Merge branch 'develop' into aj/l1-fetcher-only

op-chain-ops/cmd/op-migrate/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"math/big"
 	"os"
@@ -168,10 +169,14 @@ func main() {
 
 			var block *types.Block
 			tag := config.L1StartingBlockTag
-			if tag.BlockNumber != nil {
-				block, err = l1Client.BlockByNumber(context.Background(), big.NewInt(tag.BlockNumber.Int64()))
-			} else if tag.BlockHash != nil {
-				block, err = l1Client.BlockByHash(context.Background(), *tag.BlockHash)
+			if tag == nil {
+				return errors.New("l1StartingBlockTag cannot be nil")
+			}
+			log.Info("Using L1 Starting Block Tag", "tag", tag.String())
+			if number, isNumber := tag.Number(); isNumber {
+				block, err = l1Client.BlockByNumber(context.Background(), big.NewInt(number.Int64()))
+			} else if hash, isHash := tag.Hash(); isHash {
+				block, err = l1Client.BlockByHash(context.Background(), hash)
 			} else {
 				return fmt.Errorf("invalid l1StartingBlockTag in deploy config: %v", tag)
 			}

op-chain-ops/genesis/config.go

@@ -208,6 +208,11 @@ func (d *DeployConfig) Check() error {
 	if d.L2GenesisBlockGasLimit == 0 {
 		return fmt.Errorf("%w: L2 genesis block gas limit cannot be 0", ErrInvalidDeployConfig)
 	}
+	// When the initial resource config is made to be configurable by the DeployConfig, ensure
+	// that this check is updated to use the values from the DeployConfig instead of the defaults.
+	if uint64(d.L2GenesisBlockGasLimit) < uint64(defaultResourceConfig.MaxResourceLimit+defaultResourceConfig.SystemTxMaxGas) {
+		return fmt.Errorf("%w: L2 genesis block gas limit is too small", ErrInvalidDeployConfig)
+	}
 	if d.L2GenesisBlockBaseFeePerGas == nil {
 		return fmt.Errorf("%w: L2 genesis block base fee per gas cannot be nil", ErrInvalidDeployConfig)
 	}
@@ -493,3 +498,18 @@ func (m *MarshalableRPCBlockNumberOrHash) UnmarshalJSON(b []byte) error {
 	*m = asMarshalable
 	return nil
 }
+
+// Number wraps the rpc.BlockNumberOrHash Number method.
+func (m *MarshalableRPCBlockNumberOrHash) Number() (rpc.BlockNumber, bool) {
+	return (*rpc.BlockNumberOrHash)(m).Number()
+}
+
+// Hash wraps the rpc.BlockNumberOrHash Hash method.
+func (m *MarshalableRPCBlockNumberOrHash) Hash() (common.Hash, bool) {
+	return (*rpc.BlockNumberOrHash)(m).Hash()
+}
+
+// String wraps the rpc.BlockNumberOrHash String method.
+func (m *MarshalableRPCBlockNumberOrHash) String() string {
+	return (*rpc.BlockNumberOrHash)(m).String()
+}

op-chain-ops/genesis/genesis.go

@@ -15,7 +15,8 @@ import (
 	"github.com/ethereum/go-ethereum/params"
 )
 
-const defaultL2GasLimit = 15_000_000
+// defaultL2GasLimit represents the default gas limit for an L2 block.
+const defaultL2GasLimit = 30_000_000
 
 // NewL2Genesis will create a new L2 genesis
 func NewL2Genesis(config *DeployConfig, block *types.Block) (*core.Genesis, error) {

op-e2e/setup.go

@@ -68,7 +68,7 @@ func DefaultSystemConfig(t *testing.T) SystemConfig {
 	deployConfig := &genesis.DeployConfig{
 		L1ChainID:   900,
 		L2ChainID:   901,
-		L2BlockTime: 2,
+		L2BlockTime: 1,
 
 		FinalizationPeriodSeconds: 60 * 60 * 24,
 		MaxSequencerDrift:         10,

op-e2e/system_test.go

@@ -589,9 +589,10 @@ func TestSystemMockP2P(t *testing.T) {
 	}
 
 	cfg := DefaultSystemConfig(t)
-	// slow down L1 blocks so we can see the L2 blocks arrive well before the L1 blocks do.
-	// Keep the seq window small so the L2 chain is started quick
-	cfg.DeployConfig.L1BlockTime = 10
+	// Disable batcher, so we don't sync from L1
+	cfg.DisableBatcher = true
+	// disable at the start, so we don't miss any gossiped blocks.
+	cfg.Nodes["sequencer"].Driver.SequencerStopped = true
 
 	// connect the nodes
 	cfg.P2PTopology = map[string][]string{
@@ -613,6 +614,11 @@ func TestSystemMockP2P(t *testing.T) {
 	require.Nil(t, err, "Error starting up system")
 	defer sys.Close()
 
+	// Enable the sequencer now that everyone is ready to receive payloads.
+	rollupRPCClient, err := rpc.DialContext(context.Background(), sys.RollupNodes["sequencer"].HTTPEndpoint())
+	require.Nil(t, err)
+	require.NoError(t, rollupRPCClient.Call(nil, "admin_startSequencer", sys.L2GenesisCfg.ToBlock().Hash()))
+
 	l2Seq := sys.Clients["sequencer"]
 	l2Verif := sys.Clients["verifier"]
 
@@ -634,11 +640,11 @@ func TestSystemMockP2P(t *testing.T) {
 	require.Nil(t, err, "Sending L2 tx to sequencer")
 
 	// Wait for tx to be mined on the L2 sequencer chain
-	receiptSeq, err := waitForTransaction(tx.Hash(), l2Seq, 6*time.Duration(sys.RollupConfig.BlockTime)*time.Second)
+	receiptSeq, err := waitForTransaction(tx.Hash(), l2Seq, 10*time.Duration(sys.RollupConfig.BlockTime)*time.Second)
 	require.Nil(t, err, "Waiting for L2 tx on sequencer")
 
 	// Wait until the block it was first included in shows up in the safe chain on the verifier
-	receiptVerif, err := waitForTransaction(tx.Hash(), l2Verif, 6*time.Duration(sys.RollupConfig.BlockTime)*time.Second)
+	receiptVerif, err := waitForTransaction(tx.Hash(), l2Verif, 10*time.Duration(sys.RollupConfig.BlockTime)*time.Second)
 	require.Nil(t, err, "Waiting for L2 tx on verifier")
 
 	require.Equal(t, receiptSeq, receiptVerif)

op-node/rollup/derive/channel_bank.go

@@ -124,6 +124,7 @@ func (cb *ChannelBank) Read() (data []byte, err error) {
 	if !ch.IsReady() {
 		return nil, io.EOF
 	}
+	cb.log.Info("Reading channel", "channel", first, "frames", len(ch.inputs))
 
 	delete(cb.channels, first)
 	cb.channelQueue = cb.channelQueue[1:]

op-wheel/commands.go

@@ -78,11 +78,17 @@ var (
 		EnvVar: opservice.PrefixEnvVar(envVarPrefix, "BUILDING_TIME"),
 		Value:  time.Second * 6,
 	}
+	AllowGaps = cli.BoolFlag{
+		Name:   "allow-gaps",
+		Usage:  "allow gaps in block building, like missed slots on the beacon chain.",
+		EnvVar: opservice.PrefixEnvVar(envVarPrefix, "ALLOW_GAPS"),
+	}
 )
 
 func ParseBuildingArgs(ctx *cli.Context) *engine.BlockBuildingSettings {
 	return &engine.BlockBuildingSettings{
 		BlockTime:    ctx.Uint64(BlockTimeFlag.Name),
+		AllowGaps:    ctx.Bool(AllowGaps.Name),
 		Random:       hashFlagValue(RandaoFlag.Name, ctx),
 		FeeRecipient: addrFlagValue(FeeRecipientFlag.Name, ctx),
 		BuildTime:    ctx.Duration(BuildingTime.Name),
@@ -336,7 +342,7 @@ var (
 		Usage: "build the next block using the Engine API",
 		Flags: []cli.Flag{
 			EngineEndpoint, EngineJWTPath,
-			FeeRecipientFlag, RandaoFlag, BlockTimeFlag, BuildingTime,
+			FeeRecipientFlag, RandaoFlag, BlockTimeFlag, BuildingTime, AllowGaps,
 		},
 		// TODO: maybe support transaction and tx pool engine flags, since we use op-geth?
 		// TODO: reorg flag
@@ -362,7 +368,7 @@ var (
 		Description: "The block time can be changed. The execution engine must be synced to a post-Merge state first.",
 		Flags: append(append([]cli.Flag{
 			EngineEndpoint, EngineJWTPath,
-			FeeRecipientFlag, RandaoFlag, BlockTimeFlag, BuildingTime,
+			FeeRecipientFlag, RandaoFlag, BlockTimeFlag, BuildingTime, AllowGaps,
 		}, oplog.CLIFlags(envVarPrefix)...), opmetrics.CLIFlags(envVarPrefix)...),
 		Action: EngineAction(func(ctx *cli.Context, client client.RPC) error {
 			logCfg := oplog.ReadLocalCLIConfig(ctx)

op-wheel/engine/engine.go

@@ -95,13 +95,22 @@ func updateForkchoice(ctx context.Context, client client.RPC, head, safe, finali
 }
 
 type BlockBuildingSettings struct {
-	BlockTime    uint64
+	BlockTime uint64
+	// skip a block; timestamps will still increase in multiples of BlockTime like L1, but there may be gaps.
+	AllowGaps    bool
 	Random       common.Hash
 	FeeRecipient common.Address
 	BuildTime    time.Duration
 }
 
 func BuildBlock(ctx context.Context, client client.RPC, status *StatusData, settings *BlockBuildingSettings) (*engine.ExecutableData, error) {
+	timestamp := status.Head.Time + settings.BlockTime
+	if settings.AllowGaps {
+		now := uint64(time.Now().Unix())
+		if now > timestamp {
+			timestamp = now - ((now - timestamp) % settings.BlockTime)
+		}
+	}
 	var pre engine.ForkChoiceResponse
 	if err := client.CallContext(ctx, &pre, "engine_forkchoiceUpdatedV1",
 		engine.ForkchoiceStateV1{
@@ -109,7 +118,7 @@ func BuildBlock(ctx context.Context, client client.RPC, status *StatusData, sett
 			SafeBlockHash:      status.Safe.Hash,
 			FinalizedBlockHash: status.Finalized.Hash,
 		}, engine.PayloadAttributes{
-			Timestamp:             status.Head.Time + settings.BlockTime,
+			Timestamp:             timestamp,
 			Random:                settings.Random,
 			SuggestedFeeRecipient: settings.FeeRecipient,
 			// TODO: maybe use the L2 fields to hack in tx embedding CLI option?
@@ -210,6 +219,7 @@ func Auto(ctx context.Context, metrics Metricer, client client.RPC, log log.Logg
 
 				payload, err := BuildBlock(ctx, client, status, &BlockBuildingSettings{
 					BlockTime:    settings.BlockTime,
+					AllowGaps:    settings.AllowGaps,
 					Random:       settings.Random,
 					FeeRecipient: settings.FeeRecipient,
 					BuildTime:    buildTime,

packages/contracts-bedrock/deploy-config/mainnet.json

@@ -25,7 +25,7 @@
   "governanceTokenName": "Optimism",
   "governanceTokenSymbol": "OP",
   "governanceTokenOwner": "0x90F79bf6EB2c4f870365E785982E1f101E93b906",
-  "l2GenesisBlockGasLimit": "0x17D7840",
+  "l2GenesisBlockGasLimit": "0x1c9c380",
   "l2GenesisBlockCoinbase": "0x4200000000000000000000000000000000000011",
   "l2GenesisBlockBaseFeePerGas": "0x3b9aca00",
   "gasPriceOracleOverhead": 2100,
@@ -33,4 +33,4 @@
   "eip1559Denominator": 50,
   "eip1559Elasticity": 10,
   "l2GenesisRegolithTimeOffset": "0x0"
-}
\ No newline at end of file
+}

packages/contracts-bedrock/deploy-config/mainnet.ts

@@ -37,7 +37,7 @@ const config: DeployConfig = {
   governanceTokenSymbol: 'OP',
   governanceTokenOwner: '0x90F79bf6EB2c4f870365E785982E1f101E93b906',
 
-  l2GenesisBlockGasLimit: '0x17D7840',
+  l2GenesisBlockGasLimit: '0x1c9c380',
   l2GenesisBlockCoinbase: '0x4200000000000000000000000000000000000011',
   l2GenesisBlockBaseFeePerGas: '0x3b9aca00',
 

specs/bridges.md

@@ -35,7 +35,7 @@ interface StandardBridge {
     function finalizeBridgeERC20(address _localToken, address _remoteToken, address _from, address _to, uint256 _amount, bytes memory _extraData) external;
     function finalizeBridgeETH(address _from, address _to, uint256 _amount, bytes memory _extraData) payable external;
     function messenger() view external returns (address);
-    function otherBridge() view external returns (address);
+    function OTHER_BRIDGE() view external returns (address);
 }
 ```
 

specs/challenger.md

+# Challenger Specification
+
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+**Table of Contents**
+
+- [Description](#description)
+- [Terminology](#terminology)
+- [Event and Response Lifecycle](#event-and-response-lifecycle)
+  - [`GameType.FAULT`](#gametypefault)
+  - [`GameType.ATTESTATION`](#gametypeattestation)
+  - [`GameType.VALIDITY`](#gametypevalidity)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+## Description
+
+The Challenger is an off-chain agent that listens for faulty claims made about the state of
+the L2 on the data availability layer. It is responsible for challenging these incorrect claims
+and ensuring the correctness of all finalized claims on the settlement layer.
+
+The Challenger agent is intended to be ran as a permissionless service by participants of the network
+alongside a [rollup-node](./rollup-node.md). Challenger agents will be rewarded in the form of the
+bond attached to the claims they disprove.
+
+## Terminology
+
+- **data availability layer** - In the context of this document, the data availability layer is the
+  generic term for the location where claims about the state of the layer two are made. In the context
+  of Optimism, this is Ethereum Mainnet.
+- **settlement layer** - In the context of this document, the settlement layer is the location of the
+  bridge as well as where funds deposited to the rollup reside. In the context of Optimism, this is
+  Ethereum Mainnet.
+- **L2** - In the context of this document, the layer two of the Optimistic Rollup. In the context
+  of Optimism, this is the Optimism Mainnet.
+- **rollup-node** - In the context of this document, the rollup node describes the
+  [rollup-node specification](./rollup-node.md). In the context of Optimism, this is the implementation
+  of the [rollup-node specification](./rollup-node.md), the `op-node`.
+
+## Event and Response Lifecycle
+
+The Challenger agent is expected to be able to listen for and respond to several different events
+on the data availability layer. These events and responses are parameterized depending on the type
+of dispute game being played, and the Challenger listens to different events and responds uniquely
+to each of the different game types. For specification of dispute game types, see the
+[Dispute Game Interfaces specification](./dispute-game-interface.md) and
+[Dispute Game specification](./dispute-game.md).
+
+### `GameType.FAULT`
+
+> **Warning**  
+> The `FAULT` game type is not yet implemented. In the first iteration of Optimism's decentralization effort,
+> challengers will respond to `ATTESTATION` games only.
+
+**Events and Responses**
+*TODO*
+
+### `GameType.ATTESTATION`
+
+**Events and Responses**
+
+- [`L2OutputOracle.OutputProposed`](../packages/contracts-bedrock/contracts/L1/L2OutputOracle.sol#L57-70)
+  The `L2OutputOracle` contract emits this event when a new output is proposed on the data availability
+  layer. Each time an output is proposed, the Challenger should check to see if the output is equal
+  the output given by the `optimism_outputAtBlock` endpoint of their `rollup-node`.
+  - If it is, the Challenger should do nothing to challenge this output proposal.
+  - If it is not, the Challenger should respond by creating a new `DisputeGame` with the
+    `DisputeGameType.ATTESTATION` `gameType`, the correct output root as the `rootClaim`, and the abi-encoded
+    `l2BlockNumber` of the correct output root as the `extraData`.
+  ![Attestation `OutputProposed` Diagram](./assets/challenger_attestation_output_proposed.png)
+- `DisputeGameFactory.DisputeGameCreated` A new dispute game has been created and is ready to be reviewed. The
+  Challenger agent should listen for this event and check if the `rootClaim` of the `AttestationDisputeGame`
+  created by the `DisputeGameFactory` is equal to the output root of their `rollup-node` at the game's `l2BlockNumber`.
+  - If it is, the Challenger should sign the [EIP-712 typeHash](./dispute-game.md) of the struct containing the
+    `AttestationDisputeGame`'s `rootClaim` and `l2BlockNumber`. The Challenger should then submit the abi-encoded
+    signature to the `AttetationDisputeGame`'s `challenge` function.
+  - If it is not, the Challenger should do nothing in support of this dispute game.
+  ![Attestation `DisputeGameCreated` Diagram](./assets/challenger_attestation_dispute_game_created.png)
+
+A full diagram and lifecycle of the Challenger's role in the `ATTESTATION` game type can be found below:
+
+![Attestation Diagram](./assets/challenger_attestation.png)
+
+### `GameType.VALIDITY`
+
+**TODO**
+
+> **Warning**  
+> The `VALIDITY` game type is not yet implemented. In the first iteration of Optimism's decentralization effort,
+> challengers will respond to `ATTESTATION` games only. A validity proof based dispute game is a possibility,
+> but fault proof based dispute games will be the primary focus of the team in the near future.
+
+**Events and Responses**
+*TODO*

specs/dispute-game-interface.md

+# Dispute Game Interface
+
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+**Table of Contents**
+
+- [Overview](#overview)
+- [Types](#types)
+- [`DisputeGameFactory` Interface](#disputegamefactory-interface)
+- [`DisputeGame` Interface](#disputegame-interface)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+## Overview
+
+A dispute game is played between multiple parties when contesting the truthiness
+of a claim. In the context of an optimistic rollup, claims are made about the
+state of the layer two network to enable withdrawals to the layer one. A proposer
+makes a claim about the layer two state such that they can withdraw and a
+challenger can dispute the validity of the claim. The security of the layer two
+comes from the ability of fraudulent withdrawals being able to be disputed.
+
+A dispute game interface is defined to allow for multiple implementations of
+dispute games to exist. If multiple dispute games run in production, it gives
+a similar security model as having multiple protocol clients, as a bug in a
+single dispute game will not result in the bug becoming consensus.
+
+## Types
+
+For added context, we define a few types that are used in the following snippets.
+
+```solidity
+/// @notice The type of proof system being used.
+enum GameType {
+    /// @dev The game will use a `IDisputeGame` implementation that utilizes fault proofs.
+    FAULT,
+    /// @dev The game will use a `IDisputeGame` implementation that utilizes validity proofs.
+    VALIDITY,
+    /// @dev The game will use a `IDisputeGame` implementation that utilizes attestation proofs.
+    ATTESTATION
+}
+
+/// @notice The current status of the dispute game.
+enum GameStatus {
+    /// @dev The game is currently in progress, and has not been resolved.
+    IN_PROGRESS,
+    /// @dev The game has concluded, and the `rootClaim` was challenged successfully.
+    CHALLENGER_WINS,
+    /// @dev The game has concluded, and the `rootClaim` could not be contested.
+    DEFENDER_WINS
+}
+
+/// @notice A dedicated timestamp type.
+type Timestamp is uint64;
+
+/// @notice A `Claim` type represents a 32 byte hash or other unique identifier for a claim about
+///         a certain piece of information.
+/// @dev For the `FAULT` `GameType`, this will be a root of the merklized state of the fault proof
+///      program at the end of the state transition.
+///      For the `ATTESTATION` `GameType`, this will be an output root.
+type Claim is bytes32;
+```
+
+## `DisputeGameFactory` Interface
+
+The dispute game factory is responsible for creating new `DisputeGame` contracts
+given a `GameType` and a root `Claim`. Challenger agents will listen to the
+`DisputeGameCreated` events that are emitted by the factory as well as other events
+that pertain to detecting fault (i.e. `OutputProposed(bytes32,uint256,uint256,uint256)`) in order to keep up
+with on-going disputes in the protocol.
+
+A [`clones-with-immutable-args`](https://github.com/Saw-mon-and-Natalie/clones-with-immutable-args) factory
+(originally by @wighawag, but forked by @Saw-mon-and-Natalie) is used to create Clones. Each `GameType` has
+a corresponding implementation within the factory, and when a new game is created, the factory creates a
+clone of the `GameType`'s pre-deployed implementation contract.
+
+The `rootClaim` of created dispute games can either be a claim that the creator agrees or disagrees with.
+This is an implementation detail that is left up to the `IDisputeGame` to handle within its `resolve` function.
+
+When the `DisputeGameFactory` creates a new `DisputeGame` contract, it calls `initialize()` on the clone to
+set up the game.
+
+```solidity
+/// @title IDisputeGameFactory
+/// @notice The interface for a DisputeGameFactory contract.
+interface IDisputeGameFactory {
+    /// @notice Emitted when a new dispute game is created
+    /// @param disputeProxy The address of the dispute game proxy
+    /// @param gameType The type of the dispute game proxy's implementation
+    /// @param rootClaim The root claim of the dispute game
+    event DisputeGameCreated(address indexed disputeProxy, GameType indexed gameType, Claim indexed rootClaim);
+
+    /// @notice `games` queries an internal a mapping that maps the hash of `gameType ++ rootClaim ++ extraData`
+    ///          to the deployed `DisputeGame` clone.
+    /// @dev `++` equates to concatenation.
+    /// @param gameType The type of the DisputeGame - used to decide the proxy implementation
+    /// @param rootClaim The root claim of the DisputeGame.
+    /// @param extraData Any extra data that should be provided to the created dispute game.
+    /// @return _proxy The clone of the `DisputeGame` created with the given parameters. Returns `address(0)` if nonexistent.
+    function games(GameType gameType, Claim rootClaim, bytes calldata extraData) external view returns (IDisputeGame _proxy);
+
+    /// @notice `gameImpls` is a mapping that maps `GameType`s to their respective `IDisputeGame` implementations.
+    /// @param gameType The type of the dispute game.
+    /// @return _impl The address of the implementation of the game type. Will be cloned on creation of a new dispute game
+    ///               with the given `gameType`.
+    function gameImpls(GameType gameType) public view returns (IDisputeGame _impl);
+
+    /// @notice The owner of the contract.
+    /// @dev Owner Permissions:
+    ///      - Update the implementation contracts for a given game type.
+    /// @return _owner The owner of the contract.
+    function owner() public view returns (address _owner);
+
+    /// @notice Creates a new DisputeGame proxy contract.
+    /// @param gameType The type of the DisputeGame - used to decide the proxy implementation
+    /// @param rootClaim The root claim of the DisputeGame.
+    /// @param extraData Any extra data that should be provided to the created dispute game.
+    function create(GameType gameType, Claim rootClaim, bytes calldata extraData) external returns (IDisputeGame proxy);
+
+    /// @notice Sets the implementation contract for a specific `GameType`
+    /// @dev May only be called by the `owner`.
+    /// @param gameType The type of the DisputeGame
+    /// @param impl The implementation contract for the given `GameType`
+    function setImplementation(GameType gameType, IDisputeGame impl) external;
+}
+```
+
+## `DisputeGame` Interface
+
+The dispute game interface should be generic enough to allow it to work with any
+proof system. This means that it should work fault proofs, validity proofs,
+an attestation based proof system, or any other source of truth that adheres to
+the interface.
+
+Clones of the `IDisputeGame`'s `initialize` functions will be called by the `DisputeGameFactory` upon creation.
+
+```solidity
+////////////////////////////////////////////////////////////////
+//                    GENERIC DISPUTE GAME                    //
+////////////////////////////////////////////////////////////////
+
+/// @title IDisputeGame
+/// @notice The generic interface for a DisputeGame contract.
+interface IDisputeGame {
+    /// @notice Initializes the DisputeGame contract.
+    /// @custom:invariant The `initialize` function may only be called once.
+    function initialize() external;
+
+    /// @notice Returns the semantic version of the DisputeGame contract
+    function version() external pure returns (string memory _version);
+
+    /// @notice Returns the timestamp that the DisputeGame contract was created at.
+    function createdAt() external pure returns (Timestamp _createdAt);
+
+    /// @notice Returns the current status of the game.
+    function status() external view returns (GameStatus _status);
+
+    /// @notice Getter for the game type.
+    /// @dev `clones-with-immutable-args` argument #1
+    /// @dev The reference impl should be entirely different depending on the type (fault, validity)
+    ///      i.e. The game type should indicate the security model.
+    /// @return _gameType The type of proof system being used.
+    function gameType() external view returns (GameType _gameType);
+
+    /// @notice Getter for the root claim.
+    /// @return _rootClaim The root claim of the DisputeGame.
+    /// @dev `clones-with-immutable-args` argument #2
+    function rootClaim() external view returns (Claim _rootClaim);
+
+    /// @notice Getter for the extra data.
+    /// @dev `clones-with-immutable-args` argument #3
+    /// @return _extraData Any extra data supplied to the dispute game contract by the creator.
+    function extraData() external view returns (bytes memory _extraData);
+
+    /// @notice Returns the address of the `BondManager` used 
+    function bondManager() public view returns (IBondManager _bondManager);
+
+    /// @notice If all necessary information has been gathered, this function should mark the game
+    ///         status as either `CHALLENGER_WINS` or `DEFENDER_WINS` and return the status of
+    ///         the resolved game. It is at this stage that the bonds should be awarded to the
+    ///         necessary parties.
+    /// @dev May only be called if the `status` is `IN_PROGRESS`.
+    function resolve() public returns (GameStatus _status);
+}
+
+////////////////////////////////////////////////////////////////
+//              OUTPUT ATTESTATION DISPUTE GAME               //
+////////////////////////////////////////////////////////////////
+
+/// @title IDisputeGame_OutputAttestation
+/// @notice The interface for an attestation-based DisputeGame meant to contest output
+///         proposals in Optimism's `L2OutputOracle` contract.
+interface IDisputeGame_OutputAttestation is IDisputeGame {
+    /// @notice A mapping of addresses from the `signerSet` to booleans signifying whether
+    ///         or not they have authorized the `rootClaim` to be invalidated.
+    function challenges(address challenger) external view returns (bool _challenged);
+
+    /// @notice The signer set consists of authorized public keys that may challenge the `rootClaim`.
+    /// @return An array of authorized signers.
+    function signerSet() external view returns (address[] memory _signers);
+
+    /// @notice The amount of signatures required to successfully challenge the `rootClaim`
+    ///         output proposal. Once this threshold is met by members of the `signerSet`
+    ///         calling `challenge`, the game will be resolved to `CHALLENGER_WINS`.
+    /// @custom:invariant The `signatureThreshold` may never be greater than the length of the `signerSet`.
+    function signatureThreshold() public view returns (uint16 _signatureThreshold);
+
+    /// @notice Returns the L2 Block Number that the `rootClaim` commits to. Exists within the `extraData`.
+    function l2BlockNumber() public view returns (uint256 _l2BlockNumber);
+
+    /// @notice Challenge the `rootClaim`.
+    /// @dev - If the `ecrecover`ed address that created the signature is not a part of the
+    ///      signer set returned by `signerSet`, this function should revert.
+    ///      - If the `ecrecover`ed address that created the signature is not the msg.sender,
+    ///      this function should revert.
+    ///      - If the signature provided is the signature that breaches the signature threshold,
+    ///      the function should call the `resolve` function to resolve the game as `CHALLENGER_WINS`.
+    ///      - When the game resolves, the bond attached to the root claim should be distributed among
+    ///      the signers who participated in challenging the invalid claim.
+    /// @param signature An EIP-712 signature committing to the `rootClaim` and `l2BlockNumber` (within the `extraData`)
+    ///                  from a key that exists within the `signerSet`.
+    function challenge(bytes calldata signature) external;
+}
+```

specs/dispute-game.md

+# Dispute Game
+
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+**Table of Contents**
+
+- [Attestation Dispute Game](#attestation-dispute-game)
+  - [Smart Contract Implementation](#smart-contract-implementation)
+    - [Attestation Structure](#attestation-structure)
+  - [Why EIP-712](#why-eip-712)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+## Attestation Dispute Game
+
+The output attestation based dispute game shifts the current permissioned output proposal process
+to a permissionless, social-consensus based architecture that can progressively decentralize over
+time by increasing the size of the signer set. In this "game," output proposals can be submitted
+permissionlessly. To prevent "invalid output proposals," a social quorum can revert an output proposal
+when an invalid one is discovered. The set of signers is maintained in the `SystemConfig` contract,
+and these signers will issue [EIP-712](https://eips.ethereum.org/EIPS/eip-712) signatures
+over canonical output roots and the `l2BlockNumber`s they commit to as attestations. To learn more,
+see the [DisputeGame Interface Spec](./dispute-game-interface.md).
+
+In the above language, an "invalid output proposal" is defined as an output proposal that represents
+a non-canonical state of the L2 chain.
+
+### Smart Contract Implementation
+
+The `AttestationDisputeGame` should implement the `IDisputeGame` interface and also be able to call
+out to the `L2OutputOracle`. It is expected that the `L2OutputOracle` will grant permissions to
+`AttestationDisputeGame` contracts to call its `deleteL2Outputs` function at the *specific* `l2BlockNumber`
+that is embedded in the `AttestationDisputeGame`'s `extraData`.
+
+The `AttestationDisputeGame` should be configured with a quorum ratio at deploy time. It should also
+maintain a set of attestor accounts, which is fetched by the `SystemConfig` contract and snapshotted
+at deploy time. This snapshot is necessary to have a fixed upper bound on resolution cost, which in
+turn gives a fix cost for the necessary bond attached to output proposals.
+
+The ability to add and remove attestor accounts should be enabled by a single immutable
+account that controls the `SystemConfig`. It should be impossible to remove accounts such that quorum
+is not able to be reached. It is ok to allow accounts to be added or removed in the middle of an
+open challenge, as it will not affect the `signerSet` that exists within open challenges.
+
+A challenge is created when an alternative output root for a given `l2BlockNumber` is presented to the
+`DisputeGameFactory` contract. Multiple challenges should be able to run in parallel.
+
+For simplicity, the `AttestationDisputeGame` does not need to track what output proposals are
+committed to as part of the attestations. It only needs to check that the attested output root
+is different than the proposed output root. If this is not checked, then it will be possible
+to remove output proposals that are in agreement with the attestations and create a griefing vector.
+
+#### Attestation Structure
+
+The EIP-712 [typeHash](https://eips.ethereum.org/EIPS/eip-712#rationale-for-typehash) should be
+defined as the following:
+
+```solidity
+TYPE_HASH = keccak256("Dispute(bytes32 outputRoot,uint256 l2BlockNumber)");
+```
+
+The components for the `typeHash` are as follows:
+
+- `outputRoot` - The **correct** output root that commits to the given `l2BlockNumber`. This should be a
+  positive attestation where the `rootClaim` of the `AttestationDisputeGame` is the **correct** output root
+  for the given `l2BlockNumber`.
+- `l2BlockNumber` - The L2 block number that the `outputRoot` commits to. The `outputRoot` should commit
+  to the entirety of the L2 state from genesis up to and including this `l2BlockNumber`.
+
+### Why EIP-712
+
+It is important to use EIP-712 to decouple the originator of the transaction and the attestor. This
+will allow a decentralized network of attestors that serve attestations to bots that are responsible
+for ensuring that all output proposals submitted to the network will not allow for malicious withdrawals
+from the bridge.
+
+It is important to have replay protection to ensure that attestations cannot be used more than once.