How Does Optimism Work?

L2|Risk C+|9 mechanisms|6 interactions

Optimism is an Ethereum Layer 2 optimistic rollup and the foundation of the Superchain — a network of OP Stack-powered chains that share security and revenue infrastructure. With approximately $1.8B in DeFi TVL on OP Mainnet, it is a major L2 ecosystem. Its C+ grade reflects material centralization risks: the sequencer is operated solely by OP Labs with no decentralized fallback (experienced multiple outages in 2025), the Security Council can perform emergency upgrades without timelock, and a 2/2 multisig of the Foundation and Security Council controls all contract upgrades. Organizational stress accelerated in March 2026: OP Labs laid off 20% of staff on March 12 following Base's departure from Superchain revenue sharing and the OP token reaching an all-time low of ~$0.12.

TVL

$511M

Sector

L2

Risk Grade

C+

Value Grade

D+

Core Mechanisms

7.1 Optimistic Rollup

OP Stack optimistic rollup with Cannon fault proof VM

Standard optimistic rollup architecture. OP Stack is the open-source implementation powering OP Mainnet, Base, and other Superchain members.

7.2 Sequencer

Centralized sequencer operated by OP Labs with L1 forced-inclusion fallback

Standard centralized sequencer pattern. Forced inclusion via L1 provides censorship resistance backstop with ~12h delay.

7.3 Fraud Proof System

Novel

Cannon fault proof VM with permissionless challengers (Stage 1)

Cannon is a MIPS-based fault proof VM that enables permissionless dispute resolution. The Jovian upgrade patched medium-severity vulnerabilities. Still maturing relative to Arbitrum's BOLD system.

6.1 Bridge / Lock-and-Mint

Canonical OP Bridge with 7-day withdrawal challenge period

Standard optimistic rollup bridge. 7-day withdrawal delay for challenge period.

5.1 Governance Token

OP token with bicameral governance (Token House + Citizens' House)

Standard governance token. Bicameral structure is somewhat novel in concept but governance token functionality is standard.

5.2 Timelock Governance

Constitutional governance with timelocks for non-emergency proposals

Standard timelock governance. Emergency actions via Security Council bypass timelocks.

5.3 Multisig / Security Council

Security Council with emergency upgrade powers over OP Mainnet contracts

Standard security council pattern for Stage 1 rollups.

8.2 Superchain / Shared Sequencing

Superchain network of OP Stack chains sharing security and sequencer infrastructure

Shared infrastructure model for L2 chains. Superchain members contribute sequencer revenue to the Optimism Collective.

4.3 Retroactive Public Goods Funding

RetroPGF rounds funded from OP token allocation and sequencer revenue

Retroactive funding for public goods builders. Innovative governance experiment but not a risk-bearing mechanism.

How the Pieces Interact

Security CouncilCanonical OP BridgeHigh

The Security Council can perform emergency upgrades to bridge contracts without timelock, meaning a compromised council could redirect or freeze bridged assets.

Centralized SequencerCannon Fault Proof SystemMedium

If the sequencer withholds data or censors transactions, users depend on L1 forced inclusion with ~12h delay. During this period, the fault proof system cannot process disputes on withheld transactions.

Security CouncilCannon Fault Proof SystemHigh

The Security Council retains override authority over the fault proof system, meaning it can finalize state roots that bypass Cannon's permissionless challenge mechanism. This is a Stage 1 safety mechanism but creates trust assumptions.

Superchain Revenue SharingOP Governance TokenMedium

If major Superchain members (especially Base) reduce or eliminate their revenue contributions, the economic foundation supporting OP token value and the Optimism Collective's operations could weaken significantly.

Canonical OP BridgeCannon Fault Proof SystemMedium

Bridge withdrawals depend on the 7-day challenge period and fault proof finality. Disclosed vulnerabilities in the fault proof VM (patched in Jovian) demonstrate that implementation bugs could delay or compromise withdrawals.

See all 6 interactions in the full risk report →

What Could Go Wrong

  1. Optimism's sequencer remains fully centralized, operated solely by OP Labs with no decentralized fallback or concrete timeline for decentralization. Multiple sequencer outages occurred in 2025 (August and November), confirming this as a live operational risk rather than a theoretical concern. During downtime, users cannot submit transactions and must wait ~12 hours to force-include via L1.
  2. The Security Council (10/13 multisig) retains emergency upgrade powers over all OP Mainnet contracts without timelock delay, and the SuperchainProxyAdmin is controlled by a 2/2 multisig of the Optimism Foundation and Security Council — meaning just two entities can upgrade all contracts. This creates significant counterparty risk until Stage 2 decentralization is achieved.
  3. OP Labs laid off 20% of its workforce (20 employees) on March 12, 2026, following Base's departure from Superchain revenue sharing and the OP token reaching an all-time low of ~$0.12. The layoffs signal material organizational stress and raise questions about OP Labs' capacity to maintain sequencer infrastructure and advance decentralization milestones.
  4. Only 49% of the OP token supply is currently unlocked, with ~31.3 million OP tokens unlocking monthly (approximately 1.6% of circulating supply) plus 2% annual inflation. Combined with weak fee capture (D+ value grade) and Base's revenue departure, this creates persistent dilution pressure with no credible path to offsetting through protocol revenue.
  5. The fault proof system (Cannon) has had disclosed medium-severity vulnerabilities patched in the Jovian upgrade. While permissionless fault proofs are live (Stage 1), the Security Council retains override authority to finalize state roots bypassing Cannon's challenge mechanism, undermining the decentralization fault proofs are meant to provide.

Security Council Emergency Upgrade Exploitation

Tail

Trigger: Multiple Security Council members are simultaneously compromised through key theft or coercion, enabling unauthorized emergency upgrades to OP Mainnet bridge and rollup contracts

  1. 1.Attacker gains control of sufficient Security Council private keys to reach the emergency threshold Emergency upgrade capability unlocked without timelock delay
  2. 2.Malicious contract upgrade pushed to the canonical OP Bridge and rollup contracts Attacker can redirect bridged assets, mint unbacked tokens, or freeze bridge operations
  3. 3.Users discover the compromise and attempt mass withdrawals; 7-day challenge period traps existing withdrawal requests Panic spreads across the Superchain as all OP Stack chains share infrastructure trust assumptions
  4. 4.OP token price collapses; DeFi protocols on OP Mainnet experience cascading liquidations Billions in TVL across the Superchain ecosystem at risk; trust in OP Stack security model damaged
See all 3 collapse scenarios in the full risk report →

Risk Profile at a Glance

Mechanism Novelty4/15
Interaction Severity10/20
Oracle Surface0/10
Documentation Gaps2/10
Track Record2/15
Scale Exposure7/10
Regulatory Risk7/10
Vitality Risk6/10
C+

Overall: C+ (38/100)

Lower score = safer

More on Optimism

Is Optimism Safe?

Safety analysis

Is Optimism a Good Investment?

Value analysis

Full Risk Report

All mechanisms & interactions

Related L2 Explainers

How Does MegaETH Work?CHow Does BOB (Build on Bitcoin) Work?CHow Does Fuel Network Work?CHow Does Blast Work?CHow Does Movement Work?C