This document covers the Set Chain L2, its smart contracts, OP Stack components, and the anchor service that bridges the sequencer API to on-chain commitments.
- L2 state and user balances
- Commitment history and state roots stored in SetRegistry
- Sequencer private key used to submit commitments
- Admin/upgrade keys for contracts
- Paymaster funds and sponsorship limits
- External attacker (network or smart contract exploitation)
- Malicious or compromised sequencer operator
- Insider with access to admin keys
- L1 network disruption or reorgs
- Ethereum L1 finality and OP Stack correctness
- Contract upgrades are governed by trusted operators
- Sequencer API is trusted to serve correct commitments
- Threat: A non-authorized address calls
commitBatch. - Mitigations:
authorizedSequencersallowlist, strict mode enforcement.
- Threat: Attacker submits malicious commitments.
- Mitigations: key rotation, least-privileged hot keys, multisig governance for authorization updates, monitoring for anomalous activity.
- Threat: Sequencer provides inconsistent roots or sequence ranges.
- Mitigations: strict mode checks, verification in SetRegistry, operational monitoring of state root continuity.
- Threat: Commitments are not anchored, causing lag.
- Mitigations: retries, health checks, alerting, manual runbook steps.
- Threat: L2 outputs are reorged or delayed, impacting finality.
- Mitigations: monitor safe head lag, delay critical operations until L1 finality thresholds are reached.
- Threat: Malicious upgrades or configuration changes.
- Mitigations: multisig + timelock, upgrade policy, change management logs.
- L1 consensus attacks
- User-side wallet security
- External application-level logic beyond Set Chain contracts
- Independent contract audit and published results
- Formal key management policy and HSM support
- Formal incident response and on-call escalation procedures