Summary Value Secured Onchain costs Liveness Risk summary Risk analysis Data availability State validation Operator Withdrawals Other considerations Permissions Smart contracts

Silent Data

Critical contracts can be upgraded by an EOA which could result in the loss of all funds.

Badges

About

Silent Data is an enterprise focused OP Stack L2 aiming to achieve privacy by not making transaction data available. It is built for institutional scale and web3 innovation.

Total Value SecuredTVS

$7.278.99%

Past day UOPSDaily UOPS

No data

Type

Other

Purpose

Enterprise

Tokens breakdown

Value secured breakdown

View TVS breakdown

Sequencer failureState validationData availabilityExit windowProposer failure

Explore more in Discovery UI

Badges

About

Silent Data is an enterprise focused OP Stack L2 aiming to achieve privacy by not making transaction data available. It is built for institutional scale and web3 innovation.

Why is the project listed in others?

There are less than 5 external actors that can submit challenges

Consequence: projects without a sufficiently decentralized set of challengers rely on few entities to safely update the state. A small set of challengers can collude with the proposer to finalize an invalid state, which can cause loss of funds.

There is no data availability bridge

Consequence: projects without a data availability bridge fully rely on single entities (the sequencer) to honestly rely available data roots on Ethereum. A malicious sequencer can collude with the proposer to finalize an unavailable state, which can cause loss of funds.

Learn more about the recategorisation here.

Value Secured View TVS breakdown

2025 Jul 26 — Sep 13

Total

$7.278.99%

Canonically BridgedCanonically Bridged ValueCanonical

$7.278.99%

Natively MintedNatively Minted TokensNative

$0.000.00%

Externally BridgedExternally Bridged ValueExternal

$0.000.00%

ETH & derivatives

$7.278.99%

Stablecoins

$0.000.00%

BTC & derivatives

$0.000.00%

Other

$0.000.00%

View TVS breakdown

Onchain costs

The section shows the operating costs that L2s pay to Ethereum.

2025 Jul 25 — Sep 12

1 year total cost

$291.45

Avg cost per L2 UOP

$291.459092

Avg cost per day

$5.82

Liveness

This section shows how "live" the project's operators are by displaying how frequently they submit transactions of the selected type. It also highlights anomalies - significant deviations from their typical schedule.

No ongoing anomalies detected

2025 Aug 14 — Sep 13

30D avg. tx data subs. interval

2 hours

30D avg. state updates interval

24 hours

Past 30 days anomalies

Risk summary

Critical contracts can be upgraded by an EOA which could result in the loss of all funds.

Sequencer failureState validationData availabilityExit windowProposer failure

Sequencer failure

Self sequence

In the event of a sequencer failure, users can force transactions to be included in the project’s chain by sending them to L1. There can be up to a 12h delay on this operation.

State validation

Fraud proofs (INT)

Fraud proofs allow actors watching the chain to prove that the state is incorrect. Interactive proofs (INT) require multiple transactions over time to resolve. Only one entity is currently allowed to propose and submit challenges, as only permissioned games are currently allowed.

Data availability

External

Proof construction and state derivation rely fully on data that is NOT published onchain.

Exit window

None

There is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.

Proposer failure

Cannot withdraw

Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.

Data availability

Data is not stored on chain

The transaction data is not recorded on the Ethereum main chain.

Funds can be lost if the external data becomes unavailable (CRITICAL).

State validation

Updates to the system state can be proposed and challenged by permissioned operators only. If a state root passes the challenge period, it is optimistically considered correct and made actionable for withdrawals.

State root proposals

Proposers submit state roots as children of the latest confirmed state root (called anchor state), by calling the create function in the DisputeGameFactory. A state root can have multiple conflicting children. Each proposal requires a stake, currently set to 0.0 ETH, that can be slashed if the proposal is proven incorrect via a fraud proof. Stakes can be withdrawn only after the proposal has been confirmed. A state root gets confirmed if the challenge period has passed and it is not countered.

OP stack specification: Fault Dispute Game

Challenges

Challenges are opened to disprove invalid state roots using bisection games. Each bisection move requires a stake that increases expontentially with the depth of the bisection, with a factor of 1.09493. The maximum depth is 73, and reaching it therefore requires a cumulative stake of 0.00 ETH from depth 0. Actors can participate in any challenge by calling the defend or attack functions, depending whether they agree or disagree with the latest claim and want to move the bisection game forward. Actors that disagree with the top-level claim are called challengers, and actors that agree are called defenders. Each actor might be involved in multiple (sub-)challenges at the same time, meaning that the protocol operates with full concurrency. Challengers and defenders alternate in the bisection game, and they pass each other a clock that starts with 3d 12h. If a clock expires, the claim is considered defeated if it was countered, or it gets confirmed if uncountered. Since honest parties can inherit clocks from malicious parties that play both as challengers and defenders (see freeloader claims), if a clock gets inherited with less than 3h, it generally gets extended by 3h with the exception of 6h right before depth 30, and 1d right before the last depth. The maximum clock extension that a top level claim can get is therefore 10d. Since unconfirmed state roots are independent of one another, users can decide to exit with a subsequent confirmed state root if the previous one is delayed. Winners get the entire losers’ stake, meaning that sybils can potentially play against each other at no cost. The final instruction found via the bisection game is then executed onchain in the MIPS one step prover contract who determines the winner. The protocol does not enforce valid bisections, meaning that actors can propose correct initial claims and then provide incorrect midpoints. The protocol can be subject to resource exhaustion attacks (Spearbit 5.1.3).

Fraud Proof Wars: OPFP

Operator

The system has a centralized operator

The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system.

MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

Users can force any transaction

Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly.

Withdrawals

Regular exits

The user initiates the withdrawal by submitting a regular transaction on this chain. When a state root containing such transaction is settled, the funds become available for withdrawal on L1 after 3d 12h. Withdrawal inclusion can be proven before state root settlement, but a 7d period has to pass before it becomes actionable. The process of state root settlement takes a challenge period of at least 3d 12h to complete. Finally the user submits an L1 transaction to claim the funds. This transaction requires a merkle proof.

Forced messaging

If the user experiences censorship from the operator with regular L2->L1 messaging they can submit their messages directly on L1. The system is then obliged to service this request or halt all messages, including forced withdrawals from L1 and regular messages initiated on L2. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular message.

Forced withdrawal from an OP Stack blockchain

Other considerations

EVM compatible smart contracts are supported

OP stack chains are pursuing the EVM Equivalence model. No changes to smart contracts are required regardless of the language they are written in, i.e. anything deployed on L1 can be deployed on L2.

Introducing EVM Equivalence

Permissions

A dashboard to explore contracts and permissions

Go to Disco

Explore in Disco

Ethereum

Roles:

Challenger 0xD044…DF65

Allowed to challenge or delete state roots proposed by a Proposer.

Guardian 0x90f7…8ccd

Allowed to pause withdrawals. In op stack systems with a proof system, the Guardian can also blacklist dispute games and set the respected game type (permissioned / permissionless).

Proposer 0x3e3F…8C20

Allowed to post new state roots of the current layer to the host chain.

Sequencer 0xCa4c…67C7

Allowed to commit transactions from the current layer to the host chain.

Actors:

EOA 1 0xE512…5e88

Can upgrade with no delay
- OptimismMintableERC20Factory ProxyAdmin
- DisputeGameFactory ProxyAdmin
- AnchorStateRegistry ProxyAdmin
- DelayedWETH ProxyAdmin
- L1CrossDomainMessenger ProxyAdmin
- SystemConfig ProxyAdmin
- L1ERC721Bridge ProxyAdmin
- OptimismPortal2 ProxyAdmin
- L1StandardBridge ProxyAdmin
Can interact with DelayedWETH
- can pull funds from the contract in case of emergency
Can interact with AddressManager
- set and change address mappings ProxyAdmin

EOA 3 0xe534…740C

Can interact with SystemConfig
- it can update the preconfer address, the batch submitter (Sequencer) address and the gas configuration of the system

EOA 4 0x61E7…a6Af

Can upgrade with no delay
- SuperchainConfig ProxyAdmin

Smart contracts

A dashboard to explore contracts and permissions

Go to Disco

Explore in Disco

Ethereum

DisputeGameFactory 0x139C…5dD1 Implementation (Upgradable)Admin

The dispute game factory allows the creation of dispute games, used to propose state roots and eventually challenge them.

Roles:
- admin: ProxyAdmin; ultimately EOA 1

Can be upgraded by:

EOA 1 with no delay

Implementation used in:

SystemConfig 0x5c3E…2E16 Implementation (Upgradable)Admin

Contains configuration parameters such as the Sequencer address, gas limit on this chain and the unsafe block signer address.

Roles:
- admin: ProxyAdmin; ultimately EOA 1
- batcherHash: EOA 2
- owner: EOA 3

Can be upgraded by:

EOA 1 with no delay

OptimismPortal2 0xCcd2…694E Implementation (Upgradable)Admin

The OptimismPortal contract is the main entry point to deposit funds from L1 to L2. It also allows to prove and finalize withdrawals. It specifies which game type can be used for withdrawals, which currently is the PermissionedDisputeGame.

Roles:
- admin: ProxyAdmin; ultimately EOA 1
This contract stores the following tokens: ETH.

Can be upgraded by:

EOA 1 with no delay

SuperchainConfig 0x50F0…ae3E Implementation (Upgradable)Admin

This is NOT the shared SuperchainConfig contract of the OP stack Superchain but rather a local fork. It manages the PAUSED_SLOT, a boolean value indicating whether the local chain is paused, and GUARDIAN_SLOT, the address of the guardian which can pause and unpause the system.

Roles:
- admin: ProxyAdmin; ultimately EOA 4
- guardian: EOA 5

Can be upgraded by:

EOA 4 with no delay

Implementation used in:

L1CrossDomainMessenger 0x3131…c473 Implementation (Upgradable)Admin

Sends messages from host chain to this chain, and relays messages back onto host chain. In the event that a message sent from host chain to this chain is rejected for exceeding this chain’s epoch gas limit, it can be resubmitted via this contract’s replay function.

Roles:
- admin: ProxyAdmin; ultimately EOA 1

Can be upgraded by:

EOA 1 with no delay

L1ERC721Bridge 0x74A3…2EeA Implementation (Upgradable)Admin

Used to bridge ERC-721 tokens from host chain to this chain.

Roles:
- admin: ProxyAdmin; ultimately EOA 1

Can be upgraded by:

EOA 1 with no delay

L1StandardBridge 0xe97d…F158 Implementation (Upgradable)Admin

The main entry point to deposit ERC20 tokens from host chain to this chain.

Roles:
- admin: ProxyAdmin; ultimately EOA 1
This contract can store any token.

Can be upgraded by:

EOA 1 with no delay

OptimismMintableERC20Factory 0x00e3…4E7E Implementation (Upgradable)Admin

A helper contract that generates OptimismMintableERC20 contracts on the network it’s deployed to. OptimismMintableERC20 is a standard extension of the base ERC20 token contract designed to allow the L1StandardBridge contracts to mint and burn tokens. This makes it possible to use an OptimismMintableERC20 as this chain’s representation of a token on the host chain, or vice-versa.

Roles:
- admin: ProxyAdmin; ultimately EOA 1

Can be upgraded by:

EOA 1 with no delay

Implementation used in:

PermissionedDisputeGame 0x1B99…C7A6

Same as FaultDisputeGame, but only two permissioned addresses are designated as proposer and challenger.

Roles:
- challenger: EOA 7
- proposer: EOA 6

PreimageOracle 0x1fb8…aDD3

The PreimageOracle contract is used to load the required data from L1 for a dispute game.

Implementation used in:

AnchorStateRegistry 0x1ffF…0e55 Implementation (Upgradable)Admin

Contains the latest confirmed state root that can be used as a starting point in a dispute game.

Roles:
- admin: ProxyAdmin; ultimately EOA 1

Can be upgraded by:

EOA 1 with no delay

Implementation used in:

DelayedWETH 0x2DDf…67bd Implementation (Upgradable)Admin

Contract designed to hold the bonded ETH for each game. It is designed as a wrapper around WETH to allow an owner to function as a backstop if a game would incorrectly distribute funds.