Author: Ac-Core, YBB Capital Researcher; Translation: Golden Finance xiaozou

The main narrative direction of ETH has shifted from L1 to L2. If we still interpret it as the ERC-20 narrative of "issuing tokens with one click", then we might as well expand the pattern a little bit and imagine a crazy future of "issuing chains with one click"! Arbitrum is based on the fact that no one else can do this! Arbitrum has been leading the competitive landscape of L2 with its unparalleled ecosystem and high TVL, but can this temporary victory last for a long time? Unlike another layer L3 solution Arbitrum Orbit, OP Stack is a "super chain" that can create L2 with one click. This article will use three parts to comprehensively analyze the security issues of OP Stack, ZK elements in OP, and Rollup.

1. OP Stack opens the “Superchain world”

Where will the next bull market start? Will it start with high-performance L1, network layer L3, L2 in the ZK system, or OP Stack Superchain? This is a very interesting and thought-provoking question. The title of Ether Killer has always been an insurmountable goal for all public chains, but there are many superkernels hidden among them, and OP Stack is one of them.

(1) What is OP Stack?

  • OP Stack can be understood as a set of open source software components that allow anyone to build their own L2 blockchain on Ethereum using Optimisitc Rollup. OP Stack consists of four main components:

  • Mainnet: OP Mainnet is a low-cost and fast Ethereum L2 network compatible with the Ethereum Virtual Machine (EVM).

  • Contract: A smart contract that implements the core logic and functions of OP Stack. OP contracts include the State Transition System (STS); Fraud Proof (FP); State Commitment Chain (SCC); and Canonical Transaction Chain (CTC).

  • Services: Services that provide data availability, synchronization, and communication between L1 and L2.

  • Tools: Tools to facilitate the development, testing, deployment, monitoring, and debugging of blockchains based on the OP Stack.

(2) First-class openness

OP Stack will be built as a forkable, modular, and scalable blockchain infrastructure. To achieve this vision, all types of L2 need to be integrated into a single superchain, integrating separate L2s into an interoperable combined system, and the release of L2 will be as simple as deploying smart contracts on Ethereum today. It can transform the "one-click issuance of tokens" narrative into a "one-click issuance of chains" narrative. In essence, Hyperchain is a horizontally scalable blockchain network that shares the security of Ethereum, as well as communication layers and development tools.

OP Stack will be the unified modular development stack behind hyperchain and countless interconnected and communicating blockchains. Developed and maintained by Optimism Collective, OP Stack supports shared open source systems for new aggregate network deployments. At the same time, it is also a set of standardized open source modules. This sounds like Cosmos based entirely on Ethereum security, but now OP Stack has become Cosmos Killer, and the complementarity of ETH and ATOM is well known. Next, let's take a closer look at the definition of OP Stack:

Modules are bits of data that any developer can plug into the OP Stack. Superchain's "standardization" means that there is a consensus on the standard for modules, and everyone can implement that standard. It is also completely open source, which means that anyone can develop iterations and send requests for free. Developers can switch modules between different execution layers, consensus layers, settlement layers, and data availability layers of the chain.

Just like dYdX chose to leave Ethereum and turn to Cosmos Application Chain, the root cause was that they wanted a higher degree of modularity in the consensus layer of their chain. I think this is a good start to allow more independent dapps to choose independently developed public chains, the most famous of which is Luna, although it ultimately failed for some reasons. Thankfully, OP Stack has solved this problem by designing the forked code in a simpler way, which allows developers to easily extract different components of the blockchain and modify them by inserting different modules.

(3) OP Stack design principles

  • Efficiency: You can build anything with OPStack and publish the blockchain with just one click;

  • Simplicity: Leverage reusable code and readily available development tools to enhance security and reduce maintenance complexity, thereby alleviating overall barriers;

  • Scalability: Optimism Collective will fully open source the main code of OPStack.

In terms of architecture, OPStack can be divided into six layers from bottom to top, namely: DA (data availability) layer, sorting layer, derivation layer, execution layer, settlement layer, and governance layer. Each layer of OP Stack is a modular API that can be combined and decoupled at will. The most critical ones are the DA layer, execution layer, and settlement layer, which constitute the main workflow of OP Stack.

  • DA layer: The data availability layer is the original data source of OP Stack. Single or multiple data availability modules can be used to obtain input data. Currently, the most important DA layer is Ethereum, but there will be more chains in the future.

  • Execution Layer: The state structure in the OP Stack provides the possibility for EVM or other VMs to be used, adding support for L2 transactions initiated on Ethereum while adding an additional L1 data cost per transaction to the overall cost of publishing a transaction to Ethereum.

  • Settlement layer: This layer aggregates L2 transaction data on the OP Stack and sends the information to the target chain after L2 confirms the information to complete the settlement. In the future, it is also expected to access ZK and other validity proof mechanisms to bridge the gap between different chains and even connect the silos between the OP system L2 and the ZK system L2.

Judging from several projects with ZK elements that OP has discovered recently, we can imagine boldly that, for example, an Optimistic rollup wants to transform into a ZK rollup, no problem! Just replace its fraud proof module with the validity proof module of the settlement layer. If a chain wants to use Celestia as its data availability layer, no problem! Replace Ethereum with Celestia. If you want to replace the EVM in the execution layer with a different type of virtual machine, unfortunately, this is only a technical possibility for OP Stack. In this mega-chain scenario, a hot trend was born-"Polygon: I want to be the Cosmos of ZK L2! Optimism: I want to be the Cosmos of OP L2! Cosmos: Then who am I?"

(4)OP Stack Law

Ethereum’s unlimited blockspace is a critical step toward mass adoption, but it also brings with it the problem of fragmentation, and permissionless deployment brings new challenges. Today, each new OP Stack chain sails on its own track, without any direct way to share standards and improvements. Users and builders also face a huge challenge: individually evaluating many different chains based on security, quality, and neutrality. To achieve superchain, OP Stack needs to move from an independent, decentralized blockspace to a unified collective of chains working together on an open, decentralized blockspace. The Law of Chains sets out the guiding principles of Optimistic Governance and Superchain. Optimistic governance shifts from managing a single chain to managing common standards for multiple chains, thereby defining the properties required to be part of a superchain while prioritizing the protection of users transacting on the superchain. Fundamentally, the Law of Chains is a social contract (not a legal contract), so active community discussion is critical. "The Law of Chains will enable Superchain to guarantee the following properties:

  • Ensure that the block space remains homogeneous, neutral, and open: A commitment to the chain law is a commitment to protecting chain users, developers, and other stakeholders. As part of the superchain, chains of any size can be supported by Optimstic governance and credibly demonstrate the homogeneity, neutrality, and openness of their block space.

  • Benefit from continuous improvement: shared upgrades mean Hyperlink always has access to the best technology without having to worry about maintaining it themselves.

  • Providing better and more accessible infrastructure: Because all chains in a hyperchain are reliably committed to a standard, they can work together to ensure the availability and affordability of key services such as indexing and sorting.

(5) Can OP Stack give back to OP?

What is the use of OP tokens? If they give back a portion of their revenue to Optimism Collective in the way that Basechain does, then the revenue source of the "treasury" will rely on its own "value" and rely on creating more narratives to eventually feed back to the coin price, making OP's performance logic in the secondary market similar to ATOM, but this situation may be the most ideal situation at present. Optimism Collective will eventually benefit from the feedback of more chains, taking Basechain as an example. This feeling reminds us of UNI. Both have powerful programs, but the tokens themselves have no value use other than voting and governance. Unlike the centralized sorter problem currently faced by L2, even if L2 tokens are only used for some form of leader selection (rather than consensus voting), the value of the sorting rights still belongs to the Rullop token.

At the same time, the OP team released the Law of Chain proposal on July 25. All chains adopting OP Stack initiated a shared governance model and sequencer, hoping to standardize the "profit feedback" model and bring more income to the entire OP system (as described in the OP Stack Law above), which is equivalent to the shared security model of Cosmos.

(6) The difference between OP Stack and ZK Stack

OP Stack: Multiple Chain Single Selection

It is easy to see from the above that OP Stack adopts a multi-chain model similar to Cosmos, but there is only one option, because OP Stack pursues that each chain needs to verify the transactions of other chains, otherwise it will need to wait for a few days on L1 to get results, so a single shared sorter, centralized MEV allocation, and protection from law and governance are the only things that can make Optimistic rollup seamlessly interoperable between different chains. Optimistic rollup is the only way to achieve seamless interoperability between different chains.

ZK Stack: Multiple Chains, Multiple Choices

Unlike OP Stack, ZK Stack can also link multiple threads, but it can have multiple options, choose its own sorter, do MEV in its own way, and be protected by mathematics and code (note: OP Stack is protected by fiat currency and governance). This is because if ZK uses designated shared threads or a very small set of threads, then they can trust each other based on mathematics alone, making zero-knowledge proofs worthless.

2. ZK Elements of OP Stack

OP Stack is a completely open architecture, which makes it possible to have zkvm, zkmips, zkwasm, zkevm in the ecosystem, but OP Stack also has some different ZK elements compared to "orthodox ZK". We can't help but think that there may be a beautiful connection between OP rollup and ZK rollup in the near future.

(1) Implementing Zero-Knowledge Proof (ZKP) for OP

According to the latest developments, the Mina team plans to implement zkmips vm on OP Stack using their own plonk system + kzg commitment + folding algorithm nova. Although this is only a recent proposal and there are still many immature aspects, it is very worth exploring. The project team is tasked with implementing secure, low-latency cross-chain communication between L2, L1 and OP chains through zero-exponential proofs. This is a well-supported zero-knowledge proof (ZKP) of an instruction set architecture (ISA) that proves the behavior of Optimism fault-tolerant programs, laying the foundation for being able to prove any blockchain system based on OP Stack.

Accomplishing this task implies the implementation of a zero-knowledge proof (ZKP) system that can prove OP-poker procedures using an instruction set architecture (ISA) supported by the golang compiler, such as MIPS, RISC-V, or WASM. Furthermore, the proving system must prove the state transitions between two blocks of a standardly configured OP Stack chain, thus demonstrating that it is feasible in practice. In addition to proving a standard execution trace of the ISA, support for poker procedures introduces additional requirements.

Specifically, the Fault Proof program introduces the concept of a pre-mapped oracle, which uses a special system call to load external data into the program. Each Fault Proof VM is responsible for implementing a mechanism by which a hash value of some data is stored at a specific location in memory and executed by a system call, and then the pre-image of that hash value is loaded into memory for use by the program. Pre-mapped oracles are also used to bootstrap the initial input of the program.

(2) Decentralized sorter attempt

Espresso Systems officially announced on Twitter on July 21, 2023 that the proposal to establish a decentralized sorting verification for OP Stack's leader election has been accepted, becoming a contributing force to OP Stack and Superchain. One of the main protocols of the project, HotShot, is a high-speed consensus protocol that can be used for re-collateralization, enabling Ethereum validators to participate in the protocol, aiming to reach the same scale as the Ethereum validator set. The project also developed Espresso Sequencer, which integrates a full-featured zk-rollup, especially the Polygon zkEVM branch.

What is leader election?

Leader election refers to the ability to use different leaders in a distributed system who are responsible for creating the next canonical state transition. In blockchain, leader election allows different block producers to generate blocks at different times, and the leader election algorithm can be competitive or non-competitive.

In the case of proof of work, a competitive leader election algorithm is one where there are many potential units competing to become the leader simultaneously. A non-competitive leader election algorithm is one where there is only one known leader at a given point in time, and in the case of Ether Gasper, a non-competitive leader election algorithm means that there is only one known unit at a given point in time, and there is no other way for another potential unit to become the leader at that time.

In the case of separating the proposer network from the builder network (i.e., the block builder network is only responsible for selecting the transaction order, and the proposer network is only responsible for signing the block), it will transform the single entity responsible for generating a block at a given moment into many possible entities and allow them to compete for the most profitable potential block in the builder network at that time.

It is difficult to understand the various secondary effects of leader election mechanisms between different op-stack chains. Currently, leader election is the most popular mechanism because it allows for more decentralized ordering. Note that it also does not guarantee that the orderer is absolutely decentralized, so extreme caution should be exercised when considering decentralized orderers.

3. Is Rollup really safe?

(1) How the Ethereum network works

The principle of the Ethereum network is that each node stores and executes every transaction submitted to it by the user. This high-level security method also makes the entire network very expensive, so it is necessary to expand the capacity of the entire network and adopt the Rollup solution. Simply put, Rollup = a set of contracts in L1 + its own network node in L2, that is, on-chain smart contracts + off-chain aggregators, which rely on Ethereum for settlement, consensus, and data availability, and are only responsible for the execution of Rollup itself.

  • On-chain smart contracts indicate that its trust model is a smart contract on Ethereum, borrowing the security of Ethereum.

  • The off-chain aggregator means that it will execute and aggregate off-chain transactions, compress large batches of transactions and eventually place them on the Ethereum mainnet, achieving the goal of faster and lower costs.

There are many components in the L2 network node, of which the sorter component is the most important. It is responsible for receiving transaction requests on L2, determining their execution order, and batching the transaction sequence so that it can be delivered to the Rollup project contract on L1. It is important to note that all L2 rollup sorters in Ethereum are currently centralized, as shown in the figure below.

(2) Centralized sorter problem

L2 full nodes can obtain transaction sequences in two ways: directly from the sorter, or by reading the transaction package (Batch) sent by the sorter to L1, but the latter has stronger immutability. Since transaction execution changes the state of the blockchain ledger, in order to ensure consistency, in addition to obtaining the transaction sequence, the L2 full node must also synchronize the ledger state with the sorter. Therefore, the task of the sorter is not only to send the transaction package to the Rollup contract of L1, but also to send the state update result Stateroot/Statediff after the transaction is executed to L1. Generally speaking, the task of the sorter is to process transactions and add transaction ordering to blocks in the blockchain. It is responsible for batching transactions and publishing transactions to L1 smart contracts.

For L2's full node, as long as the transaction sequence and initial Stateroot of the Rollup on L1 are obtained, the L2 blockchain ledger can be restored and the latest Stateroot can be calculated. On the contrary, if the Stateroot calculated by L2's own full node is inconsistent with the Stateroot published by the sorter to L1, it means that the sorter has committed fraud. Therefore, compared with the L2 network itself, L1 is more decentralized, trustless, and more secure.

(3)ON stack

So the question is, can L2 forge some non-existent or wrong transactions, such as transferring token assets from L2 to the runner address of the sorter, and then transferring these token assets to L1 to steal user assets? The answer is: if one wants to do so, it is entirely possible. So in the face of the possible fraud risk of the sorter, different types of rollups adopt different responses.

Let's take Optimistic Rollup as an example, which allows L2 full nodes to provide fraud proofs to prove that the data published by the sorter in L1 is wrong. But for Optimism without fraud proofs, if a person really wants to steal L2 user assets through the sorter, then he only needs to let the sorter runner forge transaction orders and transfer other people's assets in L2 to his own address, and then finally transfer the stolen tokens to L1 through the rollup bridge contract.

To solve this possible problem, the current solution is to rely on community members and social media to reach a so-called "consensus" and rely on OP as an official credit endorsement. Therefore, to sum up, the security of OP Rollup depends at least on having an honest L2 node that can issue fraud proofs to ensure that OP Stack is multi-chain single-select, as described in the "Differences between OP Stack and ZK Stack" section above.

(4)ZK Stack

Let's explore ZK Stack. In the ZK Rollup network, there is a Prover node that specializes in publishing transaction packages for the sorter and generating validity proofs. These validity proofs have dedicated verification contracts on L1. Once the transaction package and its corresponding Stateroot/Statediff proofs are verified by the verifier contract, the transaction is completed. The difference from OP Stack is that in addition to relying on L2 full nodes, ZK Rollup also uses validity proofs to solve the sorter fraud problem. The official bridge of ZK Rollup also only allows withdrawal transactions verified by validity proofs, which is obviously much more reliable than Optimism, that is, ZK Stack is multi-chain and multi-select, as described in the "Difference between OP Stack and ZK Stack" section above.

In theory, the security of ZK Rollup is guaranteed by the validator contract on L1, or the final confirmation of the transaction is completed by the L1 node. Compared with the security of OP Rollup, it depends on at least one honest L2 node to issue a fraud proof. Both inherit the security of L1 (ETH), but it may not be the case from the most stringent point of view, but this is the best solution at present, and compared with other public chains, Ethereum has gone through so many years of development, and its security is undoubtedly the most trustworthy. Compared with other public chains, Ethereum is undoubtedly the most trustworthy and secure chain.

Just like the blockchain triangle, there seems to be a triangle of security, simplicity, and efficiency in the overall user experience of the "product", and ZK Stack believes more than OP Stack that relying on mathematics and code can improve overall security, thereby greatly increasing the overall complexity. So there are also some clichés about ZK:

  • Latency issue: ZK Rollup also needs to solve the latency issue of L2 nodes publishing data to L1. Just like boxes need to be prepared for express delivery, every time a sorter or prover sends data to L1, a fixed cost is incurred. In order to reduce costs, sorters and provers will try to reduce the frequency of publishing data on L1, but wait for a large amount of data to appear at the same time, and then package them together for publication.

  • Speed ​​issue: ZK Rollup faces the challenge of slow speed in generating validity proofs. Although the sequencer can execute thousands of transactions in 1 second, it may take hours to generate validity proofs for these transactions. To solve this problem, the mainstream ZK Rollup network adopts an innovative approach: breaking down the proof generation task into multiple small tasks, which are processed in parallel by different prover nodes, which greatly improves the proof generation speed.

  • Cost issue: In order to reduce the overall cost, many ZK Rollup solutions adopt the strategy of "aggregating multiple proofs and sending them to L1 at once". This means that the prover will not send the proof to L1 immediately after generating it, but wait for multiple proofs to be generated, aggregate them together and send them to the verifier contract on L1. Through this aggregation, one proof can contain and verify the computational steps generated by multiple proofs, further reducing the overall data cost.

  • Transaction volume problem: If not enough transactions are initiated, the sorter may delay publishing data to L1. For example, during periods of market inactivity, some Rollup networks may only send a batch of transactions to L1 every half an hour. However, this problem can be effectively solved in some other Rollup schemes, such as Starknet, which reduces data costs by reducing the frequency of Statediff publication.

Regarding the question of what is a more suitable decentralized sorter solution, modularity may be the best solution because modularity means greater customizability. The main decentralized types currently available are the following five:

  • Single Sequencer & POA

  • Based rollup

  • DVT x Sequencer

  • Shared Sequencer

  • Bootstrapping a new sequencer set

We believe that not only in the future, many of the above problems can be further solved through technology. For example, in order to reduce the generation time of validity proofs, Optimism promises to release a fraud proof system in the near future, and Ethereum’s Danksharding plan will also significantly reduce the data cost of rollup, and the decentralized sorter problem will also be overcome. Together they will provide effective solutions to the above problems.

4. How will the narrative develop?

Hyperchain and super expansion have always been the expansion direction that everyone is concerned about. Although these projects are still in the early stages of development, they all bring a stronger narrative to Ethereum. Now we can see that OP Stack has gained more adoption, and many star public chains have joined OP Stack, such as Coinbase, opBNB, Zora, Worldcoin and many other public chains have done a good brand endorsement for OP Stack. Including recently on the evening of June 26, zkSync announced the launch of ZK Stack, a modular open source framework for building custom ZK rollups, which is also considered by many to be the killer application used by the zkSync team to deal with the number one OP Stack. On one side is OP Stack with its first-mover advantage, and on the other side is ZK Stack with its mathematical advantage. In short, the value of L2 can be accumulated into rollup tokens, and the expansion battle of L2 has just begun. What do you think of this war without gunpowder?