Privileged Roles

This page lists the addresses that operate the Zircuit network.

Operators

Batcher

This is a hot wallet that continuously submits transactions onchain. It’s the component that submits new transaction batches and lets the L2 blockchain finalize new blocks.

Mainnet (Ethereum) address: 0xAF1E4f6a47af647F87C0Ec814d8032C4a4bFF145
Testnet (Sepolia) address: 0xa07FA473B87D7ADee161f458aF300255B65F33f6

Proposer

This is a hot wallet that continuously submits transactions onchain. It’s the component that submits new state roots for the L2 outputs that are essential for users to withdraw their funds on the L1.

Mainnet (Ethereum) address: 0xE8C20EA8eF100d7aa3846616E5D07A5aBb067C65
Testnet (Sepolia) address: 0x79B1a59c9d510213Dce55C106fcBc64D2F98f34E

Admin roles

Challenger (multisig 1)

This role is authorized to call deleteL2Outputs() to remove a state commitment. This only works for non-finalized outputs and is for emergency purposes only.

System Config Owner (multisig 1)

This is the address authorized to change the settings in the SystemConfig contract. These settings are:

The blocks signer: L2 blocks propagated among Zircuit nodes via peer-to-peer communication must be signed by this wallet to be considered valid.
The batcher hash: identifier for the batcher operator.
The gas config: overhead and scalar values used to determine the L1 costs.
The gas limit: the maximum amount of gas allowed in every L2 block.
The resource config: the configuration for the EIP-1559 based curve for the deposit gas market.

L1 ProxyAdmin Owner (multisig 1)

This is the owner of the ProxyAdmin contract deployed on the L1 that controls most of the L1 contracts and can upgrade them if necessary. The ProxyAdmin contract is an auxiliary contract meant to be assigned as the admin of an ERC1967 Proxy, based on the OpenZeppelin implementation.

L2 ProxyAdmin Owner (multisig 1)

This is the owner of the ProxyAdmin contract deployed on the L2 that controls most of the L2 contracts and can upgrade them if necessary. The ProxyAdmin contract is an auxiliary contract meant to be assigned as the admin of an ERC1967 Proxy, based on the OpenZeppelin implementation.

Emergency roles

Guardian (multisig 2)

The OptimismPortal is pausable as a backup safety mechanism that allows a specific GUARDIAN address to temporarily halt deposits and withdrawals to mitigate security issues if necessary.

Monitor

Addresses with the MONITOR role can pause message passing from L1 to L2, which includes ERC20, ERC721 and ETH deposits and withdrawals. Similarly on L2, this role can also pause message passing from L2 to L1.

Operator

Addresses with the OPERATOR role have all the capabilities of the MONITOR role, and additionally they can unpause message passing, reenabling bridging. This role can also throttle the amount of ETH that is allowed to be deposited from L1 to L2 and similarly the amount of ETH that can be withdrawn from L2 to L1.

Multisig addresses

To execute a transaction from these contracts, a certain threshold of owners needs to sign a message unique to each particular transaction. 6/8 means at least six out of eight owners need to sign the message.

Multisig 1: 6/8
- Ethereum: 0xC463EaC02572CC964D43D2414023E2c6B62bAF38
- Zircuit: 0xC463EaC02572CC964D43D2414023E2c6B62bAF38
Multisig 2: 2/5
- Ethereum: 0x2c0B27F7C8F083B539557a0bA787041BF22DB276
- Zircuit: 0x2c0B27F7C8F083B539557a0bA787041BF22DB276

PreviousSecurity NextBug Bounty

Last updated 14 days ago