Search

Search for projects by name

Metis Andromeda logoMetis Andromeda

Badges

About

Metis Andromeda is an EVM-equivalent solution originally forked from Optimism OVM. Since April 2024 hashes of data blobs are posted to EOA similarly to OPStack chains. It uses a decentralized Sequencer pool running Tendermint consensus and MPC module to...


Value secured
$301.23 M12.4%
Canonically Bridged
$301.23 M
Externally Bridged
$0.00
Natively Minted
$0.00

  • Tokens
  • Daily UOPS
    1.6630.3%
  • 30D ops count
    2.80 M

  • Type
    Optimium
  • Purpose
    Universal
  • Sequencer failureState validationData availabilityExit windowProposer failure

    Badges

    About

    Metis Andromeda is an EVM-equivalent solution originally forked from Optimism OVM. Since April 2024 hashes of data blobs are posted to EOA similarly to OPStack chains. It uses a decentralized Sequencer pool running Tendermint consensus and MPC module to...

    Recategorisation

    151d
    16h
    53m
    58s

    The project will be classified as "Other" due to its specific risks that set it apart from the standard classifications.

    The project will move to Others because:

    The proof system isn't fully functional

    Consequence: projects without a proper proof system fully rely on single entities to safely update the state. A malicious proposer can finalize an invalid state, which can cause loss of funds.

    There is no data availability bridge

    Consequence: projects without a data availability bridge fully rely on single entities (the sequencer) to honestly rely available data roots on Ethereum. A malicious sequencer can collude with the proposer to finalize an unavailable state, which can cause loss of funds.

    Learn more about the recategorisation here.

    Value Secured
    Canonical
    External
    Native
    Activity
    Metis Andromeda
    Ethereum
    Milestones & Incidents

    Data hashes posted to EOA

    2023 Mar 15th

    Hashes to data blobs are now posted to EOA address instead of CanonicalTransactionChain contract.

    Learn more

    Data availability change

    2022 Apr 12th

    Update moving data to an off-chain committee.

    Learn more
    Risk summary
    Risk analysis
    Sequencer failureState validationData availabilityExit windowProposer failure

    Sequencer failure

    Enqueue via L1

    Users can submit transactions to an L1 queue, but can’t force them. The sequencers cannot selectively skip transactions but can stop processing the queue entirely. In other words, if the sequencers censor or are down, they are so for everyone.

    State validation

    None

    Currently the system permits invalid state roots. More details in project overview.

    Data availability

    External (MEMO)

    Transaction data is kept in MEMO decentralized storage.

    Exit window

    None

    There is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.

    Proposer failure

    Cannot withdraw

    Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.

    Technology

    No automatic onchain fraud proof system

    For additional security, any staked Validator can challenge invalid state root submitted by the Sequencer. Other Validators will then act as referees in an interactive challenge game. Dishonest Validator majority can push invalid state root onchain, and potentially slash honest Sequencer.

    • Funds can be stolen if an invalid state root is submitted to the system (CRITICAL).

    1. MVM_Verifier.sol#L133 - Metis source code

    Data is recorded off-chain in MEMO

    Transaction data is not stored onchain, rather it is recorded in off-chain decentralized storage MEMO from MemoLabs. Data hashes are posted to an EOA address.

    • Funds can be stolen if sequencer withholds data for more than seven days while at the same time submits fraudulent state root (CRITICAL).

    1. The Tech Journey: Lower Gas Costs & Storage Layer on Metis
    Learn more about the DA layer here: Meeda logoMeeda
    Operator

    The system has a decentralized sequencer set

    As of April 2024 Metis uses a permissioned sequencer pool running a Tendermint consensus. Once consensus is reached on a block, an MPC address is used to submit a block hash to Ethereum. The infrastructure to manage the MPC is offchain and not trustless because Ethereum does not verify the validity of MPC address.

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

    1. Decentralized Sequencer - Metis documentation

    Users can enqueue transactions

    Users can submit transactions to an L1 queue, but can’t force them. The sequencer cannot selectively skip transactions but can stop processing the queue entirely. In other words, if the sequencer censors or is down, it is so for everyone.

    • Users can be censored if the operator is offline or refuses to process the queue.

    1. CanonicalTransactionChain - Etherscan source code
    Withdrawals

    Regular exit

    The user initiates the withdrawal by submitting a regular transaction on this chain. When the block containing that transaction is finalized the funds become available for withdrawal on L1. The process of block finalization usually takes several days to complete. Finally the user submits an L1 transaction to claim the funds. This transaction requires a merkle proof.

    • Funds can be frozen if the centralized validator goes down. Users cannot produce blocks themselves and exiting the system requires new block production (CRITICAL).

    1. Withdrawing from Metis - Metis documentation

    Forced exit

    If the user experiences censorship from the operator with regular exit they can submit their withdrawal requests directly on L1. The system is then obliged to service this request or halt all messages from L1, including all forced withdrawals and deposits. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular exit.

    Other considerations

    EVM compatible smart contracts are supported

    Metis uses the Optimistic Virtual Machine (OVM) 2.0 to execute transactions.

    • Funds can be lost if there are mistakes in the highly complex OVM implementation.

    1. MVM repository - Metis source code
    Permissions

    The system uses the following set of permissioned addresses:

    Sequencer 0x1A9d…D914

    Central actor allowed to commit transactions to L1.

    Metis Multisig Execution Verifiers

    A Gnosis Safe with 4 / 9 threshold. This address is the owner of all the upgradable contracts of the system. This allows it to censor messages or pause message bridge altogether, upgrade bridge implementation potentially gaining access to all funds stored in a bridge and change the sequencer, state root proposer or any other system component (unlimited upgrade power).

    State Root Proposer 0xf3CE…9040

    Central actor to post new state roots to L1.

    Execution Verifiers Metis Multisig

    Those addresses can challenge the state roots submitted by the state root proposer.

    Smart contracts
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    The system consists of the following smart contracts on the host chain (Ethereum):

    This contract implements a voting scheme with which the majority of Verifiers can challenge malicious state roots proposed. There are no whitelisted verifiers, hence this contract is not used in practice.

    CanonicalTransactionChain 0x56a7…e1C9

    The Canonical Transaction Chain (CTC) contract is an append-only log of transactions which must be applied to the OVM state. Given that transactions batch hashes are sent to an EOA address, it allows any account to enqueue() a transaction, which the Sequencer must eventually append to the rollup state.

    The State Commitment Chain (SCC) stores a list of proposed state roots in a linked ChainStorageContainer contract. Only a permissioned state root proposer (MVM_Proposer) can submit new state roots.

    ChainStorageContainer-CTC-batches 0x3847…16B7
    ChainStorageContainer-CTC-queue 0xA91E…2E57
    ChainStorageContainer-SCC-batches 0x1073…d6f9
    BondManager 0x5958…0528

    The Bond Manager contract will handle deposits in the form of an ERC20 token from bonded Proposers. It will also handle the accounting of gas costs spent by a Verifier during the course of a challenge. In the event of a successful challenge, the faulty Proposer’s bond will be slashed, and the Verifier’s gas costs will be refunded. Current mock implementation allows only OVM_Proposer to propose new state roots. No slashing is implemented.

    The L1 Cross Domain Messenger (L1xDM) contract sends messages from L1 to Metis, and relays messages from Metis onto L1. In the event that a message sent from L1 to Metis is rejected for exceeding the Metis epoch gas limit, it can be resubmitted via this contract’s replay function.

    MVM_DiscountOracle 0x7f6B…7063

    Oracle specifying user fees for sending L1 -> Metis messages and other parameters for cross-chain communication.

    Lib_AddressManager 0x9187…867d

    This is a library that stores the mappings between names such as OVM_Sequencer, OVM_Proposer and other contracts and their addresses.

    Contract that allows METIS_MANAGER to switch Sequencer.

    Main entry point for users depositing ERC20 tokens and ETH that do not require custom gateway. This contract can store any token.

    Contract allowing users to lock tokens to apply to become a sequencer, receive rewards, unlock tokens to exit the sequencer, reward distribution.

    Contract acting as an escrow for METIS tokens managed by LockingPool.

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).