Open source, permissionless fault proofs went live on the Optimism mainnet in June. This system laid the groundwork for achieving “multi-proof nirvana.” It gave users the ability to initiate withdrawals of ETH and ERC-20 tokens from the Optimism mainnet sans the involvement of any trusted third parties.
Now, in what is the latest development, the Optimism Foundation has reverted to the permissioned system. The team informed users that “community-driven audits” flagged a host of vulnerabilities within the system.
Mofi Taiwo, Protocol Engineer at Optimism Labs, submitted a proposal to the governance forum chalking out the security vulnerabilities and listing the reasons for getting back to the permissioned system.
He clarified that even though the auditors discovered two high-severity issues, no user assets were ever at risk. He asserted,
“None of the vulnerabilities have been exploited, and user assets are not and were never at risk. However, out of an abundance of caution, the permissioned fallback mechanism has been activated in order to avoid any potential instability while the vulnerabilities are patched.”
The team intends to fix the bugs identified. An upgrade — that includes both a set of smart contract improvements to fix the vulnerabilities identified in the audit as well as an L2 hard fork to improve the stability and performance of the fault proof system — has been proposed.
If the proposal, dubbed Granite, receives enough favorable votes, the upgrade will be scheduled for execution on September 10 at 16:00:01 UTC.
Notably, the upgrade has already been activated on internal devnets and the Sepolia Superchain in conjunction with Base and Conduit.
Commenting on the current state of affairs, Mert Mumtaz, Co-founder & CEO at Helius noted,
“One of the serious edges L2s have is that they can literally do whatever they want. Bug in fraud proofs? OK let's just get rid of proofs for the next month. Problem? It's ok, the security council will control the permissions. You do not have this luxury on an L1 where you have to release a version upgrade and beg the rest of the stake to adopt it.”