Author: The Optimism Collective & Op Labs; Translation: 0xjs@Golden Finance
On June 10, 2024, the governance-approved, permissionless fault proof was launched on the OP mainnet, and the OP Stack entered Stage 1. This is an important milestone for the super chain, and soon more OP Stack chains will be upgraded to include this feature, starting with Base, Metal, Mode, and Zora.
The permissionless fault proof system allows ETH and ERC-20 tokens to be withdrawn from the OP mainnet without the involvement of any trusted third party. This also means that any user who wants to participate in the protocol can challenge and delete invalid withdrawals. While participation in the fault proof system is permissionless, the Optimism Security Council reserves the right to intervene in the event of a system failure and restore the system to a permissioned state. Having this fallback is part of a responsible and secure rollout of the fault proof system, and the Optimism Security Council meets L2Beat's well-established industry standard definition for Phase 1.
A quick look at the Failure Proof System
A fully functional proof-of-failure system enhances the security of bridged ETH and ERC-20 tokens, and its functionality paves the way for full decentralization.
Improved trust model
The permissionless Proof-of-Failure system enables users to withdraw ETH and ERC-20 tokens from L2 to L1 without involving any trusted third party like a sorter or any other centralized infrastructure.
This means that withdrawals no longer rely on a privileged proposer role to publish output roots. Instead, anyone can now publish an output proposal through the fault dispute system. An output proposal makes a claim about the state of L2. Once finalized, the claim can be used to facilitate withdrawals without taking any privileged action. Even if the Council revokes a withdrawal.
Anyone can contribute to security
Any user who wants to participate in the protocol can challenge and delete invalid proposals.
The dispute game provides a mechanism to determine the validity of an output proposal. Anyone can dispute the validity of an output proposal by participating in its associated dispute game. Each action requires the placement of an ETH bond, and dishonest bonds will be paid to honest bond holders to cover gas costs.
The Security Council as a safety net
As Vitalik Buterin outlined in his Rollup decentralization vision, there can be temporary training wheels, a safety mechanism that can override the fault proof system in an emergency. This led to the introduction of a permissionless fault proof system, with the Optimism Collective’s safety committee as a fallback. At a 75% signature threshold, it can intervene in the event of a fault proof system failure or manual upgrade.
The system reduces trust assumptions, paving the way for full decentralization. The OP Labs team’s roadmap aims to achieve the second phase of decentralization of the OP Stack, removing the training wheels when the technology is proven to be secure.
Modular design to achieve multiple protections
The modular nature of the fault proof system makes it possible to integrate additional proof mechanisms, laying a solid foundation for future multi-proof systems. Additional proof systems can be easily added thanks to the smart contract framework included in this upgrade.
Working in tandem, these proofs will provide an enhanced layer of security during production. This will further reduce trust assumptions in subsequent upgrades as the OP Stack moves towards achieving Phase 2 decentralization.
However, OP Stack did not reach Stage 1 simply by implementing Proof of Failure. Additional safeguards specifically for the system ensure that the Safety Committee can act quickly and effectively when errors occur. If a safeguard is triggered, withdrawals are reset, requiring all pending withdrawals to be re-proven. Safety is a top priority for everything built into OP Stack, and these efforts, combined with the Proof of Failure work, have enabled OP Stack to reach Stage 1 functionality.
Next stop: Stage 2
In 2022, Vitalik outlined a framework for how L2 can gradually get rid of the training wheels and move towards full decentralization. L2 projects usually start early in the stages of development and start the ecosystem before the security model is fully permissionless. As the project progresses, they can get rid of the training wheels and advance from stage 0 to stage 1, and finally enter stage 2 decentralization.
Now that OP is confident in the security model for Phase 1, and the core development team and some of the most respected and diligent security auditors in the ecosystem have thoroughly vetted the Security Council’s ability to keep the system secure under any circumstances, the next step is to work towards Phase 2. Next up: an audit of Dispute Game itself, which will take place in July.
But looking ahead, we must go beyond the first stage.
L2s are in various stages of development, and these projects are often building ecosystems and hardening code at the same time. As projects mature, their code will continue to improve and the process of decentralization will continue to advance. Early security measures or "auxiliary tools" are no longer necessary.
Launching Proof of Failure on the OP Mainnet, expanding functionality to other OP Stack chains in the Hyperchain ecosystem, and achieving Phase 1 decentralization are important milestones. But the endgame is Phase 2 decentralization.
The current fault proof system lays the foundation for achieving "multi-proof nirvana" - like OP Stack itself, it is open source and modular by design. The framework is designed to enable OP Stack to support multiple proof systems, including zero-knowledge proofs as well as the current system Cannon. Putting redundant proof schemes into production to ensure withdrawals from OP Stack Chains back to Ethereum can limit the role of the safety committee to only choosing between proofs in the event of disagreement.
The Proof of Failure system was built and tested by core development teams from Superchain such as OP Labs, Base, and Sunnyside Labs. This collaborative approach made this launch possible. The Proof of Failure proposal was also approved by Optimism's Token House and Citizens' House, passing the two-step approval process of Optimism governance.
In the coming months, we seek to launch other proof systems on testnet, including Asterisc and Kona. Demonstrating the reliability and robustness of these redundant proof schemes will help Hyperchain achieve the second phase of decentralization.
We are celebrating the launch of Proof-of-Failure, and the entry of OP Stack into Phase 1, and are optimistic about Hyperchain’s path to a fully decentralized future.
