L2 Security - OP Leadership and Governance

I am trying my best to stay “Optomistic” but my needle has moved from “concerned” to “worried.”

Opportunity: I don’t see alarms going off in the OP and L2 communities concerning the number and severity of hacks that collectively have destroyed (by some estimates) over 1 Billion of liquidy. I know of no quantitative data to map the exponential Crypto growth against the number and value of hacks; however, I know the numbers are growing and the Headlines will increasingly be a subject in mainstream media and to their advantage all corners of politics.

*** OP Action:** It’s time that OP show L2 leadership by addressing security issues in apps that call OP home. I fear in retrospect, to do nothing will represent failure. To our credit, the industry has survived with bailouts sourced from within; however, the frequency and magnitude represent a problem not to be ignored. Most importantly I believe ignoring the issue would be a violation of key parts of the proposed OP Constitution.

  • Allocate treasury assets to fund public goods, incentivize participants in the Optimism ecosystem, or otherwise further its (and the Collective’s) purpose;

  • Take other actions that are conducive to its stewardship role.

  • The primary function of the Collective is to minimize the discrepancy between collective impact and individual profit.

Conclusion: Hacks have exploited every component of the broad Crypto Echosystem including OP (Wintermute, Quixotic). Long-term, headlines will shift public opinion and unchecked jeopardize retail and institutional confidence. The OP Collective must lead an effort to recognize, publicize, and develop measures to minimize further industry damage in the OP Echosystem and beyond.


Personally, I feel like we sometimes forget that Ethereum provides rewards (ETH) and penalties (Slash) to penalize or remove systemic threats. L2’s, in their own way, need the same (better) methods to mimic the rules governing those who earn the privilege of being part of the OP Echosystem.

What might the OP Collective do? Many in this community are far more capable than this writer to devise best practices; however, here are a few discussion points to provoke thought in a collaborative forum:

  • How can and how should the Collective reward those who benefit from meeting/exceeding OP requirements
  • What do we have that might be tooled as a “slash?”
  • Proof of Reserves - zero-knowledge proofs
  • Self Regulation - if we don’t “they” will, but “theirs” will be quite different than ours
  • Audits - Structure, requirements, verification, rewards, penalties

These represent perhaps the obvious ways we can tighten up the system. Even if we can’t help those who have lost their fortune by way of scams, legit errors, greed, and ignorance we can improve the financial and emotional experience of users who admire and respect the OP Collective leadership.

All of the issues discussed here are great, but governance implies more. Without rules and consequences (good and bad) the OP Collective will have missed an opportunity while inviting failure.