Skip to content

Commit

Permalink
Standard chain configs for Fault Proofs (#253)
Browse files Browse the repository at this point in the history 
* Standard chain configs for Fault Proofs

* Apply suggestions from code review

Co-authored-by: Adrian Sutton <[email protected]>

* fix link reference

---------

Co-authored-by: Adrian Sutton <[email protected]>
  • Loading branch information
@Inphi @ajsutton
Inphi and ajsutton authored Jun 21, 2024
1 parent 7433251 commit e251f49
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions specs/protocol/configurability.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,9 @@ These requirements are currently a draft, pending governance approval.
| [Batch Inbox address](https://github.com/ethereum-optimism/optimism/blob/c927ed9e8af501fd330349607a2b09a876a9a1fb/packages/contracts-bedrock/src/L1/SystemConfig.sol#L176) | L1 address where calldata/blobs are posted (see [Batcher Transaction](../glossary.md#batcher-transaction)). | Static | Current convention is <code>versionByte &vert;&vert; keccak256(bytes32(chainId))[:19]</code>, where <code>&vert;&vert;</code> denotes concatenation, `versionByte` is `0x00`, and `chainId` is a `uint256`. | It is recommended, but not required, to follow this convention. |
| [Batcher Hash](./system_config.md#batcherhash-bytes32) | A versioned hash of the current authorized batcher sender(s). | [System Config Owner](#admin-roles) | `bytes32(uint256(uint160(batchSubmitterAddress)))` | [Batch Submitter](../protocol/batcher.md) address padded with zeros to fit 32 bytes. |
| [Chain ID](https://github.com/ethereum-optimism/superchain-registry/blob/main/superchain/configs/chainids.json) | Unique ID of Chain used for TX signature validation. | Static | Foundation-approved, globally unique value [^chain-id]. | Foundation will ensure chains are responsible with their chain IDs until there's a governance process in place. |
| [Challenge Period](../protocol/withdrawals.md#withdrawal-flow) | Length of time for which an output root can be removed, and for which it is not considered finalized. | [L1 Proxy Admin](#admin-roles) | 7 days | High security. Excessively safe upper bound that leaves enough time to consider social layer solutions to a hack if necessary. Allows enough time for other network participants to challenge the integrity of the corresponding output root. |
| [Proof Maturity Delay](../fault-proof/stage-one/bridge-integration.md#fpac-optimismportal-mods-specification) | The length of time that must pass between proving and finalizing a withdrawal. | [L1 Proxy Admin](#admin-roles) | 7 days | High security. Excessively safe upper bound that leaves enough time to consider social layer solutions to a hack if necessary. Allows enough time for other network participants to challenge the integrity of the corresponding output root. |
| [Dispute Game Finality](../fault-proof/stage-one/bridge-integration.md#fpac-optimismportal-mods-specification) | The amount of time given to the `Guardian` role to [blacklist a resolved dispute game](../fault-proof/stage-one/bridge-integration.md#blacklisting-disputegames) before any withdrawals proven against it can be finalized, in the case of a system failure. | [L1 Proxy Admin](#admin-roles) | 3.5 days | High security. Allows enough time for the `Guardian` to blacklist games. |
| [Respected Game Type](../fault-proof/stage-one/bridge-integration.md#new-state-variables) | The respected game type of the `OptimismPortal`. Determines the type of dispute games that can be used to finalize withdrawals. | [Guardian](#service-roles) | [`CANNON` (`0`)](https://github.com/ethereum-optimism/optimism/blob/op-contracts/v1.5.0/packages/contracts-bedrock/src/dispute/lib/Types.sol#L28) | The game type may be changed to [`PERMISSIONED_CANNON` (`1`)](https://github.com/ethereum-optimism/optimism/blob/op-contracts/v1.5.0/packages/contracts-bedrock/src/dispute/lib/Types.sol#L31) as a fallback to permissioned proposals, in the event of a failure in the Fault Proof system. |
| [Fee Scalar](https://github.com/ethereum-optimism/optimism/blob/c927ed9e8af501fd330349607a2b09a876a9a1fb/packages/contracts-bedrock/src/L1/SystemConfig.sol#L288-L294) | Markup on transactions compared to the raw L1 data cost. | [System Config Owner](#admin-roles) | Set such that Fee Margin is between 0 and 50%. | |
| [Gas Limit](./system_config.md#gaslimit-uint64) | Gas limit of the L2 blocks is configured through the system config. | [System Config Owner](#admin-roles) | No higher than 200_000_000 gas | Chain operators are driven to maintain a stable and reliable chain. When considering to change this value, careful deliberation is necessary. |
| Genesis state | Initial state at chain genesis, including code and storage of predeploys (all L2 smart contracts). See [Predeploy](../glossary.md#l2-genesis-block). | Static | Only standard predeploys and preinstalls, no additional state. | Homogeneity & standardization, ensures initial state is secure. |
Expand Down Expand Up @@ -78,7 +80,7 @@ These requirements are currently a draft, pending governance approval.

| Config Property | Description | Administrator | Administers | Standard Config Requirement | Notes |
|---------------------------------------|------------------------------------------------------------------------------------------------------------------------------|-------------------------------------|-------------------------------------|-------------------------------------|-------------------------------------|
| L1 Proxy Admin | Account authorized to upgrade L1 contracts. | [L1 Proxy Admin Owner](#admin-roles) | [Batch Inbox Address](#consensus-parameters), [Start block](#consensus-parameters), [Proposer address](#service-roles), [Challenger address](#service-roles), [Guardian address](#service-roles), [Challenge Period](#consensus-parameters), [Output frequency](#policy-parameters), [L2 block time](#consensus-parameters), [L1 smart contracts](#consensus-parameters) | [ProxyAdmin.sol](https://github.com/ethereum-optimism/optimism/blob/op-contracts/v1.3.0/packages/contracts-bedrock/src/universal/ProxyAdmin.sol) from the latest `op-contracts/vX.Y.X` release of source code in [Optimism repository](https://github.com/ethereum-optimism/optimism). | Governance-controlled, high security. |
| L1 Proxy Admin | Account authorized to upgrade L1 contracts. | [L1 Proxy Admin Owner](#admin-roles) | [Batch Inbox Address](#consensus-parameters), [Start block](#consensus-parameters), [Proposer address](#service-roles), [Challenger address](#service-roles), [Guardian address](#service-roles), [Proof Maturity Delay](#consensus-parameters), [Dispute Game Finality](#consensus-parameters), [Output frequency](#policy-parameters), [L2 block time](#consensus-parameters), [L1 smart contracts](#consensus-parameters) | [ProxyAdmin.sol](https://github.com/ethereum-optimism/optimism/blob/op-contracts/v1.3.0/packages/contracts-bedrock/src/universal/ProxyAdmin.sol) from the latest `op-contracts/vX.Y.X` release of source code in [Optimism repository](https://github.com/ethereum-optimism/optimism). | Governance-controlled, high security. |
| L1 ProxyAdmin owner | Account authorized to update the L1 Proxy Admin. | | [L1 Proxy Admin](#admin-roles) | [0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A](https://etherscan.io/address/0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A) [^of-sc-gnosis-safe-l1] | Governance-controlled, high security. |
| L2 Proxy Admin | Account authorized to upgrade L2 contracts. | [L2 Proxy Admin Owner](#admin-roles) | [Predeploys](./predeploys.md#overview) | [ProxyAdmin.sol](https://github.com/ethereum-optimism/optimism/blob/op-contracts/v1.3.0/packages/contracts-bedrock/src/universal/ProxyAdmin.sol) from the latest `op-contracts/vX.Y.X` release of source code in [Optimism repository](https://github.com/ethereum-optimism/optimism). Predeploy address: [0x4200000000000000000000000000000000000018](https://docs.optimism.io/chain/addresses#op-mainnet-l2). | Governance-controlled, high security. |
| L2 ProxyAdmin owner | Account authorized to upgrade protocol contracts via calls to the `ProxyAdmin`. This is the aliased L1 ProxyAdmin owner address. | | [L2 Proxy Admin](#admin-roles) | Gnosis Safe between Optimism Foundation (OF) and the Security Council (SC). Aliased Address: [0x6B1BAE59D09fCcbdDB6C6cceb07B7279367C4E3b](https://optimistic.etherscan.io/address/0x6B1BAE59D09fCcbdDB6C6cceb07B7279367C4E3b) [^aliased-of-sc-gnosis-safe-l1] | Governance-controlled, high security. |
Expand All @@ -92,9 +94,9 @@ These requirements are currently a draft, pending governance approval.
| Config Property | Description | Administrator | Standard Config Requirement | Notes |
|---------------------------------------|------------------------------------------------------------------------------------------------------------------------------|-------------------------------------|-------------------------------------|-------------------------------------|
| [Batch submitter address](https://github.com/ethereum-optimism/optimism/blob/c927ed9e8af501fd330349607a2b09a876a9a1fb/packages/contracts-bedrock/src/L1/SystemConfig.sol#L265) | Account which authenticates new batches submitted to L1 Ethereum. | [System Config Owner](#admin-roles) | No requirement | |
| [Challenger address](https://github.com/ethereum-optimism/optimism/blob/c927ed9e8af501fd330349607a2b09a876a9a1fb/packages/contracts-bedrock/src/L1/L2OutputOracle.sol#L109) | Account which can delete output roots before challenge period has elapsed. | [L1 Proxy Admin](#admin-roles) | [0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A](https://etherscan.io/address/0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A) [^of-gnosis-safe-l1] | Optimism Foundation (OF) multisig leveraging [battle-tested software](https://github.com/safe-global/safe-smart-account). |
| [Guardian address](https://github.com/ethereum-optimism/optimism/blob/c927ed9e8af501fd330349607a2b09a876a9a1fb/packages/contracts-bedrock/src/L1/SuperchainConfig.sol#L50) | Account authorized to pause L1 withdrawals from contracts. | [L1 Proxy Admin](#admin-roles) | [0x09f7150D8c019BeF34450d6920f6B3608ceFdAf2](https://etherscan.io/address/0x09f7150D8c019BeF34450d6920f6B3608ceFdAf2) | A 1/1 Safe owned by the Security Council Safe, with the [Deputy Guardian Module](../experimental/security-council-safe.md#deputy-guardian-module) enabled to allow the Optimism Foundation to act as Guardian. |
| [Proposer address](https://github.com/ethereum-optimism/optimism/blob/c927ed9e8af501fd330349607a2b09a876a9a1fb/packages/contracts-bedrock/src/L1/L2OutputOracle.sol#L108) | Account which can propose output roots to L1. | [L1 Proxy Admin](#admin-roles) | No requirement | |
| [Challenger address](https://github.com/ethereum-optimism/optimism/blob/op-contracts/v1.5.0/packages/contracts-bedrock/src/dispute/PermissionedDisputeGame.sol#L23) | Account which can interact with existing [permissioned dispute games](../fault-proof/stage-one/bridge-integration.md#permissioned-faultdisputegame). | [L1 Proxy Admin](#admin-roles) | [0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A](https://etherscan.io/address/0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A) [^of-gnosis-safe-l1] | Optimism Foundation (OF) multisig leveraging [battle-tested software](https://github.com/safe-global/safe-smart-account). This role is only active when the `OptimismPortal` respected game type is [`PERMISSIONED_CANNON`](https://github.com/ethereum-optimism/optimism/blob/op-contracts/v1.5.0/packages/contracts-bedrock/src/dispute/lib/Types.sol#L31). |
| [Guardian address](https://github.com/ethereum-optimism/optimism/blob/c927ed9e8af501fd330349607a2b09a876a9a1fb/packages/contracts-bedrock/src/L1/SuperchainConfig.sol#L50) | Account authorized to pause L1 withdrawals from contracts, blacklist dispute games, and set the respected game type in the `OptimismPortal`. | [L1 Proxy Admin](#admin-roles) | [0x09f7150D8c019BeF34450d6920f6B3608ceFdAf2](https://etherscan.io/address/0x09f7150D8c019BeF34450d6920f6B3608ceFdAf2) | A 1/1 Safe owned by the Security Council Safe, with the [Deputy Guardian Module](../experimental/security-council-safe.md#deputy-guardian-module) enabled to allow the Optimism Foundation to act as Guardian. |
| [Proposer address](https://github.com/ethereum-optimism/optimism/blob/op-contracts/v1.5.0/packages/contracts-bedrock/src/dispute/PermissionedDisputeGame.sol#L20) | Account which can create and interact with [permissioned dispute games](../fault-proof/stage-one/bridge-integration.md#permissioned-faultdisputegame) on L1. | [L1 Proxy Admin](#admin-roles) | No requirement | This role is only active when the `OptimismPortal` respected game type is [`PERMISSIONED_CANNON`](https://github.com/ethereum-optimism/optimism/blob/op-contracts/v1.5.0/packages/contracts-bedrock/src/dispute/lib/Types.sol#L31). The `L1ProxyAdmin` sets the implementation of the `PERMISSIONED_CANNON` game type. Thus, it determines the proposer configuration of the permissioned dispute game. |
| [Sequencer P2P / Unsafe head signer](https://github.com/ethereum-optimism/optimism/blob/c927ed9e8af501fd330349607a2b09a876a9a1fb/packages/contracts-bedrock/src/L1/SystemConfig.sol#L250) | Account which authenticates the unsafe/pre-submitted blocks for a chain at the P2P layer. | [System Config Owner](#admin-roles) | No requirement | |

[^of-gnosis-safe-l1]: 5 of 7 GnosisSafe controlled by Optimism Foundation (OF). Mainnet and Sepolia addresses can be found at [privileged roles](https://docs.optimism.io/chain/security/privileged-roles).

0 comments on commit e251f49

Please sign in to comment.