Address Aliasing

Address aliasing is a security mechanism used in the OP Stack (Base, Optimism, and other Superchain L2s) to prevent cross-domain identity spoofing on L1→L2 deposit transactions. When an L1 contract (not an externally owned account) sends a deposit transaction, the sender's address on L2 is modified by adding the constant 0x1111000000000000000000000000000000001111.

Why aliasing exists

Without aliasing, an attacker could:

1. Deploy a contract at address 0xABC... on Ethereum L1
2. Deploy a different contract at the same address 0xABC... on the L2
3. Send a deposit transaction from the L1 contract
4. On L2, the transaction would appear to come from 0xABC..., which the L2 contract controls
5. This allows the attacker to bypass any authorization that trusts the L1 contract's address

By offsetting the address, the L2 sees a different sender (0xABC... + 0x1111...1111), preventing this spoofing vector.

Impact on smart contracts

• Any contract using tx.origin for access control will see the aliased address during deposit transactions, not the original L1 sender.
• Cross-domain message handlers must explicitly de-alias addresses when verifying the sender of an L1→L2 deposit.
• EOA (externally owned account) deposits are not aliased — only contract-originated deposits are affected.
• If an L1 contract deposits ETH and the L2 execution reverts, the ETH is minted to the aliased address. If no contract controls that aliased address, the funds are permanently stranded.