How do you view the security issues of Optimism fraud proofs?
Original author: Haotian
Recently, @Optimism was questioned by the overseas community due to security audit issues with the Fault Proof System. After major security issues were discovered in the original permissionless fraud proof mechanism, the OP Foundation actually proposed a hard fork to fix the problem and convert it to a licensed proof? What exactly happened?
1) Simply put: Fault Proof System is a mechanism for verifying the correctness of Layer 2 network status. Anyone can submit L2 status to the dispute virtual machine on L1 without permission and accept challenges from others. If the challenge is successful, the reward and punishment mechanism will be triggered.
This is the fraud proof mechanism that must exist to ensure the security of the OP-Rollup mechanism. The launch of the Fault Proof System in June made up for the markets long-standing criticism of the OP Stacks lack of an effective challenge mechanism.
2) However, a recent community-driven audit found multiple vulnerabilities in the fraud proof system, and the response of the Optimism Foundation was surprising:
1. Treat fraud proof VM opcode-level vulnerabilities as minor security vulnerabilities;
2. Excluding the fraud proof system from the scope of external audit;
3. Temporarily adjust the permissionless mechanism of fraud proof to a permissioned mechanism, and propose a hard fork plan called Granite to solve security issues;
This makes people doubt the meaning and effectiveness of the so-called Fault Proof System.
3) How do you view this matter? In my opinion:
1. Optimism launched the Fault Proof System entirely to further expand the necessary security challenge mechanism of the OP Stack camp. The market has become optimistic about whether Optimism itself has such a challenge mechanism;
2. The Fault Proof System is indeed sophisticated and complex. Most of the states can be verified locally in L2, and only some key parts are pushed to the fault virtual machine of L1 for judgment. Yes, a virtual machine with specific op code is developed. This can ensure the low cost of L1 verification while ensuring security.
3. The Fault Proof System was changed from unlicensed to licensed and was urgently disabled, which also exposed the excessive power of the OP Foundation and the Multi-Signature Security Committee. Fraud proofs are under the control of the Security Committee even if they are unlicensed;
4. Optimism has fallen behind its peer Arbitrum in achieving the security and decentralization goals of Stage 1, and ZK-Rollup’s technological leadership will be further valued.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
MicroStrategy plans to issue up to $2 billion in preferred shares to increase its Bitcoin holdings
Polymarket's cumulative trading volume in 2024 will exceed US$9 billion
BlackRock IBIT had a net inflow of $252.3 million yesterday
Babylon official Twitter was stolen this morning. Please do not click on any links.