Base's goal is to bring the next batch of millions of developers and billions of users to the blockchain. Safety is an important part of this vision. We wanted to share about our security approach to date on Base, how we are preparing for a secure mainnet launch through internal and external security audits, and how we are drawing on Coinbase’s best practices in on-chain security .
Security is provided by the open source OP Stack
Base is built on the OP Stack, developed in collaboration with Optimism. This means that from the outset, we are building on the extensive security work of the OP Labs team and the wider Optimism community, including multiple audits from professional firms and community competitions.
To further test the security of the OP Stack, Coinbase commissioned an internal audit by its protocol security team. Coinbase’s Protocol Security team is a dedicated team that works closely with on-chain developers within the company to ensure that any new product or service we build is secure, including smart contract audits and new blockchain scrutiny.
The protocol security team has worked closely with OP Labs over the past 6 months to harden the security of Base and Optimism, including:
Audited all Optimism pre-deployments and contracts, including L1 and L2, to identify vulnerabilities and risks in the technology stack.
Use fuzzing methods on key components like L2 bridge and sequencer.
Developed operational runbooks for various risk scenarios and specific emergencies.
Reviewed and audited Base's key management setup and contracts. We assessed each role very carefully and determined the correct key management configuration, ensured that there was proper consensus when using keys, and had adequate disaster recovery plans in place.
Completing these in-depth security workflows without finding critical vulnerabilities gave the Base team the confidence to move forward with the mainnet launch.
Expand the scope of external guard audit
We know that good security is a collective effort - the more scrutiny a codebase can do, the better. In preparation for Base's mainnet launch, we ran an open smart contract audit competition via Code 4 rena, inviting the wider community to participate in finding and reporting vulnerabilities in any part of the OP Stack. This includes OP node software, EVM equivalence vulnerabilities, bridging vulnerabilities, and general smart contract issues. At the same time, Coinbase’s protocol security team conducted a thorough review of findings and mitigations from past audit programs (spearbit and sherlock).
In this competition, we attracted over 100 security researchers to participate and are pleased to report that no major vulnerabilities were found. Due to the high level of researcher engagement, we are actively addressing all issues submitted and are ensuring appropriate action is taken on any informational or minor issues reported.
Empowering Ecosystem
In addition to securing the core OP Stack code base, we are focused on enhancing the overall security of the Ethereum ecosystem. In order to strengthen the security of Base and support other teams building on OP Stack chains, we are developing an open source monitoring tool Pessimism for timely notification of anomalies in the protocol and network, such as abnormal account balances, contract events, or L Difference between 1 and L2 states. This new monitoring tool will work alongside existing OP Labs monitoring tools such as Fault-Detector, Coinbase’s internal blockchain monitoring capabilities, and third-party tools for identifying malicious and anomalous events. Please learn more details about our monitoring tools in the coming months.
In addition, we are developing tools to allow developers to increase confidence in the security of deployed smart contracts, including developing smart contract security scanning tools to help developers reduce the chance of writing security vulnerabilities in contracts. Developers can use the tool to quickly and easily scan their contracts and get results from multiple open source vulnerability detection tools, including Coinbase's own Security Feature Analyzer. You can read more about this work in our recent Coinbase blog post.
Start the main network with the concept of safety first
Base has been developed with security first, combining Coinbase's security best practices with the decentralized security rigor of an open source codebase. Part of this is starting from the assumption that malicious events are likely to occur, and recognizing that attacks will become more sophisticated. Therefore, we conducted simulation exercises to test and improve our ability to respond to large-scale incidents and the overall resilience of Base.
Our goal in all of our security work is to prevent attacks in advance and mitigate the effects of those attacks. We're proud of the work we do to keep Base safe, and while even the best controls sometimes fail, we're always learning and doing better.
We can't wait to push Base to mainnet soon and continue to build with strict security standards to ensure developers can participate in the blockchain with confidence.
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
Base's security priority strategy
Base's goal is to bring the next batch of millions of developers and billions of users to the blockchain. Safety is an important part of this vision. We wanted to share about our security approach to date on Base, how we are preparing for a secure mainnet launch through internal and external security audits, and how we are drawing on Coinbase’s best practices in on-chain security .
Security is provided by the open source OP Stack
Base is built on the OP Stack, developed in collaboration with Optimism. This means that from the outset, we are building on the extensive security work of the OP Labs team and the wider Optimism community, including multiple audits from professional firms and community competitions.
To further test the security of the OP Stack, Coinbase commissioned an internal audit by its protocol security team. Coinbase’s Protocol Security team is a dedicated team that works closely with on-chain developers within the company to ensure that any new product or service we build is secure, including smart contract audits and new blockchain scrutiny.
The protocol security team has worked closely with OP Labs over the past 6 months to harden the security of Base and Optimism, including:
Completing these in-depth security workflows without finding critical vulnerabilities gave the Base team the confidence to move forward with the mainnet launch.
Expand the scope of external guard audit
We know that good security is a collective effort - the more scrutiny a codebase can do, the better. In preparation for Base's mainnet launch, we ran an open smart contract audit competition via Code 4 rena, inviting the wider community to participate in finding and reporting vulnerabilities in any part of the OP Stack. This includes OP node software, EVM equivalence vulnerabilities, bridging vulnerabilities, and general smart contract issues. At the same time, Coinbase’s protocol security team conducted a thorough review of findings and mitigations from past audit programs (spearbit and sherlock).
In this competition, we attracted over 100 security researchers to participate and are pleased to report that no major vulnerabilities were found. Due to the high level of researcher engagement, we are actively addressing all issues submitted and are ensuring appropriate action is taken on any informational or minor issues reported.
Empowering Ecosystem
In addition to securing the core OP Stack code base, we are focused on enhancing the overall security of the Ethereum ecosystem. In order to strengthen the security of Base and support other teams building on OP Stack chains, we are developing an open source monitoring tool Pessimism for timely notification of anomalies in the protocol and network, such as abnormal account balances, contract events, or L Difference between 1 and L2 states. This new monitoring tool will work alongside existing OP Labs monitoring tools such as Fault-Detector, Coinbase’s internal blockchain monitoring capabilities, and third-party tools for identifying malicious and anomalous events. Please learn more details about our monitoring tools in the coming months.
In addition, we are developing tools to allow developers to increase confidence in the security of deployed smart contracts, including developing smart contract security scanning tools to help developers reduce the chance of writing security vulnerabilities in contracts. Developers can use the tool to quickly and easily scan their contracts and get results from multiple open source vulnerability detection tools, including Coinbase's own Security Feature Analyzer. You can read more about this work in our recent Coinbase blog post.
Start the main network with the concept of safety first
Base has been developed with security first, combining Coinbase's security best practices with the decentralized security rigor of an open source codebase. Part of this is starting from the assumption that malicious events are likely to occur, and recognizing that attacks will become more sophisticated. Therefore, we conducted simulation exercises to test and improve our ability to respond to large-scale incidents and the overall resilience of Base.
Our goal in all of our security work is to prevent attacks in advance and mitigate the effects of those attacks. We're proud of the work we do to keep Base safe, and while even the best controls sometimes fail, we're always learning and doing better.
We can't wait to push Base to mainnet soon and continue to build with strict security standards to ensure developers can participate in the blockchain with confidence.