Recently, @Optimism was questioned by the overseas community due to security audit issues with the Fault Proof System. After major security issues were discovered in the original permissionless fraud proof mechanism, the OP Foundation actually proposed to hard fork to fix the problem and convert it to a licensed proof? What exactly happened?
1) Simply put: Fault Proof System is a mechanism for verifying the correctness of Layer2 network status. Anyone can submit L2 status to the dispute virtual machine on L1 without permission and accept challenges from others. If the challenge is successful, a reward and punishment mechanism will be triggered.
This is the fraud proof mechanism that must exist to ensure the security of the OP-Rollup mechanism. The launch of the Fault Proof System in June made up for the market's long-standing criticism of the OP Stack's lack of an effective challenge mechanism.
2) However, a recent community-driven audit found multiple vulnerabilities in the fraud proof system, and the response of the Optimism Foundation was surprising:
1. Treat the fraud proof VM opcode-level vulnerability as a minor security vulnerability;
2. Excluding the fraud proof system from the scope of external audit;
3. Temporarily adjust the permissionless mechanism of fraud proof to a permissioned mechanism, and propose a hard fork plan called Granite to solve security issues;
This makes us doubt the meaning and effectiveness of the so-called Fault Proof System.
3) How do you view this matter? In my opinion:
1. Optimism launched the Fault Proof System entirely to further expand the necessary security challenge mechanism of the OP Stack camp. The market has become "optimistic" about whether Optimism itself has such a challenge mechanism;
2. The Fault Proof System is indeed sophisticated and complex. Most of the states can be verified locally in L2, and only some key parts are pushed to the fault virtual machine of L1 for judgment. Yes, a virtual machine with specific op code is developed. This can ensure the low cost of L1 verification while ensuring security.
3. The Fault Proof System was changed from unlicensed to licensed and was urgently disabled, which also exposed the excessive power of the OP Foundation and the Multi-Signature Security Committee. Fraud proofs are under the control of the Security Committee even if they are unlicensed;
4. Optimism has fallen behind its rival Arbitrum in achieving the security and decentralization goals of Stage 1, and ZK-Rollup’s technological leadership will be further valued.