OP: Optimism disables permissionless fraud proofs in the face of critical vulnerabilities

The Optimism Foundation has temporarily disabled permissionless fraud proofing on its network after critical vulnerabilities were discovered during community audits, reverting to a permissioned model pending an update scheduled for September 10.
Audits revealed serious flaws in the fraud proof system, although not exploited, prompting Optimism to activate fallback mechanisms to protect network security.
A major update called Granite, including a hard fork, is planned to strengthen network security and address identified issues, although this update has not yet been independently audited.

The Optimism Foundation recently made the decision to disable permissionless fraud evidence on its network, barely two months after their implementation.

This decision follows community audits who have brought to light multiple vulnerabilitiesprompting the foundation to temporarily return to a permissioned operating model, pending a critical network upgrade scheduled for September 10.

Implementation and retraction of permissionless fraud evidence

The deployment of evidence of fraud without permission (or evidence of fault) on the network Optimism represented a significant step forward for the decentralization of this Ethereum layer 2. This mechanism allowed any user to dispute potentially fraudulent transactionsmarking a step towards what Vitalik Buterinco-founder of Ethereum, described as the “Level 1 decentralization” or the activation of the “small wheels limited. This means that even though the network is decentralized, a small set of trusted parties can still step in if something goes wrong.

However, despite the initial enthusiasm, the community audits conducted after the implementation of permissionless fraud evidence revealed critical bugs that could potentially compromise network security. In response to these findings, The Optimism Foundation has chosen to return to a permissioned fraud proof model, where only certain trusted entities can step in to challenge transactions.

Today, @OPLabsPBC posted an upgrade proposal detailing findings from a recent series of community-driven audits on the Fault Proof System, including the plan to fix the bugs identified as part of the audits.https://t.co/Kylblb3Wyx
— Optimism (@Optimism) August 16, 2024

Vulnerabilities detected and Optimism's reaction

THE vulnerabilities identified by audits varied in severity, with two problems considered highly critical according to Optimism's bug severity scale. Although these flaws were not exploited, the foundation preferred to activate a fallback mechanism to avoid any risk of destabilization of the network.

Mofi Taiwoprotocol engineer at OP Labsexplained in a proposal submitted to the Optimism governance forum that the fallback mechanisms had been activated as a precaution. These mechanisms had already been audited, but some Critical contracts of the fraud proof system were not included in the scope of the audits. Taiwo stressed that while the issues discovered were serious, Optimism’s monitoring tools would have helped detect them before they caused harm to users.

Granite: a critical update with hard fork

To address these issues and strengthen network security, OP Labs proposed a major update, called Granitewhich includes a hard fork on layer 2 of Optimism. Scheduled for September 10, this update is expected to bring several improvements, including changes to the fraud proof system and adjustments to the network's smart contracts.

However, it is important to note that this update, while critical, has not yet been independently audited. OP Labs has nonetheless conducted a security review of the changes and deemed them low risk.

The article OP: Optimism disables permissionless fraud proofs in the face of critical vulnerabilities appeared first on Coin Academy