Unpacking progress in baseline decentralization

This post details the latest baseline decentralization upgrades - including permissionless output proposals, bridge improvements, and permissioned roles updates - helping advance the OP Stack towards a more decentralized future.

Unpacking progress in baseline decentralization
Progress in baseline decentralization

Engineers at OP Labs and core developers across the Optimism Collective are continuing on a secure and pragmatic path to tech decentralization. During the Keys in Mordor summit, the team identified several protocol upgrades to help advance the OP Stack along the decentralization spectrum. These upgrades are coined as 'baseline decentralization' and the teams have worked towards them over the past year. Significant progress has been made, and we're eager to share the updates that bring us closer to a more decentralized future.

Baseline decentralization at a glance

Baseline decentralization is a project that primarily consists of two key components. The first one is the implementation of permissionless output proposals, allowing users to withdraw without relying on the sequencer or any other centralized infrastructure. The second one involves changes to the bridge, specifically protocol upgrades that decentralize custody of the bridge upgrade keys and enable permissionless output proposals.

Permissionless output proposals

Permissionless output proposals (PoPs) allow users to withdraw assets from L2 to L1 without relying on the sequencer or any other centralized infrastructure, permissionlessly. However, the Security Council will still have override capabilities in order to handle bugs, including the ability to revert to permissioned output proposals in the worst case scenario.

Prior to PoPs, output proposals were provided by the L2OutputOracle contract, which was restricted to authorized entities and could only be published by a dedicated address. With PoPs, anyone can create an output proposals by interacting with the DisputeGameFactory contract. To propose an output means to create and participate in a dispute game. An output proposal makes a claim about the state of L2. Once finalized, this claim can then be used to facilitate withdrawals. With PoPs, there can be multiple output proposals, each corresponding to distinct dispute games, made by anyone. The dispute game determines the validity of output proposals. To discourage invalid output proposals, an output must be bonded such that the proposer is only refunded if the proposal is deemed valid. Anyone can challenge the validity of an output proposal by participating in its associated dispute game, with the proposal bond as the reward if successful.

PoPs will be forwards-compatible with future dispute protocols, including potentially ones based on zero-knowledge proofs. The DisputeGameFactory can work with multiple types of games, only requiring that the game exposes a simple interface (IDisputeGame) to communicate the game status, metadata and outcome. The current implementation (FaultDisputeGame) uses an interactive fault proof mechanism, but in the future a ZK-based implementation could be used.

Bridge improvements

The existing architecture of the bridge included two-step withdrawals, message replayability, 1:1 mapping between domains, single storage proof, similar code paths on L1 and L2, and compatibility with ETH, ERC20, and ERC721 tokens.

The OptimismPortal bridge contract is upgraded to utilize dispute games. Users will still need to confirm the inclusion of withdrawals in an output root through the proveWithdrawalTransaction function. However, users will now need to prove their withdrawals against proposals stored in the DisputeGameFactory instead of the L2OutputOracle contract.

 function proveWithdrawalTransaction(
     Types.WithdrawalTransaction memory _tx,
-    uint256 _l2OutputIndex,
+    uint256 _disputeGameIndex,
     Types.OutputRootProof calldata _outputRootProof,
     bytes[] calldata _withdrawalProof

The process of finalizing withdrawals in the upgraded OptimismPortal is similar to the current bridging process. First, a withdrawal is proven to the OptimismPortal contract by showing that it is included within a proposal about the state of the L2 (and therefore also associating it with a dispute game). A withdrawal becomes finalized as long as it has waited for a certain amount of time and the associated dispute game resolves in favor of the output proposal.

The following diagram summarizes the withdraw finalization delay.

From a user perspective, the changes enable them to submit a claim to L1 that they can withdraw, and a modular proving system can dispute or validate that claim. A claim is valid if there is no dispute through the fault proof window, or, potentially in the future, instant validation when the OP Stack has validity proofs. The process of submitting a claim requires a bond, meaning the proposals are staked. Users can retrieve this bond after the finalization period, provided the claim is determined to be valid. In other words, the claim has not been challenged or has been provably attested.

Security Council overrides

The introduced changes bring certain improvements to the bridge. However, it's not completely decentralized as there exist certain privileged actions that the Security Council is able to perform.

The Security Council can act when there's a critical issue in the dispute system, such as an invalid game result. Namely, the ability to blacklist dispute games, and revert output proposals to require a permissioned dispute game, where only a permissioned set of actors will have the ability to participate in dispute games.

As part of decentralizing the Security Council, a new Deputy Guardian role was introduced for rapid response to incidents by the Foundation. However, the Guardian, held by the Security Council, can remove this role if needed, so the ultimate authority now lies with the more decentralized Security Council.

Continuing the journey to technical decentralization

Bridge improvements and permissionless output proposals are already live on the OP Sepolia testnet and are pending governance approval to be shipped to OP Mainnet, along with an upgrade of Fault Proofs. The changes introduced in this baseline decentralization stream reflect our strategic approach and ongoing efforts towards achieving our long-term tech decentralization roadmap.

Stay tuned for more updates on our journey towards a more decentralized future!