OP Stack Configurability
Table of Contents
When deploying the OP Stack software to a production environment, certain parameters about the protocol can be configured. These configurations can include a variety of parameters which affect the resulting properties of the blockspace in question.
There are four categories of OP Stack configuration options:
- Consensus Parameters: Parameters and properties of the chain that may be set at genesis and fixed for the lifetime of the chain, or may be changeable through a privileged account or protocol upgrade.
- Policy Parameters: Parameters of the chain that might be changed without breaking consensus. Consensus is enforced by the protocol, while policy parameters may be changeable within constraints imposed by consensus.
- Admin Roles: These roles can upgrade contracts, change role owners, or update protocol parameters. These are typically cold/multisig wallets not used directly in day to day operations.
- Service Roles: These roles are used to manage the day-to-day operations of the chain, and therefore are often hot wallets.
Each category also defines the standard configuration values for it's given parameters. Standard configuration is the set of requirements for an OP Stack chain to be considered a Standard Chain within the superchain. These requirements are currently a draft, pending governance approval.
The recommended way to deploy L1 contracts for an OP chain that meet the standard configuration will be with the OP Stack Manager.
Consensus Parameters
| Config Property | Description | Administrator | Standard Config Requirement | Notes |
|---|---|---|---|---|
| Batch Inbox address | L1 address where calldata/blobs are posted (see Batcher Transaction). | Static | Current convention is versionByte || keccak256(bytes32(chainId))[:19], where || denotes concatenation, versionByte is 0x00, and chainId is a uint256. | It is recommended, but not required, to follow this convention. |
| Batcher Hash | A versioned hash of the current authorized batcher sender(s). | System Config Owner | bytes32(uint256(uint160(batchSubmitterAddress))) | Batch Submitter address padded with zeros to fit 32 bytes. |
| Chain ID | Unique ID of Chain used for TX signature validation. | Static | Foundation-approved, globally unique value 1. | Foundation will ensure chains are responsible with their chain IDs until there's a governance process in place. |
| Proof Maturity Delay | The length of time that must pass between proving and finalizing a withdrawal. | L1 Proxy Admin | 7 days | High security. Excessively safe upper bound that leaves enough time to consider social layer solutions to a hack if necessary. Allows enough time for other network participants to challenge the integrity of the corresponding output root. |
| Dispute Game Finality | The amount of time given to the Guardian role to blacklist a resolved dispute game before any withdrawals proven against it can be finalized, in the case of a system failure. | L1 Proxy Admin | 3.5 days | High security. Allows enough time for the Guardian to blacklist games. |
| Respected Game Type | The respected game type of the OptimismPortal. Determines the type of dispute games that can be used to finalize withdrawals. | Guardian | CANNON (0) | The game type may be changed to PERMISSIONED_CANNON (1) as a fallback to permissioned proposals, in the event of a failure in the Fault Proof system. |
| Fee Scalar | Markup on transactions compared to the raw L1 data cost. | System Config Owner | Set such that Fee Margin is between 0 and 50%. | |
| Gas Limit | Gas limit of the L2 blocks is configured through the system config. | System Config Owner | No higher than 200_000_000 gas | Chain operators are driven to maintain a stable and reliable chain. When considering to change this value, careful deliberation is necessary. |
| Genesis state | Initial state at chain genesis, including code and storage of predeploys (all L2 smart contracts). See Predeploy. | Static | Only standard predeploys and preinstalls, no additional state. | Homogeneity & standardization, ensures initial state is secure. |
| L2 block time | Frequency with which blocks are produced as a result of derivation. | L1 Proxy Admin | 2 seconds | High security & interoperability compatibility requirement, until de-risked/solved at app layer. |
| Resource config | Config for the EIP-1559 based curve used for the deposit gas market. | L1 Proxy Admin | See resource config table. | Constraints are imposed in code when setting the resource config. |
| Sequencing window Size | Maximum allowed batch submission gap, after which L1 fallback is triggered in derivation. | Static | 3_600 base layer blocks (12 hours for an L2 on Ethereum, assuming 12 second L1 blocktime). e.g. 12 second blocks, . | This is an important value for constraining the sequencer's ability to re-order transactions; higher values would pose a risk to user protections. |
| Start block | Block at which the system config was initialized the first time. | L1 Proxy Admin | The block where the SystemConfig was initialized. | Simple clear restriction. |
| Superchain target | Choice of cross-L2 configuration. May be omitted in isolated OP Stack deployments. Includes SuperchainConfig and ProtocolVersions contract addresses. | Static | Mainnet or Sepolia | A superchain target defines a set of layer 2 chains which share SuperchainConfig and ProtocolVersions contracts deployed on layer 1. |
| Governance Token | OP token used for the Optimism Collective's Token House governance. | n/a | Disabled | Simple clear restriction. |
1
The chain ID must be globally unique among all EVM chains.
Resource Config
| Config Property | Standard Config Requirement |
|---|---|
| maxResourceLimit | |
| elasticityMultiplier | |
| baseFeeMaxChangeDenominator | |
| minimumBaseFee | |
| systemTxMaxGas | |
| maximumBaseFee | -1 |
Policy Parameters
| Config Property | Description | Administrator | Standard Config Requirement | Notes |
|---|---|---|---|---|
| Data Availability Type | Batcher can currently be configured to use blobs or calldata (See Data Availability Provider). | Batch submitter address | Ethereum (Blobs, Calldata) | Alt-DA is not yet supported for the standard configuration, but the sequencer can switch at-will between blob and calldata with no restriction, since both are L1 security. |
| Batch submission frequency | Frequency with which batches are submitted to L1 (see Batcher Transaction). | Batch submitter address | 1_800 base layer blocks (6 hours for an L2 on Ethereum, assuming 12 second L1 blocktime) or lower | Batcher needs to fully submit each batch within the sequencing window, so this leaves buffer to account for L1 network congestion and the amount of data the batcher would need to post. |
| Output frequency | Frequency with which output roots are submitted to L1. | L1 Proxy Admin | 43_200 L2 Blocks (24 hours for an L2 on Ethereum, assuming 2 second L2 blocktime) or lower e.g. 2 second blocks, . | Deprecated once fault proofs are implemented. This value cannot be 0. |
Admin Roles
| Config Property | Description | Administrator | Administers | Standard Config Requirement | Notes |
|---|---|---|---|---|---|
| L1 Proxy Admin | Account authorized to upgrade L1 contracts. | L1 Proxy Admin Owner | Batch Inbox Address, Start block, Proposer address, Challenger address, Guardian address, Proof Maturity Delay, Dispute Game Finality, Output frequency, L2 block time, L1 smart contracts | ProxyAdmin.sol from the latest op-contracts/vX.Y.X release of source code in Optimism repository. | Governance-controlled, high security. |
| L1 ProxyAdmin owner | Account authorized to update the L1 Proxy Admin. | L1 Proxy Admin | 0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A 2 | Governance-controlled, high security. | |
| L2 Proxy Admin | Account authorized to upgrade L2 contracts. | L2 Proxy Admin Owner | Predeploys | ProxyAdmin.sol from the latest op-contracts/vX.Y.X release of source code in Optimism repository. Predeploy address: 0x4200000000000000000000000000000000000018. | Governance-controlled, high security. |
| L2 ProxyAdmin owner | Account authorized to upgrade protocol contracts via calls to the ProxyAdmin. This is the aliased L1 ProxyAdmin owner address. | L2 Proxy Admin | Gnosis Safe between Optimism Foundation (OF) and the Security Council (SC). Aliased Address: 0x6B1BAE59D09fCcbdDB6C6cceb07B7279367C4E3b 3 | Governance-controlled, high security. | |
| System Config Owner | Account authorized to change values in the SystemConfig contract. All configuration is stored on L1 and picked up by L2 as part of the derivation of the L2 chain. | Batch submitter address, Sequencer P2P / Unsafe head signer, Fee Margin, Gas limit, System Config Owner | Chain Governor or Servicer | As defined in the Law of Chains |
2
2 of 2 GnosisSafe between Optimism Foundation (OF) and the Security Council (SC) on L1. Mainnet and Sepolia addresses can be found at privileged roles.
3
Aliased address of the 2 of 2 Gnosis Safe between Optimism Foundation (OF) and the Security Council (SC) on L1. The reason for aliasing can be found in the glossary. This address was calculated using the following arithmetic: 0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A + 0x1111000000000000000000000000000000001111 = 0x6B1BAE59D09fCcbdDB6C6cceb07B7279367C4E3b.
Service Roles
| Config Property | Description | Administrator | Standard Config Requirement | Notes |
|---|---|---|---|---|
| Batch submitter address | Account which authenticates new batches submitted to L1 Ethereum. | System Config Owner | No requirement | |
| Challenger address | Account which can interact with existing permissioned dispute games. | L1 Proxy Admin | 0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A 4 | Optimism Foundation (OF) multisig leveraging battle-tested software. This role is only active when the OptimismPortal respected game type is PERMISSIONED_CANNON. |
| Guardian address | Account authorized to pause L1 withdrawals from contracts, blacklist dispute games, and set the respected game type in the OptimismPortal. | L1 Proxy Admin | 0x09f7150D8c019BeF34450d6920f6B3608ceFdAf2 | A 1/1 Safe owned by the Security Council Safe, with the Deputy Guardian Module enabled to allow the Optimism Foundation to act as Guardian. |
| Proposer address | Account which can create and interact with permissioned dispute games on L1. | L1 Proxy Admin | No requirement | This role is only active when the OptimismPortal respected game type is PERMISSIONED_CANNON. The L1ProxyAdmin sets the implementation of the PERMISSIONED_CANNON game type. Thus, it determines the proposer configuration of the permissioned dispute game. |
| Sequencer P2P / Unsafe head signer | Account which authenticates the unsafe/pre-submitted blocks for a chain at the P2P layer. | System Config Owner | No requirement |
4
5 of 7 GnosisSafe controlled by Optimism Foundation (OF). Mainnet and Sepolia addresses can be found at privileged roles.