From f5208599eb80c098d276b698a1a96d44e0d6ee59 Mon Sep 17 00:00:00 2001
From: cpengilly <29023967+cpengilly@users.noreply.github.com>
Date: Mon, 17 Jun 2024 13:13:12 -0700
Subject: [PATCH 1/4] superchainconfig guardian address change

Update privileged-roles.mdx
---
 pages/chain/security/privileged-roles.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/chain/security/privileged-roles.mdx b/pages/chain/security/privileged-roles.mdx
index 76ab1043c..6eab785b4 100644
--- a/pages/chain/security/privileged-roles.mdx
+++ b/pages/chain/security/privileged-roles.mdx
@@ -169,7 +169,7 @@ The Guardian can also manage various aspects of the `OptimismPortal` contract to
 
 ### Addresses
 
-*   **Ethereum**: [`0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A`](https://etherscan.io/address/0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A)
+*   **Ethereum**: [`0x09f7150D8c019BeF34450d6920f6B3608ceFdAf2`](https://etherscan.io/address/0x09f7150D8c019BeF34450d6920f6B3608ceFdAf2)
 *   **Sepolia**: [`0xf64bc17485f0B4Ea5F06A96514182FC4cB561977`](https://sepolia.etherscan.io/address/0xf64bc17485f0B4Ea5F06A96514182FC4cB561977)
 
 ## Mint Manager Owner

From f0bd70c7fba6aa9fe6c217365c1fda360c71bc30 Mon Sep 17 00:00:00 2001
From: cpengilly <29023967+cpengilly@users.noreply.github.com>
Date: Mon, 17 Jun 2024 13:51:43 -0700
Subject: [PATCH 2/4] Update privileged-roles.mdx

---
 pages/chain/security/privileged-roles.mdx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pages/chain/security/privileged-roles.mdx b/pages/chain/security/privileged-roles.mdx
index 6eab785b4..295541054 100644
--- a/pages/chain/security/privileged-roles.mdx
+++ b/pages/chain/security/privileged-roles.mdx
@@ -31,7 +31,7 @@ The L1 Proxy Admin is an address that can be used to upgrade most OP Mainnet sys
 
 ## L2 Proxy Admin
 
-The L2 Proxy Admin is an address that can be used to upgrade most OP Mainnet system contracts on L2.
+The L2 Proxy Admin is an address that can be used to upgrade most OP Mainnet system contracts on L2. L2 Proxy Admin is the aliased address of the L1ProxyAdmin owner, which means the L2 ProxyAdmin Owner is equal to the L1 ProxyAdmin Owner, but due to aliasing it's a different address.
 
 ### Risks
 
@@ -45,7 +45,7 @@ The L2 Proxy Admin is an address that can be used to upgrade most OP Mainnet sys
 
 ### Addresses
 
-*   **Ethereum**: [`0x7871d1187a97cbbe40710ac119aa3d412944e4fe`](https://optimistic.etherscan.io/address/0x7871d1187a97cbbe40710ac119aa3d412944e4fe)
+*   **Ethereum**: [`0x6B1BAE59D09fCcbdDB6C6cceb07B7279367C4E3b`](https://optimistic.etherscan.io/address/0x6B1BAE59D09fCcbdDB6C6cceb07B7279367C4E3b)
 *   **Sepolia**: [`0x1Eb2fFc903729a0F03966B917003800b145F56E2`](https://sepolia-optimism.etherscan.io/address/0x1Eb2fFc903729a0F03966B917003800b145F56E2)
 
 ## System Config Owner

From a424133b410b2d8d86890b74a4e44856f3886fa2 Mon Sep 17 00:00:00 2001
From: cpengilly <29023967+cpengilly@users.noreply.github.com>
Date: Tue, 18 Jun 2024 13:27:01 -0700
Subject: [PATCH 3/4] Apply suggestions from code review

Co-authored-by: George Knee <georgeknee@googlemail.com>
---
 pages/chain/security/privileged-roles.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/chain/security/privileged-roles.mdx b/pages/chain/security/privileged-roles.mdx
index 295541054..340fcd83f 100644
--- a/pages/chain/security/privileged-roles.mdx
+++ b/pages/chain/security/privileged-roles.mdx
@@ -31,7 +31,7 @@ The L1 Proxy Admin is an address that can be used to upgrade most OP Mainnet sys
 
 ## L2 Proxy Admin
 
-The L2 Proxy Admin is an address that can be used to upgrade most OP Mainnet system contracts on L2. L2 Proxy Admin is the aliased address of the L1ProxyAdmin owner, which means the L2 ProxyAdmin Owner is equal to the L1 ProxyAdmin Owner, but due to aliasing it's a different address.
+The L2 Proxy Admin is an address that can be used to upgrade most OP Mainnet system contracts on L2. The L2 Proxy Admin owner is the aliased address of the L1ProxyAdmin owner, which means the L2 ProxyAdmin Owner is equal to the L1 ProxyAdmin Owner, but due to aliasing it's a different address.
 
 ### Risks
 

From 4f868f64e3509bc12b5b73a8f116d88bfa7f39d5 Mon Sep 17 00:00:00 2001
From: cpengilly <29023967+cpengilly@users.noreply.github.com>
Date: Thu, 20 Jun 2024 13:53:06 -0700
Subject: [PATCH 4/4] Update privileged-roles.mdx

---
 pages/chain/security/privileged-roles.mdx | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pages/chain/security/privileged-roles.mdx b/pages/chain/security/privileged-roles.mdx
index 340fcd83f..57f2e94b4 100644
--- a/pages/chain/security/privileged-roles.mdx
+++ b/pages/chain/security/privileged-roles.mdx
@@ -31,7 +31,13 @@ The L1 Proxy Admin is an address that can be used to upgrade most OP Mainnet sys
 
 ## L2 Proxy Admin
 
-The L2 Proxy Admin is an address that can be used to upgrade most OP Mainnet system contracts on L2. The L2 Proxy Admin owner is the aliased address of the L1ProxyAdmin owner, which means the L2 ProxyAdmin Owner is equal to the L1 ProxyAdmin Owner, but due to aliasing it's a different address.
+The L2 Proxy Admin is an address that can be used to upgrade most OP Mainnet system contracts on L2. The L2 Proxy Admin owner is the [aliased address](/chain/differences#address-aliasing) of the L1ProxyAdmin owner, which means the L2 ProxyAdmin Owner is equal to the L1 ProxyAdmin Owner, but due to aliasing it's a different address. Here's how that works:
+
+*   Given an L1 contract address, the aliased L2 address is equal to `L1_contract_address` + `0x1111000000000000000000000000000000001111`.
+*   Using `0x6B1BAE59D09fCcbdDB6C6cceb07B7279367C4E3b` as an example, the `0x6B` address is the L2 address that's been aliased, so to figure out the original L1 address you calculate `0x6B1BAE59D09fCcbdDB6C6cceb07B7279367C4E3b` - `0x1111000000000000000000000000000000001111`.
+*   That result gives an L1 contract address of `0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A`, which should be the 2/2 Safe owned by Foundation + Security Council that is L1 ProxyAdmin Owner.
+*   No one has the private key for `0x6B1BAE59D09fCcbdDB6C6cceb07B7279367C4E3b` on OP Mainnet, which means the only way for the L2 ProxyAdmin owner to send transactions is via deposit transactions from the L1 `0x5a0Aae59D09fccBdDb6C6CcEB07B7279367C3d2A` address.
+*   For help with the calculations, see the [`AddressAliasHelper` library](https://github.com/ethereum-optimism/optimism/blob/develop/packages/contracts-bedrock/src/vendor/AddressAliasHelper.sol).
 
 ### Risks