Base’s goal is to bring the next million developers and billion users onchain. Security is an essential part of this vision. This article shares how Base has approached security to date, preparations for a secure mainnet launch with internal and external security audits, and how Coinbase’s best practices in onchain security are being utilized.
Secured by the Open-Source OP Stack
Base is built on the OP Stack, in collaboration with Optimism. This foundation builds on extensive security work done by the OP Labs team and the broader Optimism community, including multiple audits by dedicated firms and community contests.
To further enhance the OP Stack’s security, Coinbase commissioned an internal audit by its Protocol Security team. This team works closely with onchain developers to secure new products and services, including smart contract auditing and novel blockchain reviews.
Over the last six months, the Protocol Security team has worked closely with OP Labs to enhance the security of Base and Optimism, including:
- Auditing: Conducting audits on all Optimism pre-deploys and contracts on both L1 and L2 to identify vulnerabilities and risks.
- Fuzzing: Using fuzzing methods for critical components like the L2 bridge and the sequencer.
- Operational Runbooks: Developing runbooks for various risk scenarios and distress events.
- Key Management Review: Reviewing and auditing the key management setup and contracts for Base, ensuring proper configuration, consensus for key usage, and disaster recovery plans.
Completing these in-depth security workstreams without discovering critical severity bugs has provided the confidence to proceed towards mainnet launch.
Broadening the Audit to External Wardens
Good security benefits from a wide range of perspectives. To prepare Base for mainnet, a public smart contract audit contest was held via Code4rena, inviting the wider community to find and report bugs in any part of the OP Stack. This included OP node software, EVM equivalence vulnerabilities, bridge vulnerabilities, and generic smart contract issues. Alongside this live audit, Coinbase’s Protocol Security team reviewed findings and mitigations from past audit programs (spearbit and sherlock).
Over 100 security researchers participated, and no significant vulnerabilities were discovered. Base is actively resolving all submissions, ensuring appropriate action for any informative or minor issues reported.
Empowering the Ecosystem
Beyond securing the core OP Stack codebase, Base aims to enhance the security of the Ethereum ecosystem as a whole. To support this, Base is developing an open-source monitoring tool, Pessimism, to provide prompt notifications of anomalies in the protocol and network, such as account balance irregularities, contract events, or disparities between L1 and L2 states. This tool will complement existing OP Labs monitoring tools, Coinbase in-house blockchain monitoring capabilities, and third-party tools for identifying malicious and out-of-pattern events. More details on this tool will be shared in the coming months.
Additionally, Base is developing tools to help builders increase their confidence in the security of the smart contracts they deploy. This includes a smart contract security scanning tool to help developers reduce the chances of writing vulnerabilities in their contracts. Developers can use this tool to scan their contracts and get results from multiple open-source vulnerability detection tools, including Coinbase’s proprietary secure trait analyzer.
Launching Mainnet with a Security-First Mindset
Base has been developed with a security-first mindset, combining Coinbase’s security best practices with the decentralized security rigor of an open-source codebase. Recognizing that attacks will become increasingly sophisticated, Base has held simulated exercises to test and enhance response capabilities and overall resilience in the event of a large-scale incident.
The goal is to anticipate and mitigate the effectiveness of potential attacks. While even the best controls may sometimes fail, Base is committed to learning and improving continuously.
Base looks forward to bringing the network to mainnet soon, continuing to build with uncompromising standards of security to ensure developers can come onchain with confidence.
Connect with Base
Stay updated with Base on their social channels and documentation:
- Website: base.org
- Developer Documentation: Base Developer Docs
- Join the Community: Base Discord
- Follow Us: Base Twitter