The Optimism Foundation recently rolled back its network to a permissioned fraud-proof state following the discovery of security vulnerabilities.
These vulnerabilities were identified through community-driven audits, which revealed issues in two network contracts. In response, Mofi Taiwo, a protocol engineer and representative of OP Labs, proposed a “Granite” hard fork scheduled for September 10th to address these vulnerabilities.
Community audits reveal critical vulnerabilities
The permissionless fraud-proof system, launched by Optimism two months ago, aimed to decentralize transaction verification on the Ethereum layer 2 scaling solution. However, community audits uncovered critical vulnerabilities in the MIPS contracts, which had not been detected during the project’s initial audit scope. These contracts, mistakenly categorized under lower-risk categories, were not subjected to the same level of scrutiny as other high-risk components.
The discovered vulnerabilities were severe enough that, if exploited, they could have caused significant disruptions to the network. Optimism’s ImmuneFi bounty program assessed the potential impact of these bugs, highlighting the importance of immediate action. The foundation emphasized identifying these vulnerabilities before malicious actors could exploit them, ensuring that user assets remained secure.
Temporary rollback to ensure network stability
In light of these findings, the Optimism Foundation decided to revert its network to a permissioned fraud-proof state as a precautionary measure. This decision was made to prevent any instability and protect user funds while the identified vulnerabilities were patched. The rollback involved resetting any pending withdrawals, which will need to undergo the proving process again once the system is fully secured.
The Optimism Foundation stated that fixing the bugs would take approximately three weeks. During this time, the permissioned fraud-proof system will be in place, where only trusted proposers can challenge potentially fraudulent transactions. This centralized approach contrasts with the permissionless system, which aims to decentralize the L2 scaling solution.
Proposed hard fork to fix vulnerabilities
Following the network’s reversion, Mofi Taiwo, an engineer from OP Labs, submitted a proposal to Optimism’s governance forum, suggesting the implementation of the “Granite” hard fork. This hard fork, scheduled for September 10th, aims to address the identified vulnerabilities and improve the network’s overall security.
While the proposed upgrade has not yet undergone a formal audit, an internal security review conducted by OP Labs deemed the changes low-risk. The Optimism Foundation remains committed to enhancing the security and decentralization of its network, with the “Granite” hard fork serving as a crucial step in this ongoing process.
The Optimism Foundation’s decision to revert to a permissioned fraud-proof system underscores the importance of maintaining network security while striving for greater decentralization. As the Ethereum layer 2 scaling solution continues to evolve, the foundation remains focused on addressing any challenges that arise to ensure the stability and security of its platform.