Summary
On April 28, 2026, the OP-Succinct FaultDisputeGame implementation on Celo Mainnet was upgraded to address two vulnerabilities identified in upstream kona proof crates (kona-protocol, kona-proof), which OP-Succinct depends on.
Both issues were resolved upstream and included in op-succinct versions v3.8.0 and v4.3.0.
Vulnerabilities
Two issues were identified in the kona proof system:
- Derivation divergence (kona-protocol) — Channel decompression in the derivation pipeline diverged from the OP Stack spec. A malicious batcher could craft channel data that causes legitimate proofs to fail (liveness).
- Invalid output root (kona-proof) — The pipeline cursor was initialized with
B256::ZEROinstead of the agreed L2 output root. A malicious proposer could generate proofs starting from an incorrect prior state, breaking soundness of the validity proof.
Important: Exploitation requires a privileged role (batcher or proposer).
Resolution
The FaultDisputeGame implementation on Celo Mainnet (game type 42) has been upgraded to a patched version.
- Upgrade executed via Security Council Safe
- Transaction:
0x8d20b8b2…aae0 - New implementation address:
0xA35d2A7F365b42EcFCB7Db9240c3973Fc8e65139
References
- Advisory: GHSA-5jmw-h5pf-383c
- Upstream fix: ethereum-optimism/optimism#19775
- Audit: 2026_03 Kona Spearbit report
No action is required from node operators or users.
If you have any questions, please reach out in Discord or on this thread.