On behalf of the Developer Advisory Board, here is a non-technical summary of this upgrade proposal:
For Optimism withdrawals to function, the L2 state root must be posted to L1.
You can think of the L2 state root as a single “summary” value that can be used to prove any fact about L2’s state. This value is used when withdrawing funds to prove those funds were actually withdrawn on L2.
(Optimism actually uses a few different values to make proving simpler, but we can skip that for this discussion.)
Before this upgrade, this L2 root value was posted to the L2OutputOracle contract. It could only be posted by a trusted, permissioned account. As long as this permissioned account acted honestly, the chain would function as intended.
This upgrade aims to move towards technical decentralization by allowing anyone to post the L2 root.
How does this work?
L2 roots are proven through “games”. In the current game, anyone can propose a root (and put up a financial bond along with it). Any other user can challenge them (also putting up a bond), and the two users then go back and forth proving facts about how the root was calculated and increasing their bonds until either (a) one of them gives up or (b) they disagree about a fact so basic that it can be proven on chain.
If the user who proposed the root wins this game, the root is considered valid. Otherwise, it is considered invalid. The loser also forfeits their bonds to the winner.
Only a valid game that has had enough time to work itself out can have withdrawals proven against it, which stops dishonest users from being able to post an incorrect root.
Safeguards
The game itself may still have security issues. As the proposal says: “We acknowledge that gaining certainty in the correctness of the complex logic found within the FaultDisputeGame contract, its dependencies, and the offchain op-challenger software will take time.”
For this period where the security of the game may still be at risk, Optimism has poured significant resources into building safeguards around the game, as follows:
-
An off chain monitoring system has been set up to monitor all proposed roots and ensure they align with the correct state.
-
After a root is finalized through a game, an additional delay has been added before withdrawals can occur. During this period, the GUARDIAN role can reject the root. This will allow the monitoring to stop invalid withdrawals.
-
A contract called DelayedWETH has been set up to hold the bonds and only allow payouts after a delay, so that bonds can be redirected towards the rightful recipient in the event that a game is abused.
Other Implications
As a part of the OptimismPortal (the contract that handles withdrawals) being upgraded, all previously proved withdrawals will no longer work. This means that any previously proven withdrawal that has not yet been finalized will need to be reproved, including an additional wait before being able to finalize.
If you have any questions about the technical details of this upgrade, feel free to post here and I (or someone else in the DAB) will get back to you.