Announcement: OpenVM v1.6.0 Upgrade on Scroll

roylou · June 19, 2026, 5:47pm

Overview

This is a focused maintenance upgrade that bumps Scroll’s zkVM prover stack from OpenVM v1.4.1 to v1.6.0, pulling in the security fixes shipped in OpenVM v1.5.0 and v1.6.0. Because these releases tighten the prover’s constraint system, the upgrade is a breaking change at the zk layer and therefore requires deploying a new on-chain verifier contract. There are no changes to the external protocol, the EVM, the fee model, or any user-facing interfaces.

As this is a security-driven maintenance upgrade with no protocol-parameter changes, it proceeds as an announcement only.

Motivation

OpenVM v1.5.0 and v1.6.0 raise the provable-security target and remediate several critical soundness advisories in the proving system. Adopting them keeps Scroll’s validity proofs aligned with the latest verified-security guarantees of the upstream prover.

What’s changing

From OpenVM v1.5.0 (security target)

STARK protocol now targets 100 bits of provable security with FRI.
Formal verification of the RV32IM VM extension in Lean.
Plonky3 updated to v0.4.1; Halo2 verifying-key generation now requires wrapper_k = 24.

From OpenVM v1.6.0 (critical soundness fixes)

Four critical advisories are remediated, plus an upstream Plonky3 fix:

GHSA-9jfx-4f4f-497j — SHA-256 and Keccak circuits under-constrained
GHSA-76mq-v757-53gr — Pairing check missing subfield validation on the scaling factor
GHSA-j9m2-fxc5-fr82 — Native recursion verifier missing constraints in program and circuit
GHSA-fh29-29h9-qm9h — System AIRs missing boolean/zero assertions
GHSA-vj64-rjf3-w3v7 — Plonky3 transcript-binding vulnerability (fixed via Plonky3 v0.4.3)

Supporting constraint hardening includes boolean constraints on PhantomAir/VmConnectorAir, SHA-256 trace finalization and padding-block validation, Keccak terminal finalization, memory Merkle-root anchoring, recursive-verifier permutation/bounds checks, and out-of-bounds prevention on hint-stream reads.

On-chain changes

A new zk verifier contract is deployed to match the upgraded prover:

Verifier contract (Scroll Sepolia): 0x42fA2481dbFf5F877ffFDD11D0d848950Eb08F2B
Verifier contract (Scroll Mainnet): to be added

Timeline

Scroll Sepolia — June 18, 07:00 UTC
Scroll Mainnet — June 25, 07:00 UTC

Impact

No action required from users, developers, or dApps. The external protocol, RPC, and contract interfaces are unchanged.
During the upgrade window, batch finalization will be delayed by approximately one hour. Transactions, deposits, and L2 execution continue normally; only L1 finalization is briefly paused.
The breaking change is confined to the zk proving system and the verifier contract; it does not affect application-layer compatibility.

References

OpenVM releases: Releases · openvm-org/openvm · GitHub

Topic		Replies	Views
Report: Scroll Mainnet Emergency Upgrade on 2025-04-25 General protocol , technical , security-council	0	2456	May 2, 2025
Security Council Report: Scroll Mainnet Emergency Upgrade on 2025-05-26 General protocol , councils , technical , security-council	0	197	June 3, 2025
Report: Scroll Mainnet Emergency Upgrade on 2026-02-23 General protocol , technical , security-council	1	109	March 9, 2026
[Security Council Report] Scroll Mainnet Emergency Upgrade on 2025-08-08 General security-council	0	99	August 19, 2025
Proposal: Euclid Upgrade General protocol , proposal	13	486	April 22, 2025