Merge pull request #1559 from ethereum-optimism/sb/superchain-pause-withdrawal-test

superchain pause withdrawal test notice and docs updates

Author: sbvegan

pages/notices/_meta.json

@@ -1,4 +1,5 @@
 {
+  "superchain-withdrawal-pause-test": "Superchain withdrawal pause test",
   "upgrade-15": "Upgrade 15: Isthmus Hard Fork",
   "upgrade-14": "Upgrade 14: MT-Cannon and Isthmus L1 Contracts",
   "upgrade-13": "Upgrade 13: OPCM and incident response improvements",

pages/notices/superchain-withdrawal-pause-test.mdx

@@ -1,22 +1,37 @@
 ---
 title: Superchain withdrawal pause test
-description: Information about testing the Superchain withdrawal pause functionality.
+description: Notice about the Superchain withdrawal pause test.
 lang: en-US
 content_type: notice
-topic: pause-withdrawal-test
+topic: superchain-pause-test
 personas:
   - chain-operator
   - node-operator
-  - user
 categories:
   - security
-  - automated-pause
   - protocol
+  - infrastructure
+  - l1-contracts
 is_imported_content: 'false'
 ---
 
 import { Steps, Callout } from 'nextra/components'
 
-# Superchain withdrawal pause test 
+# Superchain withdrawal pause test
 
+<Callout type="info">
+  *   Sepolia Superchain withdrawal pause test is scheduled for **April 14th 2025**
+  *   Mainnet Superchain withdrawal pause test is scheduled for **April 30th 2025**
+</Callout>
 
+The Optimism Collective will be testing improved incident response features on the Sepolia Superchain.
+
+## What's happening
+
+1.  During this excercise, the privileged [`GUARDIAN`](/superchain/privileged-roles#guardian) address will call the `pause` function on the `SuperchainConfig`.
+2.  Members of the Optimism Collective's security team will ensure that the pause is executed correctly and the incident response improvements worked as intended.
+3.  Then the `unpause` function will be called to resume normal operations.
+
+To learn more about this functionality, please refer to this [documentation](/stack/security/pause).
+
+This functionality is important for the security of the Superchain and should be understood by Chain Operators, users, and especially for centralized exchanges and third-party bridge operators. **Please note that this will not effect any L1-to-L2 deposit transactions or L2 transactions. No action is required from users or operators.**

pages/notices/upgrade-15.mdx

@@ -40,13 +40,58 @@ For more information on the Isthmus implementation details, please review [Isthm
 
 ## For chain operators
 
-Chain operators should upgrade their nodes ahead of the activation times to a release that contains the Isthmus changes and has the activation times for their chains baked in, or set the activation times manually via overrides. The details are outlined in the node operator section below.
+Chain operators must upgrade their nodes ahead of the activation times to a release that contains the Isthmus changes and has the activation times for their chains baked in, or set the activation times manually via overrides. The details are outlined in the node operator section below. Additionally, chain operators must update `op-batcher` to [`v1.12.0`](https://github.com/ethereum-optimism/optimism/releases/tag/op-batcher%2Fv1.12.0) and should update `op-challenger` to [`v1.3.3`](https://github.com/ethereum-optimism/optimism/releases/tag/op-challenger%2Fv1.3.3). 
 
-In addition to this, the L1 smart contract upgrades in [upgrade 14](/notices/upgrade-14) are required to utilize this new functionality.
+In addition to this, the L1 smart contract upgrades in [upgrade 14](/notices/upgrade-14) are required to utilize this new funcationality.
 
 ### For permissionless fault proof enabled chains
 
-In addition to the upgrade 14 contract updates. Chains running permissionless fault proofs will need to deploy new dispute game contracts with new absolute prestates. The new op-program release that contains the activation timestamps will be available soon.
+Chains running permissionless fault proofs will need to deploy new dispute game contracts with new absolute prestates. The new 64 bit version of cannon will be utilized moving forward. The Sepolia Superchain, will utilize [op-program/v1.6.0-rc.1](https://github.com/ethereum-optimism/optimism/tree/op-program/v1.6.0-rc.1). The following permissionless fault proof Sepolia chains are: `Base Sepolia`, `Ink Sepolia`, and `OP Sepolia`.
+
+<Steps>
+  ### Verify the new absolute prestate
+
+  The absolute prestate is generated with the [op-program/v1.6.0-rc.1](https://github.com/ethereum-optimism/optimism/tree/op-program/v1.6.0-rc.1). You can use this new absolute prestate (`0x03394563dd4a36e95e6d51ce7267ecceeb05fad23e68d2f9eed1affa73e5641a`) for the following chains:
+
+  *   Sepolia: Base, Creator Chain, OP, Metal, Mode, Zora, Ethernity, Unichain, Ink, and Minato (Soneium)
+
+  You can verify this absolute prestate by running the following [command](https://github.com/ethereum-optimism/optimism/blob/5f003211aed7469eed7df666291a62c025d1c46c/Makefile#L129-L131) in the root of the monorepo on the `op-program/v1.6.0-rc.1` tag:
+
+  ```shell
+  make reproducible-prestate
+  ```
+
+  You should expect the following output at the end of the command:
+
+  ```shell
+  Cannon Absolute prestate hash:
+  0x03526dfe02ab00a178e0ab77f7539561aaf5b5e3b46cd3be358f1e501b06d8a9
+  Cannon64 Absolute prestate hash:
+  0x03394563dd4a36e95e6d51ce7267ecceeb05fad23e68d2f9eed1affa73e5641a
+  CannonInterop Absolute prestate hash:
+  0x03ada038f8a81526c68596586dfc762eb5412d4d5bb7cb46110d8c47ee570d7e
+  ```
+
+  ### Upload your new preimage file
+
+  During the previous step, you also generated the preimage of the absolute prestate, which is basically the op-program serialized into a binary file. You'll find that new file at `optimism/op-program/bin/prestate.bin.gz`. Rename that file to have the absolute prestate hash as the filename so it looks like `0x03394563dd4a36e95e6d51ce7267ecceeb05fad23e68d2f9eed1affa73e5641a.bin.gz`.
+
+  Upload that file to where you're storing your other absolute preimage files. This should be the location where you're pointing your `--cannon-prestates-url` at. The `op-challenger` will grab this file and use it when it needs to challenge games.
+
+  ### Deploy new dispute game contracts
+
+  You will then take the absolute prestate and deploy new `FaultDisputeGame` and `PermissionedDisputeGame` contracts with that value. 
+
+  ### Update the DisputeGameFactory
+
+  You will then need to update the `DisputeGameFactory` to point to the new `FaultDisputeGame` and `PermissionedDisputeGame` contracts by calling `DisputeGameFactory.setImplementation`. 
+
+  ### Execute the upgrade
+
+  Once your `op-challenger` is ready with the new preimage, you can execute the "Set Dispute Game Implementation" transaction. Please simulate and validate that the expected output prior to executing the transaction.
+</Steps>
+
+The new op-program release that contains the Mainnet activation timestamps will be available soon.
 
 ## For node operators
 

pages/stack/security/_meta.json

@@ -1,5 +1,5 @@
 {
     "faq": "Security FAQs",
-    "pause": "Pause and unpause the Bridge",
+    "pause": "Pause and unpause the bridge",
     "audits-report": "Audit reports"
 }

pages/stack/security/pause.mdx

@@ -23,15 +23,16 @@ is_imported_content: 'false'
 The [`OptimismPortal`](https://github.com/ethereum-optimism/optimism/blob/v1.1.4/packages/contracts-bedrock/src/L1/OptimismPortal.sol) is the low-level L1 message passing contract present on all standard OP Stack chains.
 This contract handles the L1 side of the communication channel between an OP Stack chain and its L1 parent chain.
 
-As a safety mechanism, the `OptimismPortal` contract can be configured to be pausable by a specific `GUARDIAN` address.
+As a safety mechanism, a privileged `GUARDIAN` address can pause withdrawals.
 When paused, the `OptimismPortal` contract will prevent L2-to-L1 transactions from being executed.
 This is a backup safety mechanism that can be used to help mitigate potential active security concerns.
 
-Pause functionality and [two-step withdrawals](https://web.archive.org/web/20230608050641/https://blog.oplabs.co/two-step-withdrawals/) were introduced to the OP Stack to mitigate the risk of withdrawal bugs that have led to exploits in other bridging systems.
+Pause functionality were introduced to the OP Stack to mitigate the risk of withdrawal bugs that have led to exploits in other bridging systems.
 
 ## Pause functionality
 
-The `OptimismPortal` can be configured to allow a `GUARDIAN` address to pause and unpause L2-to-L1 transactions from being executed.
+The `OptimismPortal` points to a `SuperchainConfig` smart contract which has a privileged `GUARDIAN` address that can pause and unpause L2-to-L1 transactions from being executed.
+The `SuperchainConfig` contract is a shared implementation across the Superchain. All Optimism-governed chains point to it, and any OP Stack chain can point its `SuperchainConfigProxy` to this shared implementation.
 L2-to-L1 transactions allow users and smart contracts on the OP Stack chain to send messages to the L1 parent chain.
 Pause functionality allows a `GUARDIAN` to halt L2-to-L1 transaction execution for the OP Stack chain in question.
 L1-to-L2 transactions are not affected by pause functionality.
@@ -41,13 +42,17 @@ Pauses are designed to be a backup safety mechanism and are expected to be used
 
 ## Pause and unpause functions
 
-The `GUARDIAN` can pause and unpause L2-to-L1 transactions at any time by calling the [`pause`](https://github.com/ethereum-optimism/optimism/blob/v1.1.4/packages/contracts-bedrock/src/L1/OptimismPortal.sol#L151-L156) and [`unpause`](https://github.com/ethereum-optimism/optimism/blob/v1.1.4/packages/contracts-bedrock/src/L1/OptimismPortal.sol#L158-L163) functions on the `OptimismPortal` contract.
-Additional controls on the `GUARDIAN` address can be implemented by configuring the `GUARDIAN` as a smart contract.
+The `GUARDIAN` can pause and unpause L2-to-L1 transactions at any time by calling the [`pause`](https://github.com/ethereum-optimism/optimism/blob/856c08bf84d9aa829d1e764fc8e9a37d41960ba0/packages/contracts-bedrock/src/L1/SuperchainConfig.sol#L66-L71) and [`unpause`](https://github.com/ethereum-optimism/optimism/blob/856c08bf84d9aa829d1e764fc8e9a37d41960ba0/packages/contracts-bedrock/src/L1/SuperchainConfig.sol#L73-L78) functions on the `SuperchainConfig` contract.
 
 ## Guardian address
 
-The `GUARDIAN` address is initially configured when the OP Stack chain is deployed and can be modified by the network's administrative address or smart contract.
-A chain can choose to remove the `GUARDIAN` role by configuring the `GUARDIAN` to be an inaccessible address such as the [zero address](https://etherscan.io/address/0x0000000000000000000000000000000000000000).
+The `GUARDIAN` address is configured in the `SuperchainConfig` contract and can be modified by the network's administrative address or smart contract. To learn more about the privileged role, see [documentation](/superchain/privileged-roles#guardian).
 
-The `GUARDIAN` address is set as an `immutable` variable inside of the `OptimismPortal` contract.
-To change the `GUARDIAN` address, the `OptimismPortal` proxy contract must be upgraded to a new implementation contract that has a different `GUARDIAN` address. 
+The `GUARDIAN` address is set as an `immutable` variable inside of the `SuperchainConfig` contract.
+To change the `GUARDIAN` address, the `SuperchainConfig` proxy contract must be upgraded to a new implementation contract that has a different `GUARDIAN` address. 
+
+## Additional information
+
+While this funcationality is available for the OP Stack protocol, it does not cover the security of centralized exchanges and third party bridges.
+If you operate a centralized exchange or third party bridge, you should monitor this contract and pause withdrawals from the Superchain if you see that it has been paused. 
+If you'd like to learn more about the privileged roles in the OP Stack, see the [privileged roles](/superchain/privileged-roles) documentation.

pages/superchain/privileged-roles.mdx

@@ -21,6 +21,7 @@ import { Callout } from 'nextra/components'
 
 OP Stack chains follow a [Pragmatic Path to Decentralization](https://blog.oplabs.co/decentralization-roadmap/).
 In their current state, OP Stack chains still include some "privileged" roles that give certain addresses the ability to carry out specific actions.
+Members and users of the Superchain Ecosystem should be aware of these roles and their associated risks because they're shared across many OP Stack chains.
 Read this page to understand these roles, why they exist, and what risks they pose.
 
 ## L1 Proxy Admin
@@ -39,8 +40,8 @@ The L1 Proxy Admin is an address that can be used to upgrade most OP Stack chain
 
 ### Addresses
 
-*   **Ethereum**: [`0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A`](https://etherscan.io/address/0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A)
-*   **Sepolia:** [`0x1Eb2fFc903729a0F03966B917003800b145F56E2`](https://sepolia.etherscan.io/address/0x1Eb2fFc903729a0F03966B917003800b145F56E2)
+*   **Optimism Governed Chains on Ethereum**: [`0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A`](https://etherscan.io/address/0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A)
+*   **Optimism Governed Chains on Sepolia:** [`0x1Eb2fFc903729a0F03966B917003800b145F56E2`](https://sepolia.etherscan.io/address/0x1Eb2fFc903729a0F03966B917003800b145F56E2)
 
 ## L2 Proxy Admin
 
@@ -69,8 +70,8 @@ The L2 Proxy Admin is an address that can be used to upgrade most OP Stack chain
   read the descriptions above for more details.
 </Callout> 
 
-*   **OP Stack chains**: [`0x6B1BAE59D09fCcbdDB6C6cceb07B7279367C4E3b`](https://optimistic.etherscan.io/address/0x6B1BAE59D09fCcbdDB6C6cceb07B7279367C4E3b) 
-*   **OP Sepolia:** [`0x2FC3ffc903729a0f03966b917003800B145F67F3`](https://sepolia-optimism.etherscan.io/address/0x2FC3ffc903729a0f03966b917003800B145F67F3)
+*   **Optimism Governed Chains on Ethereum**: [`0x6B1BAE59D09fCcbdDB6C6cceb07B7279367C4E3b`](https://optimistic.etherscan.io/address/0x6B1BAE59D09fCcbdDB6C6cceb07B7279367C4E3b) 
+*   **Optimism Governed Chains on Sepolia:** [`0x2FC3ffc903729a0f03966b917003800B145F67F3`](https://sepolia-optimism.etherscan.io/address/0x2FC3ffc903729a0f03966b917003800B145F67F3)
 
 
 ## System Config Owner
@@ -90,8 +91,7 @@ The System Config Owner is an address that can be used to change the values with
 
 ### Addresses
 
-*   **Ethereum**: [`0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A`](https://etherscan.io/address/0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A)
-*   **Sepolia**: [`0xfd1D2e729aE8eEe2E146c033bf4400fE75284301`](https://sepolia.etherscan.io/address/0xfd1D2e729aE8eEe2E146c033bf4400fE75284301)
+The System Config owner is chain specific and you can see which addresses are configured in the [Superchain Registry](/superchain/superchain-registry).
 
 ## Batcher
 
@@ -112,8 +112,7 @@ OP Stack chains nodes will look for transactions from this address to find new b
 
 ### Addresses
 
-*   **Ethereum**: [`0x6887246668a3b87F54DeB3b94Ba47a6f63F32985`](https://etherscan.io/address/0x6887246668a3b87F54DeB3b94Ba47a6f63F32985)
-*   **Sepolia**: [`0x8F23BB38F531600e5d8FDDaAEC41F13FaB46E98c`](https://sepolia.etherscan.io/address/0x8F23BB38F531600e5d8FDDaAEC41F13FaB46E98c)
+The batcher address is chain specific and you can see which addresses are configured in the [Superchain Registry](/superchain/superchain-registry).
 
 ## Proposer
 
@@ -141,14 +140,13 @@ The Guardian role is responsible for changing the respected dispute game type if
 
 ### Addresses
 
-*   **Ethereum**: [`0x473300df21D047806A082244b417f96b32f13A33`](https://etherscan.io/address/0x473300df21D047806A082244b417f96b32f13A33)
-*   **Sepolia**: [`0x49277EE36A024120Ee218127354c4a3591dc90A9`](https://sepolia.etherscan.io/address/0x49277EE36A024120Ee218127354c4a3591dc90A9)
+The proposer address is chain specific and you can see which addresses are configured in the [Superchain Registry](/superchain/superchain-registry).
 
 ## Challenger
 
 ### Description
 
-The Challenger is an address that can participate in and challenge `PermissionedDisputeGame` instances created by the [Proposer](#proposer) role.
+The Challenger is an address that can participate in and challenge `PermissionedDisputeGame` instances created by the [Proposer](#proposer) role. It is important to note that this is different from the [`op-challenger`](/stack/fault-proofs/challenger) services that challenges invalid output roots.
 
 ### Capabilities
 
@@ -166,8 +164,8 @@ The Challenger is an address that can participate in and challenge `Permissioned
 
 ### Addresses
 
-*   **Ethereum**: [`0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A`](https://etherscan.io/address/0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A)
-*   **Sepolia**: [`0xfd1D2e729aE8eEe2E146c033bf4400fE75284301`](https://sepolia.etherscan.io/address/0xfd1D2e729aE8eEe2E146c033bf4400fE75284301)
+*   **Optimism Governed Chains on Ethereum**: [`0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A`](https://etherscan.io/address/0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A)
+*   **Optimism Governed Chains on Sepolia**: [`0xfd1D2e729aE8eEe2E146c033bf4400fE75284301`](https://sepolia.etherscan.io/address/0xfd1D2e729aE8eEe2E146c033bf4400fE75284301)
 
 ## Guardian
 
@@ -194,8 +192,8 @@ The Guardian can also manage various aspects of the `OptimismPortal` contract to
 
 ### Addresses
 
-*   **Ethereum**: [`0x09f7150D8c019BeF34450d6920f6B3608ceFdAf2`](https://etherscan.io/address/0x09f7150D8c019BeF34450d6920f6B3608ceFdAf2)
-*   **Sepolia**: [`0xf64bc17485f0B4Ea5F06A96514182FC4cB561977`](https://sepolia.etherscan.io/address/0xf64bc17485f0B4Ea5F06A96514182FC4cB561977)
+*   **Optimism Governed Chains on Ethereum**: [`0x09f7150D8c019BeF34450d6920f6B3608ceFdAf2`](https://etherscan.io/address/0x09f7150D8c019BeF34450d6920f6B3608ceFdAf2)
+*   **Optimism Governed Chains on Sepolia**: [`0xf64bc17485f0B4Ea5F06A96514182FC4cB561977`](https://sepolia.etherscan.io/address/0xf64bc17485f0B4Ea5F06A96514182FC4cB561977)
 
 ## Mint Manager Owner
 

pages/superchain/superchain-registry.mdx

@@ -20,7 +20,7 @@ import { Callout } from 'nextra/components'
 
 # The Superchain Registry
 
-The Superchain Registry serves as the source of truth for who's in the Superchain Ecosystem and what modifications they've made. The Superchain Registry introduces:
+The [Superchain Registry](https://github.com/ethereum-optimism/superchain-registry/tree/main) serves as the source of truth for who's in the Superchain Ecosystem and what modifications they've made. The Superchain Registry introduces:
 
 *   A step-by-step process new chains can follow to join the Registry
 *   Validation checks to ensure standard chains comply with the Standard Rollup Charter and non-standard chains pass baseline validation before joining the Superchain Registry

words.txt

@@ -120,6 +120,7 @@ ETHSTATS
 ethstats
 EVMTIMEOUT
 evmtimeout
+excercise
 executability
 exfiltrate
 EXITWHENSYNCED
@@ -137,6 +138,7 @@ forkchoice
 FPVM
 FPVMs
 Fraxtal
+funcationality
 Funct
 gameplay
 GASCAP
@@ -168,6 +170,7 @@ IERC
 IGNOREPRICE
 ignoreprice
 Immunefi
+implmentation
 Inator
 inator
 INFLUXDBV
@@ -270,7 +273,6 @@ oplabs
 opnode's
 opstack
 Pausability
-pausable
 pcscdpath
 Pectra
 pectra