Optimism is one of the crypto industry's most popular Layer 2 scaling solutions. Launched on Ethereum, it benefits from the security of the Mainnet while helping scale the ecosystem using optimistic rollups. That means transactions are trustlessly recorded on Optimism and ultimately secured on the Ethereum network.

Decentralization Stage Milestones

Optimism is one of the only 6 L2s that have hit Stage 1 of decentralization. That means Optimism users can initiate withdrawals of Ethereum and ERC 20 tokens without any involvement from trusted third parties.

This move was made only in June 2024, showcasing the big gap in decentralization that still exists in crucial crypto infrastructure. However, it's a commendable step towards transparency.

The move by Optimism to increase its decentralization measures follows a directive issued by Ethereum developers urging L2s to be more secure going forward. The move is intended to:

1. Make it easier for users to identify the extent to which a particular rollup depends on “trust in a specific group of humans” vs “trust in code”

2. Help motivate rollup projects to improve on their trust models, reducing the risk that trust minimization gets deprioritized because it is “less visible” than eg. flashy UX improvements

3. Give the ecosystem some precise milestones to coordinate around and celebrate, letting us say when “The Surge” is half-complete or fully complete, paralleling “The Merge.”

Multisig Security Issues Still Exist

While it is commendable that the Optimism team has guided the chain to Decentralization Stage 1, deeper issues still exist. Its Multisig wallets appear to be a weak link.

According to crypto investigator TruthLabs, 5 of the 7 signatures are required to perform a transaction on Multisig. 5 of the existing 7 were originally set up and funded by the same Dev wallet, which shows the centralization of a crucial part of the ecosystem.

This could mean that one entity may have access and clearance enough to drain, delete, or sabotage this blockchain.

According to Optimism, the chain's security is currently dependent on “a multisig managed jointly by the Optimism Security Council and the Optimism Foundation.”

It continues to explain that this multisig is a “2-of-2 nested multisig, which is in turn governed by a 4-of-13 multisig managed by the Optimism Security Council and a 5-of-7 multisig managed by the Optimism Foundation.

Their explanation is that this multisig can be used to “Upgrade core OP Mainnet smart contracts WITHOUT UPGRADE DELAYS for quick responses to potential security concerns.” While this use case is for a ‘good cause,’ the ability to swiftly rewrite the core smart contracts on the Mainnet is a threat in itself. If it falls into the wrong hands, the whole blockchain can be compromised instantly, although both sets of Multisigs need to approve such upgrades and have the power to veto.

Do you think that arrangement is fully secure and convincing?