Outposts

Pessimism Base crypto

30 Sep 2023

Enhancing Security in DeFi: Introducing Pessimism, the Open Source Monitoring System for Base

BASE, an Ethereum rollup utilizing Optimism’s OP stack created Pessimism, an open-source monitoring system with the aim of bolstering the security of Base, by swiftly identifying and addressing a multitude of protocol vulnerabilities.

Introduction

In the endeavor to launch Base, the focus was on creating an open and permissionless network that could serve as a platform for various creative projects to thrive. In consideration of this open environment, there was an emphasis on maintaining strong in-house monitoring capabilities to promptly identify and address any real-time protocol threats.

Introducing Pessimism, a monitoring system meticulously designed to bolster the security of OP Stack and EVM-compatible chains. Since its launch, the Coinbase team has been utilizing Pessimism internally, ensuring continuous oversight and monitoring of the Base mainnet. In a generous commitment to promoting public benefit, Pessimism is released as open-source software under the MIT license, making it freely available for all to use.

Does monitoring matter?

Before discussing if it matters or not - let us talk about monitoring. Monitoring encompasses the process of gathering, analyzing, and deciphering data to verify the proper functioning of systems. This holds significance for both swift incident response and the overarching security of a blockchain since our ability to respond to threats hinges on our awareness of their existence.

Yes, monitoring is essential on Base for:

  • Performance Evaluation: The network's performance is assessed through the monitoring of response times, throughput (transaction processing speed), and error rates. This approach enables proactive responses to potential malfunctions. Notable examples of performance data analyzed include the block production rate, the frequency of state updates to L1, and the communication flow between L2 and L1.
  • Security: The system can detect and address security threats and vulnerabilities, including unauthorized access attempts, unusual activities, and potential breaches.

Follow us on Twitter

We share product updates and trends, find us here:

Pessimism for better Optimism

How Pessimism works

Pessimism is equipped to identify protocol threats that are unique to the OP Stack, including Withdrawal Enforcement and Fault Detection, alongside broader EVM blockchain events such as Balance Enforcement and Event Emission. This capability allows for the detection of unauthorized or malicious activities within the Base native bridge and the L1/L2 system contracts on Base. Additionally, it can effectively record instances of liveness failures, especially concerning critical protocol roles like the proposer.

Presently, Pessimism provides monitoring for the subsequent use cases:

  1. (OP Stack) Identifying Possible Faults: The fault-detection mechanism guarantees the validity of all output roots submitted by the proposer from L2 to L1 (comprising hashed transactions that demonstrate activity from L2 to L1). To achieve this, Pessimism recreates an output root locally and cross-references it with the one submitted to the L2OutputOracle contract, ensuring their equivalence. This step plays a pivotal role in safeguarding the integrity of both the L2Proposer and the submitted output roots. Any potential forged output root could pose a severe threat, potentially enabling an attacker to deplete all funds from the L1 portal contract.
  2. (OP Stack) Safeguarding User Withdrawals: Bridging operations often become vulnerable to critical exploits, underscoring the importance of monitoring withdrawal events. Pessimism's withdrawal-enforcement heuristic assesses whether a verified OP Stack bridge withdrawal on L1 aligns with an initiating event on the L2 chain. This verification process is fundamental to ensuring that all native bridge withdrawals adhere to the necessary two-step validation for L2→L1 withdrawals. The absence of such alignment could potentially signal the presence of a security exploit.
  3. (EVM) Imposing Account Balance Limits: The balance-enforcement heuristic guarantees that the native ETH balance of an address consistently remains within predefined user-defined thresholds, whether above or below. This measure is of utmost importance when overseeing the accounts of privileged protocol entities (e.g., proposer, batcher) on OP Stack chains, helping to identify potential liveness failures due to insufficient funds.
  4. (EVM) Spotting Smart Contract Events: The contract-event heuristic keeps an eye on emitted smart contract events, necessitating a smart contract address and a predefined set of event signatures to execute. This vigilance is crucial for identifying potential alterations in access management, such as updates to thresholds in a Gnosis Safe multi-sig, and detecting any potentially malicious superuser actions, such as an unexpected pause of the native bridge by an OP Stack Guardian.
Pessimism subsystems crypto base

Pessimism consists of three primary subsystems that monitor, assess, and alert:

  1. ETL: The ETL (extract, transform, load) component performs the task of parsing and converting real-time blockchain data, such as blocks, events, and account balances, into formats that can be readily consumed by applications.
  2. Risk Engine: Within the risk engine, heuristics are diligently evaluated to generate alerts, utilizing data sourced from the ETL process.
  3. Alerting: The alerting system plays a pivotal role in disseminating alerts to downstream dependency systems, which may include platforms like Slack and Pagerduty.

Pessimism includes a REST API that enables the establishment, removal, and adjustment of monitoring heuristics. Currently, the system exclusively supports the creation of heuristics, with plans to introduce capabilities for deletion and modification in the imminent future.

In the event of identifying unusual activities or events posing security risks, Pessimism promptly notifies the team to take immediate actions to mitigate potential threats.

What lies ahead for Pessimism?

Comprehensive Bridge Coverage

The native bridge plays a critical role in the OP Stack, enabling users to transfer funds from L2 to Ethereum. Due to its central position, safeguarding its secure operation against all potential failure cases and threat scenarios is of utmost importance. In the upcoming months, efforts will be focused on implementing supply monitoring and enhancing large withdrawal detection within Pessimism.

Emerging Threat Detections

The OP Stack is slated for continuous upgrades, such as the introduction of fraud proofs and shared sequencing. This will lead to the incorporation of new features and heuristics into Pessimism to ensure comprehensive coverage of the evolving protocol threat landscape.

Less is more...

Pessimism operates as a community-driven technology, inviting you to submit feature requests through GitHub issues within the repository. Furthermore, if you wish to contribute to the development of Pessimism, there are numerous beginner-friendly issues awaiting your valuable contributions and expertise!

Liked this article?

Follow DefiDevrel on twitter

Disclaimer: Nothing on this site should be construed as a financial investment recommendation. It’s important to understand that investing is a high-risk activity. Investments expose money to potential loss.

Topics

Title

$12.345

Short description

Read more

RELATED CONTENT

5 new upcoming solana projects
8 best projects built on cosmos ecosystem
Mantle Network crypto
Kujira DeFi crypto protocol
Go to outpost
    1. Introduction
    2. Does monitoring matter?
    3. How Pessimism works
    4. What lies ahead for Pessimism?
      1. Comprehensive Bridge Coverage
      2. Emerging Threat Detections
    5. Less is more...

Join Our Telegram for Exclusive Market Insights!

Dive deep into the crypto market with our Telegram community, and stay ahead of the curve. It's your daily crypto brew, and it's on the house!

Jump aboard