config/op-stack-superchain/key-custody-checklist.example.md

# Key custody checklist (Standard Rollup) — example

Copy this checklist to your internal CMDB. **Do not** commit filled copies with addresses of multisig signers if classified.

## Roles (separate keys per role in production)

- [ ] Sequencer signing (L2 block production)
- [ ] Batcher (L1 transaction submission)
- [ ] Proposer (L2 output roots on L1)
- [ ] Challenger (fault-proof participation)
- [ ] L1 deployer (one-time or gated contract deploy)
- [ ] Upgrade / admin (multisig; align with [standard-config-roles-mainnet.toml](https://github.com/ethereum-optimism/superchain-registry/blob/main/validation/standard/standard-config-roles-mainnet.toml) and charter)

## Custody

- [ ] Multisig vendor + threshold recorded
- [ ] Hardware / institutional custody for hot keys where required
- [ ] Break-glass procedure documented
- [ ] Key rotation and incident response contacts

## Funding

- [ ] L1 ETH budget for deploy, batching, proposals, challenger bonds
- [ ] L2 gas funding for operational tests

## Evidence

- [ ] `pinned-versions.manifest.yaml` filled and stored with deploy artifacts
- [ ] Addresses recorded under `config/op-stack-superchain/deployed/` (non-secret files only)
Sync workspace: config, docs, scripts, CI, operator rules, and submodule pointers. - Update dbis_core, cross-chain-pmm-lps, explorer-monorepo, metamask-integration, pr-workspace/chains - Omit embedded publish git dirs and empty placeholders from index Made-with: Cursor 2026-04-12 06:12:20 -07:00			`# Key custody checklist (Standard Rollup) — example`

			`Copy this checklist to your internal CMDB. Do not commit filled copies with addresses of multisig signers if classified.`

			`## Roles (separate keys per role in production)`

			`- [ ] Sequencer signing (L2 block production)`
			`- [ ] Batcher (L1 transaction submission)`
			`- [ ] Proposer (L2 output roots on L1)`
			`- [ ] Challenger (fault-proof participation)`
			`- [ ] L1 deployer (one-time or gated contract deploy)`
			`- [ ] Upgrade / admin (multisig; align with [standard-config-roles-mainnet.toml](https://github.com/ethereum-optimism/superchain-registry/blob/main/validation/standard/standard-config-roles-mainnet.toml) and charter)`

			`## Custody`

			`- [ ] Multisig vendor + threshold recorded`
			`- [ ] Hardware / institutional custody for hot keys where required`
			`- [ ] Break-glass procedure documented`
			`- [ ] Key rotation and incident response contacts`

			`## Funding`

			`- [ ] L1 ETH budget for deploy, batching, proposals, challenger bonds`
			`- [ ] L2 gas funding for operational tests`

			`## Evidence`

			- [ ] `pinned-versions.manifest.yaml` filled and stored with deploy artifacts
			- [ ] Addresses recorded under `config/op-stack-superchain/deployed/` (non-secret files only)