Metis Andromeda
Badges
About
Metis Andromeda is an EVM-equivalent solution originally forked from Optimism OVM. It uses a decentralized Sequencer pool running Tendermint consensus and MPC module to sign transaction batches.
Badges
About
Metis Andromeda is an EVM-equivalent solution originally forked from Optimism OVM. It uses a decentralized Sequencer pool running Tendermint consensus and MPC module to sign transaction batches.
Recategorisation
The project will be classified as "Other" due to its specific risks that set it apart from the standard classifications.
The project will move to Others because:
Consequence: projects without a proper proof system fully rely on single entities to safely update the state. A malicious proposer can finalize an invalid state, which can cause loss of funds.
2024 May 25 — 2025 May 25
2024 May 26 — 2025 May 25
Data hashes posted to EOA
2023 Mar 15th
Hashes to data blobs are now posted to EOA address instead of CanonicalTransactionChain contract.
Funds can be stolen if
Funds can be lost if
Funds can be frozen if
Users can be censored if
MEV can be extracted if
Users can submit transactions to an L1 queue, but can’t force them. The sequencers cannot selectively skip transactions but can stop processing the queue entirely. In other words, if the sequencers censor or are down, they are so for everyone.
Currently the system permits invalid state roots. More details in project overview.
All of the data needed for proof construction is published on Ethereum L1.
There is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.
Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.
Metis Andromeda is a All data required for proofs is published on chain
Transaction data is posted to Ethereum using blobs. Initially, data was posted to the CanonicalTransactionChain contract, then it moved to just posting hashes to an EOA address, and as of May 2025, the system uses blobs for data availability.
EthereumDispute game contracts for state validation are deployed but not used. In theory, disputed state batches can be marked as such in the StateCommitmentChain. Then, these flagged batches could be deleted (within the fraud proof window). Currenly, batches can only be deleted from the MVM_Verifier contract address, which currently corresponds to the Metis Multisig.
Funds can be stolen if an invalid state root is submitted to the system (CRITICAL).
The system has a decentralized sequencer set
As of April 2024 Metis uses a permissioned sequencer pool running a Tendermint consensus. Once consensus is reached on a block, an MPC address is used to submit a block hash to Ethereum. The infrastructure to manage the MPC is offchain and not trustless because Ethereum does not verify the validity of MPC address.
MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.
Users can enqueue transactions
Users can submit transactions to an L1 queue, but can’t force them. The sequencer cannot selectively skip transactions but can stop processing the queue entirely. In other words, if the sequencer censors or is down, it is so for everyone.
Users can be censored if the operator is offline or refuses to process the queue.
Regular messaging
The user initiates L2->L1 messages by submitting a regular transaction on this chain. When the block containing that transaction is settled, the message becomes available for processing on L1. The process of block finalization usually takes several days to complete.
Funds can be frozen if the centralized validator goes down. Users cannot produce blocks themselves and exiting the system requires new block production (CRITICAL).
Forced messaging
If the user experiences censorship from the operator with regular L2->L1 messaging they can submit their messages directly on L1. The system is then obliged to service this request or halt all messages from L1, including all forced withdrawals and deposits. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular message.
EVM compatible smart contracts are supported
Metis uses the Optimistic Virtual Machine (OVM) 2.0 to execute transactions.
Funds can be lost if there are mistakes in the highly complex OVM implementation.
Ethereum
Actors:
- A Multisig with 4/9 threshold. Can pause, censor, instantly upgrade the bridge and upgrade other critical contracts in the system.
- Can upgrade with no delay
- LockingInfo
via
- acting via ProxyAdmin - L1StandardBridge
- MVM_CanonicalTransaction
- StateCommitmentChain
- LockingPool
via
- acting via ProxyAdmin - MVM_Verifier
- MVM_L2ChainManagerOnL1
- LockingInfo
- A Multisig with 2/4 threshold. Escrows staking rewards for Sequencers.
- Can upgrade with no delay
- DisputeGameFactory
via
- acting via ProxyAdmin - DelayedWMetis
via
- acting via ProxyAdmin
- DisputeGameFactory
Ethereum
The Canonical Transaction Chain (CTC) contract is an append-only log of transactions which must be applied to the OVM state. Given that transactions batch hashes are sent to an EOA address, it allows any account to enqueue() a transaction, which the Sequencer must eventually append to the rollup state.
The State Commitment Chain (SCC) stores a list of proposed state roots in a linked ChainStorageContainer contract. Only a permissioned state root proposer (MVM_Proposer) can submit new state roots.
- Roles:
- admin: Metis Multisig
Contract acting as an escrow for METIS tokens managed by LockingPool.
- Roles:
- admin: ProxyAdmin; ultimately Metis Multisig
Storage container for SCC batches.
Factory contract for creating dispute games. Currently not used, no games are created.
- Roles:
- admin: ProxyAdmin; ultimately EOA 1
- Roles:
- owner: EOA 1
Contract used to manage configuration of global Metis values.
Storage container for CTC batches.
Main entry point for users depositing ERC20 tokens and ETH that do not require custom gateway.
- Roles:
- admin: Metis Multisig
- This contract can store any token.
Contract for handling fault disputes (should games be created). Successfully disputed batches are marked as disputed to the StateCommitmentChain.
The Bond Manager contract will handle deposits in the form of an ERC20 token from bonded Proposers. It will also handle the accounting of gas costs spent by a Verifier during the course of a challenge. In the event of a successful challenge, the faulty Proposer’s bond will be slashed, and the Verifier’s gas costs will be refunded. Current mock implementation allows only OVM_Proposer to propose new state roots. No slashing is implemented.
MVM CanonicalTransaction is a wrapper of Canonical Transaction Chain that implements optimistic data availability scheme L1. If Sequencer is not malicious, it simply forwards appendSequencerBatch() calls to CanonicalTransactionChain.
- Roles:
- admin: Metis Multisig
Oracle for providing preimages.
Oracle specifying user fees for sending L1 -> Metis messages and other parameters for cross-chain communication.
- Roles:
- owner: Metis Multisig
Contract used to manage a mapping of string names to addresses. Modern OP stack uses a different standard proxy system instead, but this contract is still necessary for backwards compatibility with several older contracts.
Metis token contract.
Storage container for CTC queue.
The MVM Verifier contract is responsible for verifying the state of the MVM.
- Roles:
- admin: Metis Multisig
Contract that allows METIS_MANAGER to switch Sequencer.
- Roles:
- admin: Metis Multisig
Delayed wrapped Metis token contract.
- Roles:
- admin: ProxyAdmin; ultimately EOA 1
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).