will enable a more robust pause functionality which provides stronger security guarantees for protecting all ETH, ERC-20, and ERC-721 tokens stored in the standard bridges.

The Optimism Foundation multisig will have the authority to pause and unpause these withdrawals on any OP Chains that opt in. Pausing will be “all-or-nothing” — it will apply to all withdrawal transactions on any OP Chains that elect, in advance, to pause withdrawals in the event that OP Mainnet does. Since all OP Chains will run the same code, the ability to pause in unison is critical. A newly discovered vulnerabilities on one chain is likely to be duplicated on other chains. It is important to add that the Foundation will not have the ability to pause specific withdrawal transactions or tokens. Here’s a link to the results of a security audit of this proposed protocol upgrade by Trust Security.

We encourage you to review the full upgrade proposal, along with the audit and impact assessment, available in the Governance Proposal. Here’s a brief overview of the key technical changes:

1. Introduction of a new SuperchainConfig contract to enhance the existing pause mechanism, thereby offering stronger asset protection in the bridge. For more details, see the SuperchainConfig Specification.
2. Updates to the OptimismPortal and L1CrossDomainMessenger to address an issue where certain values would reset to defaults post-upgrade. Details of this can be found in the related PR. We are working on reflecting this change in our specifications.
3. The L1 OptimismMintableERC20TokenFactory is undergoing updates for:
   • Allowing token deployment with a custom decimal count (PR details to be added).
   • Ensuring distinct addresses for tokens with different properties across various OP Chains, using CREATE2 (PR details to be added).

Working together to secure the Superchain

Collaboration is key in integrating these improved incident response capabilities. We encourage OP Chain governors to start by writing a state diff-based multisig playbook and requesting a review from OP Labs. Beyond this, we strongly urge all OP Chains to engage with us actively to explore ways to leverage this new feature for enhancing the incident readiness of their individual chains.

We encourage open discussion from anyone in the Collective about this protocol upgrade in the governance forum. Your input will help keep the Superchain safe!