Initial findings from the fault proof program Sherlock audit

Our Sherlock audit contest has entered the escalation period and fault proofs are officially one step closer to OP Mainnet! In the meantime, we wanted to share some information about the initial contest results and next steps on our path to Stage 1.

Audit status update

On March 27, we began a Sherlock audit contest for the proposed OP Stack fault proof system. This contest focused primarily on (1) the key safety mechanisms that allow the Optimism Security Council to recover from errors in the fault proof system, and (2) the points where the fault proof is being integrated into existing contracts.

We’re happy to report that no critical vulnerabilities that would be able to bypass the safety mechanisms were reported during the audit. We plan to publish a complete audit recap once the escalation period has ended and final issue severity/validity determinations are made by Sherlock.

A special thank you

We also want to give a special thank you to the team at Offchain Labs for reporting two issues in the [FaultDisputeGame] contract prior to the start of the Sherlock audit contest. Both issues concerned an error where the FaultDisputeGame contract did not correctly implement the specification for the "chess clock" logic used during game resolution.

Let’s take a brief look at the underlying bug:

Our fault proof system pits two “teams” against one another — the defending team (which agrees with the original claim) and the attacking team (which disagrees with the original claim). Each team is given a “chess clock” of sorts that keeps track of the amount of time that the team has to participate in the game. The bug reported by Offchain Labs demonstrated that an error in the chess clock logic meant that a claim could be resolved when one team ran out of time even if the other team still had time left on their clock. This meant that the opposing team wouldn’t be given a chance to respond even though they still should’ve had plenty of time to do so.

The impact of this bug is that a team could incorrectly “win” the FaultDisputeGame contract and prove that an invalid claim was valid or that a valid claim was invalid. Although this bug would have been detected and caught by the safety nets in place for the current fault proof system, it would have forced the Optimism Security Council to temporarily pause withdrawals while the bug was being fixed, likely creating headaches for users of the OP Stack.

These issues were fixed as part of PR #10148 in the Optimism monorepo. Offchain Labs additionally reported a duplicate of an existing public report that can be found here on GitHub and was fixed in PR #10248. We greatly appreciate that Offchain Labs was willing to take a look at our proof system.

Next Steps

Fixes for all issues reported during the Sherlock audit have been merged into the develop branch of the Optimism monorepo and have been deployed to the OP Sepolia testnet as of today.

We plan to follow this post with a complete recap of the issues reported during the audit after the escalation period comes to a close. Stay tuned as we get closer to making a governance proposal for the inclusion of these changes on OP Mainnet!