diff --git a/Dockerfile b/Dockerfile
index ac78d3ef6cf7..27a1589fcae9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,6 +4,9 @@ WORKDIR /server
 COPY . /server
 RUN yarn
 
+# Copy live env config updates file to /server so that it may be updated while running.
+COPY ./packages/rollup-full-node/config/env_var_updates.config /server
+
 WORKDIR /server/packages/rollup-full-node
 
 EXPOSE 8545
diff --git a/Dockerfile.dev b/Dockerfile.dev
new file mode 100644
index 000000000000..67f857340d8d
--- /dev/null
+++ b/Dockerfile.dev
@@ -0,0 +1,5 @@
+FROM node:11
+WORKDIR /mnt/full-node/packages/rollup-full-node
+
+EXPOSE 8545
+CMD [ "bash", "./exec/wait-for-nodes.sh", "yarn", "run", "server:fullnode:debug" ]
diff --git a/README.md b/README.md
index feb4d193ef89..aca47c845ef2 100644
--- a/README.md
+++ b/README.md
@@ -120,5 +120,20 @@ Run tests for a specific package or set of packages:
 PKGS=your,packages,here yarn test
 ```
 
+### Running the fullnode in Docker
+Running the fullnode in [Docker](https://www.docker.com/) allows us launch our entire stack with a single command. 
+
+To run the fullnode in Docker in production run:
+
+`docker-compose up`
+
+To run it in development run:
+
+```sh
+  rm -rf node_modules
+  docker-compose -f docker-compose.yml -f docker-compose.dev.yml run rollup-full-node yarn
+  docker-compose -f docker-compose.yml -f docker-compose.dev.yml up
+```
+
 **Contributors: remember to run tests and lint before submitting a pull request!**
 Linted code with passing tests makes life easier for everyone and means your contribution can get pulled into this project faster.
diff --git a/aws/synthetix/prod/web/docker-compose.yml b/aws/synthetix/prod/web/docker-compose.yml
index 46aaf2358824..923d83832c55 100644
--- a/aws/synthetix/prod/web/docker-compose.yml
+++ b/aws/synthetix/prod/web/docker-compose.yml
@@ -82,10 +82,10 @@ services:
       postgres_pass: let-me-in
       postgres_db: graph-node
       ipfs: '0.0.0.0:5001'
-      ethereum: 'ovm:http://0.0.0.0:8545'
+      ethereum: 'ovm:http://0.0.0.0:8546'
       RUST_LOG: info
       STARTUP_WAIT_TIMEOUT: 30
-      OVM_URL_WITH_PORT: 'http://0.0.0.0:8545'
+      OVM_URL_WITH_PORT: 'http://0.0.0.0:8546'
     volumes:
       - postgres-data:/data/postgres
       - ipfs-data:/data/ipfs
diff --git a/aws/synthetix/uat/web/docker-compose.yml b/aws/synthetix/uat/web/docker-compose.yml
index 298853271b15..4dd1b8100570 100644
--- a/aws/synthetix/uat/web/docker-compose.yml
+++ b/aws/synthetix/uat/web/docker-compose.yml
@@ -82,10 +82,10 @@ services:
       postgres_pass: let-me-in
       postgres_db: graph-node
       ipfs: '0.0.0.0:5001'
-      ethereum: 'ovm:http://0.0.0.0:8545'
+      ethereum: 'ovm:http://0.0.0.0:8546'
       RUST_LOG: info
       STARTUP_WAIT_TIMEOUT: 30
-      OVM_URL_WITH_PORT: 'http://0.0.0.0:8545'
+      OVM_URL_WITH_PORT: 'http://0.0.0.0:8546'
     volumes:
       - postgres-data:/data/postgres
       - ipfs-data:/data/ipfs
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
new file mode 100644
index 000000000000..9dc42c4d70a7
--- /dev/null
+++ b/docker-compose.dev.yml
@@ -0,0 +1,9 @@
+version: "3"
+services:
+
+  rollup-full-node:
+    build:
+      context: .
+      dockerfile: Dockerfile.dev
+    volumes:
+       - .:/mnt/full-node:rw
diff --git a/docker-compose.yml b/docker-compose.yml
index c89dd8714a91..19f7f871e471 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -46,6 +46,9 @@ services:
       - L2_RPC_SERVER_PORT=8545
       - TRANSACTION_NODE_URL=http://rollup-full-node:8546
       - READ_ONLY_NODE_URL=http://read-only-node:8547
+      - REQUEST_LIMIT_PERIOD_MILLIS=1000
+      - MAX_NON_TRANSACTION_REQUESTS_PER_UNIT_TIME=10
+      - MAX_TRANSACTIONS_PER_UNIT_TIME=10
 
   read-only-node:
     image: optimism-monorepo_rollup-full-node:latest
@@ -77,7 +80,60 @@ services:
     ports:
       - 9545:9545
 
+  graph-node:
+    build:
+      context: docker/the-graph
+      dockerfile: Dockerfile
+    ports:
+      - '8000:8000'
+      - '8001:8001'
+      - '8020:8020'
+      - '8030:8030'
+      - '8040:8040'
+    environment:
+      postgres_host: postgres:5432
+      postgres_user: graph-node
+      postgres_pass: let-me-in
+      postgres_db: graph-node
+      ipfs: 'ipfs:5001'
+      ethereum: 'ovm:http://router:8545'
+      RUST_LOG: info
+      STARTUP_WAIT_TIMEOUT: 30
+      OVM_URL_WITH_PORT: 'http://router:8545'
+    volumes:
+      - postgres-data:/data/postgres
+      - ipfs-data:/data/ipfs
+
+  ipfs:
+    image: ipfs/go-ipfs:v0.4.23
+    ports:
+      - '5001:5001'
+    volumes:
+      - ipfs-data:/data/ipfs
+
+  postgres:
+    image: postgres
+    ports:
+      - '5432:5432'
+    command: ["postgres", "-cshared_preload_libraries=pg_stat_statements"]
+    environment:
+      POSTGRES_USER: graph-node
+      POSTGRES_PASSWORD: let-me-in
+      POSTGRES_DB: graph-node
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+
 volumes:
   full-node-data:
   l1-node-data:
   l2-node-data:
+  postgres-data:
+  ipfs-data:
+
+
+
+
+
+
+
+
diff --git a/packages/core-utils/src/app/log.ts b/packages/core-utils/src/app/log.ts
index 0aad713a0241..0df49bc0b84f 100644
--- a/packages/core-utils/src/app/log.ts
+++ b/packages/core-utils/src/app/log.ts
@@ -1,9 +1,24 @@
 import debug from 'debug'
 import { Logger } from '../types'
 
-export const LOG_NEWLINE_STRING = '<\n>'
-export const joinNewlinesAndDebug = (logs: string) =>
-  debug(logs.replace('\n', LOG_NEWLINE_STRING))
+export const LOG_CR_STRING = '<\\r>'
+export const LOG_NEWLINE_STRING = '<\\n>'
+export const joinNewlinesAndDebug = (...logs: any[]) => {
+  const stringifiedLogs = []
+  for (const l of logs) {
+    if (typeof l !== 'string') {
+      stringifiedLogs.push(JSON.stringify(l))
+    } else {
+      stringifiedLogs.push(l)
+    }
+  }
+  return debug(
+    stringifiedLogs
+      .join(' ')
+      .replace(/\n/g, LOG_NEWLINE_STRING)
+      .replace(/\r/g, LOG_CR_STRING)
+  )
+}
 
 export const getLogger = (
   identifier: string,
diff --git a/packages/docs/src/core/src/spec/jump-transpilation.rst b/packages/docs/src/core/src/spec/jump-transpilation.rst
index c430c2652fdd..a154c130322d 100644
--- a/packages/docs/src/core/src/spec/jump-transpilation.rst
+++ b/packages/docs/src/core/src/spec/jump-transpilation.rst
@@ -59,4 +59,4 @@ Duplicate above code once for each (compare jumpdest, post-transpile jumpdest) p
 
 **Note on bytecode interpretation**
 
-Note that properly processing these conditions requires preprocessing the code; a particularly pathological use case is ``PUSH2 JUMPDEST PUSH1 PUSH2 JUMPDEST PUSH1 PUSH2 JUMPDEST PUSH1 ...``, as this code has all ``JUMPDEST``s invalid but an alternative piece of code equivalent to this but only with the leading ``PUSH2`` replaced with another op (eg. ``BALANCE``) will have all ``JUMPDESTS`` valid.  We appropriately deal with this, both in our transpiler and purity checker.
\ No newline at end of file
+Note that properly processing these conditions requires preprocessing the code; a particularly pathological use case is ``PUSH2 JUMPDEST PUSH1 PUSH2 JUMPDEST PUSH1 PUSH2 JUMPDEST PUSH1 ...``, as this code has all ``JUMPDEST``s invalid but an alternative piece of code equivalent to this but only with the leading ``PUSH2`` replaced with another op (eg. ``BALANCE``) will have all ``JUMPDESTS`` valid.  We appropriately deal with this, both in our transpiler and safety checker.
\ No newline at end of file
diff --git a/packages/docs/src/core/src/spec/overview.rst b/packages/docs/src/core/src/spec/overview.rst
index db8ef8cda70d..63b414b654b6 100644
--- a/packages/docs/src/core/src/spec/overview.rst
+++ b/packages/docs/src/core/src/spec/overview.rst
@@ -4,7 +4,7 @@ OVM Overview and Architecture
 
 The core functionality of the OVM is to run transactions in such a way that they are "pure" or "deterministic"--that is, no matter what time in the future a dispute about them is triggered on layer 1, the output of the computation is the same--*no matter what the state of the L1.
 
-To accomplish this, there are two critical smart contracts: the Execution Manager, and the Purity Checker.
+To accomplish this, there are two critical smart contracts: the Execution Manager, and the Safety Checker.
 
 *****************
 Execution Manager
@@ -19,10 +19,10 @@ The execution manager interfaces with "code contracts," which are contracts comp
    <img src="../../_static/images/execution-manager.png" alt="The Execution Manager">
 
 **************
-Purity Checker
+Safety Checker
 **************
 
-To ensure that the execution of an OVM transaction is deterministic between L1 and L2, we must enforce that **only** the container interface described above is used.  To accomplish this, we have a "purity checker."  The purity checker analyzes the low-level assembly bytecode of an EVM contract to tell the execution manager whether the code conforms to the OVM interface.  If it does not, then the execution manager does not allow such a contract to be created or used in a fraud proof.
+To ensure that the execution of an OVM transaction is deterministic between L1 and L2, we must enforce that **only** the container interface described above is used.  To accomplish this, we have a "safety checker."  The safety checker analyzes the low-level assembly bytecode of an EVM contract to tell the execution manager whether the code conforms to the OVM interface.  If it does not, then the execution manager does not allow such a contract to be created or used in a fraud proof.
 
 .. raw:: html
 
diff --git a/packages/docs/src/core/src/spec/transpilation-details.rst b/packages/docs/src/core/src/spec/transpilation-details.rst
index b7c7416edbef..b5d3d70229c3 100644
--- a/packages/docs/src/core/src/spec/transpilation-details.rst
+++ b/packages/docs/src/core/src/spec/transpilation-details.rst
@@ -20,7 +20,7 @@ The following opcodes perform stack operations which are constant in terms of L1
 - "Pure" memory modifying operations: 
    - ``MLOAD, MSTORE, MSTORE8, MSIZE``.
 - Permitted execution-context-dependent operations: 
-   - ``CALLVALUE*, CALLDATALOAD, CALLDATASIZE, CALLDATACOPY, CODESIZE, RETURNDATASIZE, RETURNDATACOPY``   \*Note: ``CALLVALUE`` will always be 0 because we enforce that all ``CALL`` s always pass 0 in our purity checking.
+   - ``CALLVALUE*, CALLDATALOAD, CALLDATASIZE, CALLDATACOPY, CODESIZE, RETURNDATASIZE, RETURNDATACOPY``   \*Note: ``CALLVALUE`` will always be 0 because we enforce that all ``CALL`` s always pass 0 in our safety checking.
 
 Replaced Opcodes
 ================
@@ -119,7 +119,7 @@ These opcodes are banned simply because we don't want to support them currently.
 ETH-native Value
 -----------------------------------------
 
-We have made the decision for now not to use native ETH, and instead do everything with wrapped ETH (WETH).  Note: ``CALLVALUE`` is actually able to be whitelisted, because our Purity Checker enforces that all Calls are made with a value of 0. Contracts are welcome to use msg.value, it will just always return 0. This means that the following opcodes are banned, not just transpiled:
+We have made the decision for now not to use native ETH, and instead do everything with wrapped ETH (WETH).  Note: ``CALLVALUE`` is actually able to be whitelisted, because our Safety Checker enforces that all Calls are made with a value of 0. Contracts are welcome to use msg.value, it will just always return 0. This means that the following opcodes are banned, not just transpiled:
 - ``BALANCE`` -- gets ``address(this).balance``
 While not a ban, another note here is that all ``value``-related inputs to other opcodes like ``CREATE`` or ``CALL`` are overridden to ``0`` by their transpiled counterparts.  We do have good inline documentation for how a native ``value`` could be added if needed.  Another option is we could even transpile the native ETH opcodes to use ``WETH`` instead.  TBD.
 
diff --git a/packages/ovm/config/.env.example b/packages/ovm/config/.env.example
index e1d7d24f2be3..8e44b8c42c8d 100644
--- a/packages/ovm/config/.env.example
+++ b/packages/ovm/config/.env.example
@@ -13,7 +13,7 @@
 # Mnemonic for the wallet used to deploy the contracts
 DEPLOY_MNEMONIC='response fresh afford leader twice silent table exist aisle pelican focus bird'
 
-DEPLOY_PURITY_CHECKER_CONTRACT_ADDRESS='0x some address here'
+DEPLOY_SAFETY_CHECKER_CONTRACT_ADDRESS='0x some address here'
 
 # Note: can use any network name. 'local' or leaving it blank will deploy to DEPLOY_LOCAL_URL
 DEPLOY_NETWORK='local'
@@ -30,4 +30,4 @@ OPCODE_WHITELIST_MASK='0x600a0000000000000000001fffffffffffffffff0fcf000063f0000
 #    CREATE, CREATE2, DELEGATECALL, DIFFICULTY, EXTCODECOPY, EXTCODESIZE,
 #    GASLIMIT, GASPRICE, NUMBER, ORIGIN, SELFDESTRUCT, SLOAD, SSTORE,
 #    STATICCALL, TIMESTAMP
-# See test/purity-checker/whitelist-mask-generator.spec.ts for more info
+# See test/safety-checker/whitelist-mask-generator.spec.ts for more info
diff --git a/packages/ovm/deploy/execution-manager.ts b/packages/ovm/deploy/execution-manager.ts
index 0f906401f993..21f98c6d2785 100644
--- a/packages/ovm/deploy/execution-manager.ts
+++ b/packages/ovm/deploy/execution-manager.ts
@@ -3,7 +3,7 @@ import { deploy, deployContract } from '@eth-optimism/core-utils'
 import { Wallet } from 'ethers'
 
 /* Internal Imports */
-import { deployPurityChecker } from './purity-checker'
+import { deploySafetyChecker } from './safety-checker'
 import * as ExecutionManager from '../build/contracts/ExecutionManager.json'
 import { resolve } from 'path'
 import { GAS_LIMIT, DEFAULT_OPCODE_WHITELIST_MASK } from '../src/app'
@@ -13,13 +13,13 @@ const executionManagerDeploymentFunction = async (
 ): Promise<string> => {
   console.log(`\nDeploying ExecutionManager!\n`)
 
-  const purityCheckerContractAddress = await deployPurityChecker()
+  const safetyCheckerContractAddress = await deploySafetyChecker()
 
   const executionManager = await deployContract(
     ExecutionManager,
     wallet,
     DEFAULT_OPCODE_WHITELIST_MASK,
-    purityCheckerContractAddress,
+    safetyCheckerContractAddress,
     GAS_LIMIT,
     true
   )
diff --git a/packages/ovm/deploy/purity-checker.ts b/packages/ovm/deploy/safety-checker.ts
similarity index 61%
rename from packages/ovm/deploy/purity-checker.ts
rename to packages/ovm/deploy/safety-checker.ts
index 2cb18e8f3a95..a8415b9f1dce 100644
--- a/packages/ovm/deploy/purity-checker.ts
+++ b/packages/ovm/deploy/safety-checker.ts
@@ -4,23 +4,23 @@ import { deploy, deployContract, add0x } from '@eth-optimism/core-utils'
 import { Wallet } from 'ethers'
 
 /* Internal Imports */
-import * as PurityChecker from '../build/contracts/PurityChecker.json'
+import * as SafetyChecker from '../build/contracts/SafetyChecker.json'
 import { resolve } from 'path'
 
-const purityCheckerDeploymentFunction = async (
+const safetyCheckerDeploymentFunction = async (
   wallet: Wallet
 ): Promise<Address> => {
-  let purityCheckerContractAddress =
-    process.env.DEPLOY_PURITY_CHECKER_CONTRACT_ADDRESS
-  if (!purityCheckerContractAddress) {
-    console.log(`\nDeploying Purity Checker!\n`)
+  let safetyCheckerContractAddress =
+    process.env.DEPLOY_SAFETY_CHECKER_CONTRACT_ADDRESS
+  if (!safetyCheckerContractAddress) {
+    console.log(`\nDeploying Safety Checker!\n`)
 
     // Default config whitelists all opcodes EXCEPT:
     //    ADDRESS, BALANCE, BLOCKHASH, CALLCODE, CALLER, COINBASE,
     //    CREATE, CREATE2, DELEGATECALL, DIFFICULTY, EXTCODECOPY, EXTCODESIZE,
     //    GASLIMIT, GASPRICE, NUMBER, ORIGIN, SELFDESTRUCT, SLOAD, SSTORE,
     //    STATICCALL, TIMESTAMP
-    // See test/purity-checker/whitelist-mask-generator.spec.ts for more info
+    // See test/contracts/whitelist-mask-generator.spec.ts for more info
     const whitelistMask =
       process.env.OPCODE_WHITELIST_MASK ||
       '0x600a0000000000000000001fffffffffffffffff0fcf000063f000013fff0fff'
@@ -29,41 +29,41 @@ const purityCheckerDeploymentFunction = async (
       process.env.EXECUTION_MANAGER_ADDRESS || add0x('12'.repeat(20))
 
     console.log(
-      `Deploying Purity Checker using mask '${whitelistMask}' and execution manager '${executionManagerAddress}'...`
+      `Deploying Safety Checker using mask '${whitelistMask}' and execution manager '${executionManagerAddress}'...`
     )
     whitelistMask
-    const purityChecker = await deployContract(
-      PurityChecker,
+    const safetyChecker = await deployContract(
+      SafetyChecker,
       wallet,
       whitelistMask,
       executionManagerAddress
     )
-    purityCheckerContractAddress = purityChecker.address
+    safetyCheckerContractAddress = safetyChecker.address
 
     console.log(
-      `Purity Checker deployed to ${purityCheckerContractAddress}!\n\n`
+      `Safety Checker deployed to ${safetyCheckerContractAddress}!\n\n`
     )
   } else {
     console.log(
-      `Using Purity Checker contract at ${purityCheckerContractAddress}\n`
+      `Using Safety Checker contract at ${safetyCheckerContractAddress}\n`
     )
   }
-  return purityCheckerContractAddress
+  return safetyCheckerContractAddress
 }
 
 /**
- * Deploys the Purity Checker contract.
+ * Deploys the Safety Checker contract.
  *
  * @param rootContract Whether or not this is the main contract being deployed (as compared to a dependency).
  * @returns The deployed contract's address.
  */
-export const deployPurityChecker = async (
+export const deploySafetyChecker = async (
   rootContract: boolean = false
 ): Promise<string> => {
   // Note: Path is from 'build/deploy/<script>.js'
   const configDirPath = resolve(__dirname, `../../config/`)
 
-  return deploy(purityCheckerDeploymentFunction, configDirPath, rootContract)
+  return deploy(safetyCheckerDeploymentFunction, configDirPath, rootContract)
 }
 
-deployPurityChecker(true)
+deploySafetyChecker(true)
diff --git a/packages/ovm/package.json b/packages/ovm/package.json
index 06bfea982bcc..7b561739ea8e 100644
--- a/packages/ovm/package.json
+++ b/packages/ovm/package.json
@@ -16,7 +16,7 @@
     "build": "mkdir -p ./build && waffle waffle-config.json && tsc -p .",
     "clean": "rimraf build/",
     "deploy:execution-manager": "yarn build && node ./build/deploy/execution-manager.js",
-    "deploy:purity-checker": "yarn build && node ./build/deploy/purity-checker.js"
+    "deploy:safety-checker": "yarn build && node ./build/deploy/safety-checker.js"
   },
   "keywords": [
     "optimistic",
diff --git a/packages/ovm/src/app/utils.ts b/packages/ovm/src/app/utils.ts
index 6d589af4ec2d..9e290b7133ac 100644
--- a/packages/ovm/src/app/utils.ts
+++ b/packages/ovm/src/app/utils.ts
@@ -1,18 +1,17 @@
 /* External Imports */
 import {
   abi,
-  add0x,
   getLogger,
   hexStrToBuf,
   bufToHexString,
   numberToHexString,
   logError,
-  remove0x,
   ZERO_ADDRESS,
   LOG_NEWLINE_STRING,
   BloomFilter,
-  hexStrToNumber,
 } from '@eth-optimism/core-utils'
+import { Address } from '@eth-optimism/rollup-core'
+
 import { ethers } from 'ethers'
 import { LogDescription } from 'ethers/utils'
 import { Log, TransactionReceipt } from 'ethers/providers'
@@ -70,62 +69,46 @@ export interface OvmTransactionMetadata {
  *
  * NOTE: The input logs MUST NOT be stripped of any Execution Manager events, or this function will break.
  *
- * @param logs an array of internal transaction logs which we will parse and then convert.
+ * @param logs An array of internal transaction logs which we will parse and then convert.
+ * @param executionManagerAddress The address of the Execution Manager contract for log parsing.
  * @return the converted logs
  */
 export const convertInternalLogsToOvmLogs = (
   logs: Log[],
   executionManagerAddress: string
 ): Log[] => {
-  let activeContract = logs[0] ? logs[0].address : ZERO_ADDRESS
-  const loggerLogs = [`Parsing internal logs ${JSON.stringify(logs)}: `]
+  const uppercaseExecutionMangerAddress: Address = executionManagerAddress.toUpperCase()
+  let activeContractAddress: Address = logs[0] ? logs[0].address : ZERO_ADDRESS
+  const stringsToDebugLog = [`Parsing internal logs ${JSON.stringify(logs)}: `]
   const ovmLogs = []
-  let cumulativeTxEMLogIndices = 0
+  let numberOfEMLogs = 0
   let prevEMLogIndex = 0
   logs.forEach((log) => {
-    if (log.address.toUpperCase() === executionManagerAddress.toUpperCase()) {
-      const EMLogIndex = log.logIndex
-      if (EMLogIndex <= prevEMLogIndex) {
-        loggerLogs.push(
-          `Detected raw EM log ${log} with lower logIndex than previously processed, must be from a new transaction.  Resetting cumulative EM log indices for tx.`
-        )
-        cumulativeTxEMLogIndices = 0
+    if (log.address.toUpperCase() === uppercaseExecutionMangerAddress) {
+      if (log.logIndex <= prevEMLogIndex) {
+        // This indicates a new TX, so reset number of EM logs to 0
+        numberOfEMLogs = 0
       }
-      cumulativeTxEMLogIndices++
-      prevEMLogIndex = EMLogIndex
+      numberOfEMLogs++
+      prevEMLogIndex = log.logIndex
       const executionManagerLog = executionManagerInterface.parseLog(log)
       if (!executionManagerLog) {
-        loggerLogs.push(
+        stringsToDebugLog.push(
           `Execution manager emitted log with topics: ${log.topics}.  These were unrecognized by the interface parser-but definitely not an ActiveContract event, ignoring...`
         )
-      } else {
-        loggerLogs.push(
-          `${executionManagerLog.name}, values: ${JSON.stringify(
-            executionManagerLog.values
-          )} and cumulativeTxEMLogIndices: ${cumulativeTxEMLogIndices}`
-        )
-        if (executionManagerLog.name === 'ActiveContract') {
-          activeContract = executionManagerLog.values['_activeContract']
-          loggerLogs.push(
-            `EM activeContract event detected, setting activeContract to ${activeContract}`
-          )
-        } else {
-          loggerLogs.push(
-            `EM-but-non-activeContract event detected, ignoring...`
-          )
-        }
+      } else if (executionManagerLog.name === 'ActiveContract') {
+        activeContractAddress = executionManagerLog.values['_activeContract']
       }
     } else {
-      const newIndex = log.logIndex - cumulativeTxEMLogIndices
-      loggerLogs.push(
-        `Non-EM log: ${JSON.stringify(
-          log
-        )}. Using address of active contract ${activeContract} and log index ${newIndex}`
-      )
-      ovmLogs.push({ ...log, address: activeContract, logIndex: newIndex })
+      const newIndex = log.logIndex - numberOfEMLogs
+      ovmLogs.push({
+        ...log,
+        address: activeContractAddress,
+        logIndex: newIndex,
+      })
     }
   })
-  logger.debug(loggerLogs.join(LOG_NEWLINE_STRING))
+  logger.debug(stringsToDebugLog.join(LOG_NEWLINE_STRING))
   return ovmLogs
 }
 
diff --git a/packages/ovm/src/contracts/ExecutionManager.sol b/packages/ovm/src/contracts/ExecutionManager.sol
index 14a92a387b8b..bbfa6ac8b343 100644
--- a/packages/ovm/src/contracts/ExecutionManager.sol
+++ b/packages/ovm/src/contracts/ExecutionManager.sol
@@ -5,7 +5,7 @@ pragma experimental ABIEncoderV2;
 import {DataTypes as dt} from "./DataTypes.sol";
 import {FullStateManager} from "./FullStateManager.sol";
 import {ContractAddressGenerator} from "./ContractAddressGenerator.sol";
-import {PurityChecker} from "./PurityChecker.sol";
+import {SafetyChecker} from "./SafetyChecker.sol";
 import {RLPEncode} from "./RLPEncode.sol";
 import {L2ToL1MessagePasser} from "./precompiles/L2ToL1MessagePasser.sol";
 import {L1MessageSender} from "./precompiles/L1MessageSender.sol";
@@ -33,11 +33,11 @@ contract ExecutionManager is FullStateManager {
     dt.ExecutionContext executionContext;
     // Add Contract Address Generation contract
     ContractAddressGenerator contractAddressGenerator;
-    // Add Purity Checker contract
-    PurityChecker purityChecker;
+    // Add Safety Checker contract
+    SafetyChecker safetyChecker;
     RLPEncode rlp;
-    // for testing: if true, then do not perform purity checking on init code or deployed bytecode
-    bool overridePurityChecker;
+    // for testing: if true, then do not perform safety checking on init code or deployed bytecode
+    bool overrideSafetyChecker;
 
     // Events
     event ActiveContract(address _activeContract);
@@ -63,18 +63,18 @@ contract ExecutionManager is FullStateManager {
     );
 
     /**
-     * @notice Construct a new ExecutionManager with a specified purity checker & owner.
-     * @param _opcodeWhitelistMask A bit mask representing which opcodes are whitelisted or not for our purity checker
+     * @notice Construct a new ExecutionManager with a specified safety checker & owner.
+     * @param _opcodeWhitelistMask A bit mask representing which opcodes are whitelisted or not for our safety checker
      * @param _owner The owner of this contract.
      * @param _blockGasLimit The block gas limit for OVM blocks
-     * @param _overridePurityChecker Set to true to disable purity checking (WARNING: Only do this in test environments)
+     * @param _overrideSafetyChecker Set to true to disable safety checking (WARNING: Only do this in test environments)
      */
-    constructor(uint256 _opcodeWhitelistMask, address _owner, uint _blockGasLimit, bool _overridePurityChecker) public {
+    constructor(uint256 _opcodeWhitelistMask, address _owner, uint _blockGasLimit, bool _overrideSafetyChecker) public {
         rlp = new RLPEncode();
-        // Set override purity checker flag
-        overridePurityChecker = _overridePurityChecker;
-        // Set the purity checker address
-        purityChecker = new PurityChecker(_opcodeWhitelistMask, address(this));
+        // Set override safety checker flag
+        overrideSafetyChecker = _overrideSafetyChecker;
+        // Set the safety checker address
+        safetyChecker = new SafetyChecker(_opcodeWhitelistMask, address(this));
         // Initialize new contract address generator
         contractAddressGenerator = new ContractAddressGenerator();
 
@@ -573,9 +573,9 @@ contract ExecutionManager is FullStateManager {
      * @return True if this succeeded, false otherwise.
      */
     function createNewContract(address _newOvmContractAddress, bytes memory _ovmInitcode) internal returns (bool){
-        // Purity check the initcode -- unless the overridePurityChecker flag is set to true
-        if (!overridePurityChecker && !purityChecker.isBytecodePure(_ovmInitcode)) {
-            // Contract init code is not pure.
+        // Safety check the initcode -- unless the overrideSafetyChecker flag is set to true
+        if (!overrideSafetyChecker && !safetyChecker.isBytecodeSafe(_ovmInitcode)) {
+            // Contract init code is not safe.
             return false;
         }
         // Switch the context to be the new contract
@@ -584,9 +584,9 @@ contract ExecutionManager is FullStateManager {
         address codeContractAddress = deployCodeContract(_ovmInitcode);
         // Get the runtime bytecode
         bytes memory codeContractBytecode = getCodeContractBytecode(codeContractAddress);
-        // Purity check the runtime bytecode -- unless the overridePurityChecker flag is set to true
-        if (!overridePurityChecker && !purityChecker.isBytecodePure(codeContractBytecode)) {
-            // Contract runtime bytecode is not pure.
+        // Safety check the runtime bytecode -- unless the overrideSafetyChecker flag is set to true
+        if (!overrideSafetyChecker && !safetyChecker.isBytecodeSafe(codeContractBytecode)) {
+            // Contract runtime bytecode is not safe.
             return false;
         }
         // Associate the code contract with our ovm contract
diff --git a/packages/ovm/src/contracts/L2ExecutionManager.sol b/packages/ovm/src/contracts/L2ExecutionManager.sol
index b99f9320e95e..4c6ebf5cc0ad 100644
--- a/packages/ovm/src/contracts/L2ExecutionManager.sol
+++ b/packages/ovm/src/contracts/L2ExecutionManager.sol
@@ -18,8 +18,8 @@ contract L2ExecutionManager is ExecutionManager {
         uint256 _opcodeWhitelistMask,
         address _owner,
         uint _gasLimit,
-        bool _overridePurityChecker
-    ) ExecutionManager(_opcodeWhitelistMask, _owner, _gasLimit, _overridePurityChecker) public {}
+        bool _overrideSafetyChecker
+    ) ExecutionManager(_opcodeWhitelistMask, _owner, _gasLimit, _overrideSafetyChecker) public {}
 
     /**
     @notice Stores the provided OVM transaction, mapping its hash to its value and its hash to the EVM tx hash
diff --git a/packages/ovm/src/contracts/PurityChecker.sol b/packages/ovm/src/contracts/SafetyChecker.sol
similarity index 93%
rename from packages/ovm/src/contracts/PurityChecker.sol
rename to packages/ovm/src/contracts/SafetyChecker.sol
index a3b4e999d9c3..88cb774bfe75 100644
--- a/packages/ovm/src/contracts/PurityChecker.sol
+++ b/packages/ovm/src/contracts/SafetyChecker.sol
@@ -1,17 +1,17 @@
 pragma solidity ^0.5.0;
 
 /**
- * @title PurityChecker
- * @notice Purity Checker contract used to check whether or not bytecode is pure, meaning:
+ * @title SafetyChecker
+ * @notice Safety Checker contract used to check whether or not bytecode is safe, meaning:
  * 1. It uses only whitelisted opcodes
  * 2. All CALLs are to the Execution Manager and have no value set (no ETH sent)
  */
-contract PurityChecker {
+contract SafetyChecker {
     uint256 public opcodeWhitelistMask;
     address public executionManagerAddress;
 
     /**
-     * @notice Construct a new Purity Checker with the specified whitelist mask
+     * @notice Construct a new Safety Checker with the specified whitelist mask
      * @param _opcodeWhitelistMask A hex number of 256 bits where each bit represents an opcode, 0 - 255, which is set if whitelisted and unset otherwise.
      * @param _executionManagerAddress The address of the ExecutionManager.sol contract
      */
@@ -33,11 +33,11 @@ contract PurityChecker {
     }
 
     /**
-     * @notice Returns whether or not all of the provided bytecode is pure.
-     * @param _bytecode The bytecode to purity check. This can be either creation bytecode (aka initcode) or runtime bytecode (aka contract code).
+     * @notice Returns whether or not all of the provided bytecode is safe.
+     * @param _bytecode The bytecode to safety check. This can be either creation bytecode (aka initcode) or runtime bytecode (aka contract code).
      * More info on creation vs. runtime bytecode: https://medium.com/authereum/bytecode-and-init-code-and-runtime-code-oh-my-7bcd89065904
      */
-    function isBytecodePure(
+    function isBytecodeSafe(
         bytes memory _bytecode
     ) public view returns (bool) {
         bool seenJUMP = false;
@@ -79,7 +79,7 @@ contract PurityChecker {
                     seenJUMP = true;
                     // we are now inside unreachable code until we hit a JUMPDEST!
                     insideUnreachableCode = true;
-                // STOP or REVERT or INVALID or RETURN (see purity checker docs in wiki for more info)
+                // STOP or REVERT or INVALID or RETURN (see safety checker docs in wiki for more info)
                 } else if (op == 0x00 || op == 0xfd || op == 0xfe || op == 0xf3) {
                     // If we can't jump to JUMPDESTs, then all remaining bytecode is unreachable
                     if (!seenJUMP) {
diff --git a/packages/ovm/test/contracts/execution-manager.create-opcodes.spec.ts b/packages/ovm/test/contracts/execution-manager.create-opcodes.spec.ts
index b7aacba45d1f..a47ef2b410da 100644
--- a/packages/ovm/test/contracts/execution-manager.create-opcodes.spec.ts
+++ b/packages/ovm/test/contracts/execution-manager.create-opcodes.spec.ts
@@ -38,7 +38,7 @@ describe('ExecutionManager -- Create opcodes', () => {
   const provider = createMockProvider({ gasLimit: DEFAULT_ETHNODE_GAS_LIMIT })
   const [wallet] = getWallets(provider)
   let executionManager: Contract
-  let purityCheckedExecutioManager: Contract
+  let safetyCheckedExecutionManager: Contract
   let deployTx
   let deployInvalidTx
 
@@ -57,10 +57,10 @@ describe('ExecutionManager -- Create opcodes', () => {
       SimpleStorage.bytecode
     ).getDeployTransaction(executionManager.address)
 
-    purityCheckedExecutioManager = await deployContract(
+    safetyCheckedExecutionManager = await deployContract(
       wallet,
-      ExecutionManager, // Note: this is false, so it's purity checked.
-      [DEFAULT_OPCODE_WHITELIST_MASK, '0x' + '00'.repeat(20), GAS_LIMIT, false],
+      ExecutionManager,
+      [DEFAULT_OPCODE_WHITELIST_MASK, '0x' + '00'.repeat(20), GAS_LIMIT, false], // Note: this is false, so it's safety checked.
       { gasLimit: DEFAULT_ETHNODE_GAS_LIMIT }
     )
 
@@ -90,7 +90,7 @@ describe('ExecutionManager -- Create opcodes', () => {
 
       // Now actually apply it to our execution manager
       const result = await executionManager.provider.call({
-        to: purityCheckedExecutioManager.address,
+        to: safetyCheckedExecutionManager.address,
         data,
         gasLimit,
       })
@@ -130,7 +130,7 @@ describe('ExecutionManager -- Create opcodes', () => {
 
       // Now actually apply it to our execution manager
       const result = await executionManager.provider.call({
-        to: purityCheckedExecutioManager.address,
+        to: safetyCheckedExecutionManager.address,
         data,
         gasLimit,
       })
diff --git a/packages/ovm/test/contracts/execution-manager.purity-checking.spec.ts b/packages/ovm/test/contracts/execution-manager.purity-checking.spec.ts
index 6148c5c8bc96..a3eec42fe5e4 100644
--- a/packages/ovm/test/contracts/execution-manager.purity-checking.spec.ts
+++ b/packages/ovm/test/contracts/execution-manager.purity-checking.spec.ts
@@ -19,20 +19,20 @@ import {
 } from '../helpers'
 import { TransactionReceipt } from 'ethers/providers'
 
-const log = getLogger('execution-manager-purity-checking', true)
+const log = getLogger('execution-manager-safety-checking', true)
 
 /*********
  * TESTS *
  *********/
 
-describe('Execution Manager -- Purity Checking', () => {
+describe('Execution Manager -- Safety Checking', () => {
   const provider = createMockProvider({ gasLimit: DEFAULT_ETHNODE_GAS_LIMIT })
   const [wallet] = getWallets(provider)
   // Create pointers to our execution manager & simple copier contract
   let executionManager: Contract
 
   beforeEach(async () => {
-    // Deploy ExecutionManager with Purity Checking enabled
+    // Deploy ExecutionManager with Safety Checking enabled
     executionManager = await deployContract(
       wallet,
       ExecutionManager,
@@ -40,8 +40,8 @@ describe('Execution Manager -- Purity Checking', () => {
       { gasLimit: DEFAULT_ETHNODE_GAS_LIMIT }
     )
   })
-  describe('Purity Checking within Execution Manager', async () => {
-    it('should fail when given an impure contract', async () => {
+  describe('Safety Checking within Execution Manager', async () => {
+    it('should fail when given an unsafe contract', async () => {
       // For transactions,
       const receipt: TransactionReceipt = await manuallyDeployOvmContractReturnReceipt(
         wallet,
@@ -57,10 +57,10 @@ describe('Execution Manager -- Purity Checking', () => {
 
       createSucceeded.should.equal(
         false,
-        `DummyContract.sol should not have been considered pure because it uses storage in its constructor`
+        `DummyContract.sol should not have been considered safe because it uses storage in its constructor`
       )
     })
-    it('should successfully deploy a pure contract', async () => {
+    it('should successfully deploy a safe contract', async () => {
       const receipt = await manuallyDeployOvmContractReturnReceipt(
         wallet,
         provider,
@@ -75,7 +75,7 @@ describe('Execution Manager -- Purity Checking', () => {
 
       createSucceeded.should.equal(
         true,
-        `AddThree.sol contract should have been considered pure`
+        `AddThree.sol contract should have been considered safe`
       )
     })
   })
diff --git a/packages/ovm/test/contracts/purity-checker.spec.ts b/packages/ovm/test/contracts/safety-checker.spec.ts
similarity index 91%
rename from packages/ovm/test/contracts/purity-checker.spec.ts
rename to packages/ovm/test/contracts/safety-checker.spec.ts
index bbb265eb9788..d1bdc97684fb 100644
--- a/packages/ovm/test/contracts/purity-checker.spec.ts
+++ b/packages/ovm/test/contracts/safety-checker.spec.ts
@@ -10,10 +10,10 @@ import { Contract } from 'ethers'
 import { createMockProvider, deployContract, getWallets } from 'ethereum-waffle'
 
 /* Logging */
-const log = getLogger('purity-checker')
+const log = getLogger('safety-checker', true)
 
 /* Contract Imports */
-import * as PurityChecker from '../../build/contracts/PurityChecker.json'
+import * as SafetyChecker from '../../build/contracts/SafetyChecker.json'
 
 const executionManagerAddress = add0x('12'.repeat(20)) // Test Execution Manager address 0x121...212
 const notWhitelisted: EVMOpcode[] = [
@@ -52,25 +52,25 @@ const whitelistedNotHaltingOrCALL: EVMOpcode[] = Opcode.ALL_OP_CODES.filter(
     x.name !== 'CALL'
 )
 
-describe('Purity Checker', () => {
+describe('Safety Checker', () => {
   const provider = createMockProvider()
   const [wallet] = getWallets(provider)
-  let purityChecker: Contract
+  let safetyChecker: Contract
 
   /* Deploy a new whitelist contract before each test */
   beforeEach(async () => {
-    purityChecker = await deployContract(
+    safetyChecker = await deployContract(
       wallet,
-      PurityChecker,
+      SafetyChecker,
       [DEFAULT_OPCODE_WHITELIST_MASK, executionManagerAddress],
       { gasLimit: 6700000 }
     )
   })
 
-  describe('isBytecodePure()', async () => {
+  describe('isBytecodeSafe()', async () => {
     describe('Empty case', () => {
       it('should work for empty case', async () => {
-        const res: boolean = await purityChecker.isBytecodePure([])
+        const res: boolean = await safetyChecker.isBytecodeSafe([])
         res.should.eq(true, `empty bytecode should be whitelisted!`)
       })
     })
@@ -78,7 +78,7 @@ describe('Purity Checker', () => {
     describe('Single op-code cases', async () => {
       it('should correctly classify non-whitelisted', async () => {
         for (const opcode of notWhitelisted) {
-          const res: boolean = await purityChecker.isBytecodePure(
+          const res: boolean = await safetyChecker.isBytecodeSafe(
             `0x${opcode.code.toString('hex')}`
           )
           res.should.eq(
@@ -91,7 +91,7 @@ describe('Purity Checker', () => {
       it('should correctly classify whitelisted', async () => {
         for (const opcode of whitelistedNotHaltingOrCALL) {
           if (!opcode.name.startsWith('PUSH')) {
-            const res: boolean = await purityChecker.isBytecodePure(
+            const res: boolean = await safetyChecker.isBytecodeSafe(
               `0x${opcode.code.toString('hex')}`
             )
             res.should.eq(
@@ -114,7 +114,7 @@ describe('Purity Checker', () => {
           const bytecode: string = `0x${Buffer.of(push1Code + i - 1).toString(
             'hex'
           )}${invalidOpcode.repeat(i)}`
-          const res: boolean = await purityChecker.isBytecodePure(bytecode)
+          const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
           res.should.eq(
             true,
             `PUSH${i} failed by not skipping ${i} bytes of bytecode!`
@@ -132,7 +132,7 @@ describe('Purity Checker', () => {
           const bytecode: string = `0x${Buffer.of(push1Code + i - 1).toString(
             'hex'
           )}${invalidOpcode.repeat(i + 1)}`
-          const res: boolean = await purityChecker.isBytecodePure(bytecode)
+          const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
           res.should.eq(
             false,
             `PUSH${i} succeeded, skipping ${i +
@@ -153,7 +153,7 @@ describe('Purity Checker', () => {
           )}`
         }
 
-        const res: boolean = await purityChecker.isBytecodePure(bytecode)
+        const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
         res.should.eq(true, `Bytecode of all whitelisted (non-halting) failed!`)
       })
 
@@ -167,7 +167,7 @@ describe('Purity Checker', () => {
           )}`
         }
         for (const opcode of notWhitelisted) {
-          const res: boolean = await purityChecker.isBytecodePure(
+          const res: boolean = await safetyChecker.isBytecodeSafe(
             bytecode + opcode.code.toString('hex')
           )
           res.should.eq(
@@ -186,7 +186,7 @@ describe('Purity Checker', () => {
           for (const opcode of notWhitelisted) {
             bytecode += opcode.code.toString('hex')
           }
-          const res: boolean = await purityChecker.isBytecodePure(bytecode)
+          const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
           res.should.eq(
             true,
             `Bytecode containing invalid opcodes in unreachable code after a ${haltingOp.name} failed!`
@@ -201,7 +201,7 @@ describe('Purity Checker', () => {
           for (const opcode of notWhitelisted) {
             bytecode += opcode.code.toString('hex')
           }
-          const res: boolean = await purityChecker.isBytecodePure(bytecode)
+          const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
           res.should.eq(
             true,
             `Bytecode containing invalid opcodes after unreachable JUMPDEST (after a ${haltingOp.name}) failed!`
@@ -220,7 +220,7 @@ describe('Purity Checker', () => {
             for (const opcode of notWhitelisted) {
               bytecode += opcode.code.toString('hex')
             }
-            const res: boolean = await purityChecker.isBytecodePure(bytecode)
+            const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
             res.should.eq(
               false,
               `Bytecode containing invalid opcodes after a JUMPDEST preceded by a ${haltingOp.name} and reachable by ${jump.name} should have failed!`
@@ -236,7 +236,7 @@ describe('Purity Checker', () => {
         for (const opcode of notWhitelisted) {
           bytecode += opcode.code.toString('hex')
         }
-        const res: boolean = await purityChecker.isBytecodePure(bytecode)
+        const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
         res.should.eq(
           false,
           `Bytecode containing invalid opcodes after reachble JUMPDEST should have failed!`
@@ -249,7 +249,7 @@ describe('Purity Checker', () => {
         for (const opcode of notWhitelisted) {
           bytecode += opcode.code.toString('hex')
         }
-        const res: boolean = await purityChecker.isBytecodePure(bytecode)
+        const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
         res.should.eq(
           false,
           `Bytecode containing invalid opcodes after JUMPI should have failed!`
@@ -275,7 +275,7 @@ describe('Purity Checker', () => {
                 bytecode += opcode.code.toString('hex')
               }
             }
-            const res: boolean = await purityChecker.isBytecodePure(bytecode)
+            const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
             res.should.eq(
               true,
               `Long bytecode containing alternating valid reachable and invalid unreachable code failed!`
@@ -304,7 +304,7 @@ describe('Purity Checker', () => {
               }
             }
             bytecode += notWhitelisted[0].code.toString('hex')
-            const res: boolean = await purityChecker.isBytecodePure(bytecode)
+            const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
             res.should.eq(
               false,
               `Long bytecode ending in reachable, invalid code should have failed!`
@@ -334,7 +334,7 @@ describe('Purity Checker', () => {
           bytecode += invalidOpcode.repeat(i)
           // CALL
           bytecode += Opcode.CALL.code.toString('hex')
-          const res: boolean = await purityChecker.isBytecodePure(bytecode)
+          const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
           res.should.eq(
             true,
             `Bytecode containing valid CALL using PUSH${i} to set gas failed!`
@@ -357,7 +357,7 @@ describe('Purity Checker', () => {
           bytecode += Buffer.of(dup1Code + i - 1).toString('hex')
           // CALL
           bytecode += Opcode.CALL.code.toString('hex')
-          const res: boolean = await purityChecker.isBytecodePure(bytecode)
+          const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
           res.should.eq(
             true,
             `Bytecode containing valid CALL using DUP${i} to set gas failed!`
@@ -382,7 +382,7 @@ describe('Purity Checker', () => {
           bytecode += opcode.code.toString('hex')
           // CALL
           bytecode += Opcode.CALL.code.toString('hex')
-          const res: boolean = await purityChecker.isBytecodePure(bytecode)
+          const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
           res.should.eq(
             false,
             `Bytecode containing invalid CALL using ${opcode.name} to set gas should have failed!`
@@ -412,7 +412,7 @@ describe('Purity Checker', () => {
           bytecode += '11'.repeat(32) //PUSH32 0x11...11
           // CALL
           bytecode += Opcode.CALL.code.toString('hex')
-          const res: boolean = await purityChecker.isBytecodePure(bytecode)
+          const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
           res.should.eq(
             false,
             `Bytecode containing invalid CALL using ${opcode.name} to set value should have failed!`
@@ -442,7 +442,7 @@ describe('Purity Checker', () => {
           bytecode += '11'.repeat(32) //PUSH32 0x11...11
           // CALL
           bytecode += Opcode.CALL.code.toString('hex')
-          const res: boolean = await purityChecker.isBytecodePure(bytecode)
+          const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
           res.should.eq(
             false,
             `Bytecode containing invalid CALL using ${opcode.name} to set value should have failed!`
@@ -462,7 +462,7 @@ describe('Purity Checker', () => {
         bytecode += '11'.repeat(32) //PUSH32 0x11...11
         // CALL
         bytecode += Opcode.CALL.code.toString('hex')
-        const res: boolean = await purityChecker.isBytecodePure(bytecode)
+        const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
         res.should.eq(
           false,
           `Bytecode containing invalid CALL PUSH1ing non-zero value should have failed!`
@@ -481,7 +481,7 @@ describe('Purity Checker', () => {
         bytecode += '11'.repeat(32) //PUSH32 0x11...11
         // CALL
         bytecode += Opcode.CALL.code.toString('hex')
-        const res: boolean = await purityChecker.isBytecodePure(bytecode)
+        const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
         res.should.eq(
           false,
           `Bytecode containing invalid CALL PUSH20ing non-Execution Manager address should have failed!`
@@ -497,7 +497,7 @@ describe('Purity Checker', () => {
         bytecode += '11'.repeat(32) //PUSH32 0x11...11
         // CALL
         bytecode += Opcode.CALL.code.toString('hex')
-        const res: boolean = await purityChecker.isBytecodePure(bytecode)
+        const res: boolean = await safetyChecker.isBytecodeSafe(bytecode)
         res.should.eq(
           false,
           `Bytecode containing invalid CALL with only two preceding opcodes should have failed!`
diff --git a/packages/ovm/test/contracts/whitelist-mask-generator.spec.ts b/packages/ovm/test/contracts/whitelist-mask-generator.spec.ts
index 92218ebb3ebc..b7e7ccc02a3c 100644
--- a/packages/ovm/test/contracts/whitelist-mask-generator.spec.ts
+++ b/packages/ovm/test/contracts/whitelist-mask-generator.spec.ts
@@ -38,7 +38,7 @@ describe('generates whitelist masks -- this is a util, not a test', () => {
   it('does the thing', () => {
     // Produces a hex number of 256 bits where each bit represents an
     // opcode, 0 - 255, which is set if whitelisted and unset otherwise.
-    // Useful for the PurityChecker contract.
+    // Useful for the SafetyChecker  contract.
     console.log(
       `WHITELISTED OPCODES: ${whitelistedOpcodes.map((x) => x.name).join(',')}`
     )
diff --git a/packages/rollup-full-node/config/env_var_updates.config b/packages/rollup-full-node/config/env_var_updates.config
new file mode 100644
index 000000000000..e229117a8f1b
--- /dev/null
+++ b/packages/rollup-full-node/config/env_var_updates.config
@@ -0,0 +1,16 @@
+# This file will be read on occasion from the LIVE process and variables and values
+# listed here will be set in the process.env. It is intended to be used to override
+# existing environment variables without restarting the process if they need to be overridden.
+
+# Note: Any lines that start with # will be ignored
+# set the value to $DELETE$ to clear any set value it may have.
+
+#DUMMY_ENV_VAR=somevalue
+
+# REQUEST_LIMIT_PERIOD_MILLIS=
+# MAX_TRANSACTIONS_PER_UNIT_TIME=
+# MAX_NON_TRANSACTION_REQUESTS_PER_UNIT_TIME=
+
+# CONTRACT_DEPLOYER_ADDRESS=
+# COMMA_SEPARATED_TO_ADDRESS_WHITELIST=
+# COMMA_SEPARATED_RATE_LIMIT_WHITELISTED_IPS=
diff --git a/packages/rollup-full-node/src/app/account-rate-limiter.ts b/packages/rollup-full-node/src/app/account-rate-limiter.ts
index 497e670ddb8c..63e9a9edf438 100644
--- a/packages/rollup-full-node/src/app/account-rate-limiter.ts
+++ b/packages/rollup-full-node/src/app/account-rate-limiter.ts
@@ -1,5 +1,9 @@
 /* External imports */
-import { getLogger, TimeBucketedCounter } from '@eth-optimism/core-utils'
+import {
+  getLogger,
+  logError,
+  TimeBucketedCounter,
+} from '@eth-optimism/core-utils'
 
 /* Internal imports */
 import {
@@ -7,6 +11,7 @@ import {
   RateLimitError,
   TransactionLimitError,
 } from '../types'
+import { Environment } from './util'
 
 const log = getLogger('routing-handler')
 
@@ -30,10 +35,11 @@ export class DefaultAccountRateLimiter implements AccountRateLimiter {
   private readonly requestingAddressesSinceLastPurge: Set<string>
 
   constructor(
-    private readonly maxRequestsPerTimeUnit,
-    private readonly maxTransactionsPerTimeUnit,
-    private readonly requestLimitPeriodInMillis,
-    private purgeIntervalMultiplier: number = 1_000
+    private maxRequestsPerTimeUnit,
+    private maxTransactionsPerTimeUnit,
+    private requestLimitPeriodInMillis,
+    purgeIntervalMultiplier: number = 1_000,
+    variableRefreshRateMillis = 300_000
   ) {
     this.requestingIpsSinceLastPurge = new Set<string>()
     this.requestingAddressesSinceLastPurge = new Set<string>()
@@ -48,6 +54,10 @@ export class DefaultAccountRateLimiter implements AccountRateLimiter {
     setInterval(() => {
       this.purgeStale(true)
     }, this.requestLimitPeriodInMillis * (purgeIntervalMultiplier + 5))
+
+    setInterval(() => {
+      this.refreshVariables()
+    }, variableRefreshRateMillis)
   }
 
   /**
@@ -67,7 +77,10 @@ export class DefaultAccountRateLimiter implements AccountRateLimiter {
     this.requestingIpsSinceLastPurge.add(sourceIpAddress)
 
     const numRequests = this.ipToRequestCounter.get(sourceIpAddress).increment()
-    if (numRequests > this.maxRequestsPerTimeUnit) {
+    if (
+      this.maxRequestsPerTimeUnit !== undefined &&
+      numRequests > this.maxRequestsPerTimeUnit
+    ) {
       throw new RateLimitError(
         sourceIpAddress,
         numRequests,
@@ -94,7 +107,10 @@ export class DefaultAccountRateLimiter implements AccountRateLimiter {
     this.requestingAddressesSinceLastPurge.add(address)
 
     const numRequests = this.addressToRequestCounter.get(address).increment()
-    if (numRequests > this.maxRequestsPerTimeUnit) {
+    if (
+      this.maxTransactionsPerTimeUnit !== undefined &&
+      numRequests > this.maxTransactionsPerTimeUnit
+    ) {
       throw new TransactionLimitError(
         address,
         numRequests,
@@ -127,4 +143,48 @@ export class DefaultAccountRateLimiter implements AccountRateLimiter {
     })
     set.clear()
   }
+
+  /**
+   * Refreshes configured member variables from updated Environment Variables.
+   */
+  private refreshVariables(): void {
+    try {
+      const envPeriod = Environment.requestLimitPeriodMillis()
+      if (this.requestLimitPeriodInMillis !== envPeriod) {
+        const prevVal = this.requestLimitPeriodInMillis
+        this.requestLimitPeriodInMillis = envPeriod
+        this.ipToRequestCounter.clear()
+        this.addressToRequestCounter.clear()
+        this.requestingIpsSinceLastPurge.clear()
+        this.requestingAddressesSinceLastPurge.clear()
+        log.info(
+          `Updated Rate Limit time period from ${prevVal} to ${this.requestLimitPeriodInMillis} millis`
+        )
+      }
+
+      const envRequestLimit = Environment.maxNonTransactionRequestsPerUnitTime()
+      if (this.maxRequestsPerTimeUnit !== envRequestLimit) {
+        const prevVal = this.maxRequestsPerTimeUnit
+        this.maxRequestsPerTimeUnit = envRequestLimit
+        log.info(
+          `Updated Max Requests Per unit time value from ${prevVal} to ${this.maxRequestsPerTimeUnit}`
+        )
+      }
+
+      const envTxLimit = Environment.maxTransactionsPerUnitTime()
+      if (!!envTxLimit && this.maxTransactionsPerTimeUnit !== envTxLimit) {
+        const prevVal = this.maxTransactionsPerTimeUnit
+        this.maxTransactionsPerTimeUnit = envTxLimit
+        log.info(
+          `Updated Max Transactions Per unit time value from ${prevVal} to ${this.maxTransactionsPerTimeUnit}`
+        )
+      }
+    } catch (e) {
+      logError(
+        log,
+        `Error updating rate limiter variables from environment variables`,
+        e
+      )
+    }
+  }
 }
diff --git a/packages/rollup-full-node/src/app/routing-handler.ts b/packages/rollup-full-node/src/app/routing-handler.ts
index 3335247304dd..37db8ec7870d 100644
--- a/packages/rollup-full-node/src/app/routing-handler.ts
+++ b/packages/rollup-full-node/src/app/routing-handler.ts
@@ -1,6 +1,7 @@
 /* External Imports */
 import { Address } from '@eth-optimism/rollup-core'
 import {
+  areEqual,
   getLogger,
   isJsonRpcErrorResponse,
   JsonRpcErrorResponse,
@@ -22,6 +23,7 @@ import {
   Web3RpcMethods,
   web3RpcMethodsExcludingTest,
 } from '../types'
+import { Environment } from './util'
 
 const log = getLogger('routing-handler')
 
@@ -47,14 +49,19 @@ export class RoutingHandler implements FullnodeHandler {
   constructor(
     private readonly transactionClient: SimpleClient,
     private readonly readOnlyClient: SimpleClient,
-    private readonly deployAddress: Address,
+    private deployAddress: Address,
     private readonly accountRateLimiter: AccountRateLimiter,
-    private readonly rateLimiterWhitelistedIps: string[] = [],
-    private readonly toAddressWhitelist: Address[] = [],
+    private rateLimiterWhitelistedIps: string[] = [],
+    private toAddressWhitelist: Address[] = [],
     private readonly whitelistedMethods: Set<string> = new Set<string>(
       web3RpcMethodsExcludingTest
-    )
-  ) {}
+    ),
+    variableRefreshRateMillis = 300_000
+  ) {
+    setInterval(() => {
+      this.refreshVariables()
+    }, variableRefreshRateMillis)
+  }
 
   /**
    * Handles the provided request by
@@ -155,7 +162,53 @@ export class RoutingHandler implements FullnodeHandler {
     ) {
       throw new InvalidTransactionDesinationError(
         tx.to,
-        this.toAddressWhitelist
+        Array.from(this.toAddressWhitelist)
+      )
+    }
+  }
+
+  /**
+   * Refreshes configured member variables from updated Environment Variables.
+   */
+  private refreshVariables(): void {
+    try {
+      const envToWhitelist = Environment.transactionToAddressWhitelist()
+      if (!areEqual(envToWhitelist.sort(), this.toAddressWhitelist.sort())) {
+        const prevValue = this.toAddressWhitelist
+        this.toAddressWhitelist = envToWhitelist
+        log.info(
+          `Transaction 'to' address whitelist updated from ${JSON.stringify(
+            prevValue
+          )} to ${JSON.stringify(this.toAddressWhitelist)}`
+        )
+      }
+
+      const envIpWhitelist = Environment.rateLimitWhitelistIpAddresses()
+      if (
+        !areEqual(envIpWhitelist.sort(), this.rateLimiterWhitelistedIps.sort())
+      ) {
+        const prevValue = this.rateLimiterWhitelistedIps
+        this.rateLimiterWhitelistedIps = envIpWhitelist
+        log.info(
+          `IP whitelist updated from ${JSON.stringify(
+            prevValue
+          )} to ${JSON.stringify(this.rateLimiterWhitelistedIps)}`
+        )
+      }
+
+      const deployerAddress = Environment.contractDeployerAddress()
+      if (!!deployerAddress && deployerAddress !== this.deployAddress) {
+        const prevValue = this.deployAddress
+        this.deployAddress = deployerAddress
+        log.info(
+          `Deployer address updated from ${prevValue} to ${this.deployAddress}`
+        )
+      }
+    } catch (e) {
+      logError(
+        log,
+        `Error updating router variables from environment variables`,
+        e
       )
     }
   }
diff --git a/packages/rollup-full-node/src/exec/fullnode.ts b/packages/rollup-full-node/src/exec/fullnode.ts
index 7702ce5c12fd..1a8b0370d7de 100644
--- a/packages/rollup-full-node/src/exec/fullnode.ts
+++ b/packages/rollup-full-node/src/exec/fullnode.ts
@@ -9,6 +9,7 @@ import {
 import {
   ExpressHttpServer,
   getLogger,
+  logError,
   Logger,
   SimpleClient,
 } from '@eth-optimism/core-utils'
@@ -135,6 +136,10 @@ const startRoutingServer = async (): Promise<FullnodeContext> => {
   const baseUrl = `http://${Environment.l2RpcServerHost()}:${Environment.l2RpcServerPort()}`
   log.info(`Listening at ${baseUrl}`)
 
+  setInterval(() => {
+    updateEnvironmentVariables('/server/env_var_updates.config')
+  }, 179_000)
+
   return {
     fullnodeHandler: undefined,
     fullnodeRpcServer,
@@ -341,6 +346,76 @@ const getL1ToL2TransactionProcessor = async (
   return l1ToL2TransactionProcessor
 }
 
+/**
+ * Updates process environment variables from provided update file
+ * if any variables are updated.
+ *
+ * @param updateFilePath The path to the file from which to read env var updates.
+ */
+const updateEnvironmentVariables = (updateFilePath: string) => {
+  try {
+    fs.readFile(updateFilePath, 'utf8', (error, data) => {
+      try {
+        let changesExist: boolean = false
+        if (!!error) {
+          logError(
+            log,
+            `Error reading environment variable updates from ${updateFilePath}`,
+            error
+          )
+          return
+        }
+
+        const lines = data.split('\n')
+        for (const rawLine of lines) {
+          if (!rawLine) {
+            continue
+          }
+          const line = rawLine.trim()
+          if (!line || line.startsWith('#')) {
+            continue
+          }
+
+          const varAssignmentSplit = line.split('=')
+          if (varAssignmentSplit.length !== 2) {
+            log.error(
+              `Invalid updated env variable line: ${line}. Expected some_var_name=somevalue`
+            )
+            continue
+          }
+          const deletePlaceholder = '$DELETE$'
+          const key = varAssignmentSplit[0].trim()
+          const value = varAssignmentSplit[1].trim()
+          if (value === deletePlaceholder && !!process.env[key]) {
+            delete process.env[key]
+            log.info(`Updated process.env.${key} to have no value.`)
+            changesExist = true
+          } else if (
+            value !== process.env[key] &&
+            value !== deletePlaceholder
+          ) {
+            process.env[key] = value
+            log.info(`Updated process.env.${key} to have value ${value}.`)
+            changesExist = true
+          }
+        }
+      } catch (e) {
+        logError(
+          log,
+          `Error updating environment variables from ${updateFilePath}`,
+          e
+        )
+      }
+    })
+  } catch (e) {
+    logError(
+      log,
+      `Error updating environment variables from ${updateFilePath}`,
+      e
+    )
+  }
+}
+
 /**
  * Gets the appropriate db for this node to use based on whether or not this is run in test mode.
  *
diff --git a/packages/rollup-full-node/test/app/account-rate-limiter.spec.ts b/packages/rollup-full-node/test/app/account-rate-limiter.spec.ts
index af50254404dc..d75bd0068a97 100644
--- a/packages/rollup-full-node/test/app/account-rate-limiter.spec.ts
+++ b/packages/rollup-full-node/test/app/account-rate-limiter.spec.ts
@@ -1,5 +1,5 @@
 /* External Imports */
-import { TestUtils } from '@eth-optimism/core-utils'
+import { sleep, TestUtils } from '@eth-optimism/core-utils'
 
 import { Wallet } from 'ethers'
 
@@ -19,7 +19,13 @@ describe('Account Rate Limiter', () => {
   let accountRateLimiter: AccountRateLimiter
 
   beforeEach(() => {
-    accountRateLimiter = new DefaultAccountRateLimiter(1, 1, 10_000)
+    accountRateLimiter = new DefaultAccountRateLimiter(
+      1,
+      1,
+      1_000,
+      1_000,
+      1_000
+    )
   })
 
   it('does not rate limit transactions if in range', () => {
@@ -34,7 +40,7 @@ describe('Account Rate Limiter', () => {
     accountRateLimiter.validateRateLimit(ipTwo)
   })
 
-  it('rate limits transactions if outside of range', () => {
+  it('rate limits transactions if outside of range', async () => {
     // Should not throw
     accountRateLimiter.validateTransactionRateLimit(addressOne)
     TestUtils.assertThrows(() => {
@@ -43,9 +49,13 @@ describe('Account Rate Limiter', () => {
 
     // Should not throw
     accountRateLimiter.validateTransactionRateLimit(addressTwo)
+
+    await sleep(1_050)
+    // should not throw anymore
+    accountRateLimiter.validateTransactionRateLimit(addressOne)
   })
 
-  it('rate limits requests if outside of range', () => {
+  it('rate limits requests if outside of range', async () => {
     // Should not throw
     accountRateLimiter.validateRateLimit(ipOne)
     TestUtils.assertThrows(() => {
@@ -54,5 +64,239 @@ describe('Account Rate Limiter', () => {
 
     // Should not throw
     accountRateLimiter.validateRateLimit(ipTwo)
+
+    await sleep(1_050)
+    // should not throw anymore
+    accountRateLimiter.validateRateLimit(ipOne)
+  })
+
+  describe('Environment Variable Refresh -- no change', () => {
+    beforeEach(() => {
+      process.env.REQUEST_LIMIT_PERIOD_MILLIS = '1000'
+      process.env.MAX_TRANSACTIONS_PER_UNIT_TIME = '1'
+      process.env.MAX_NON_TRANSACTION_REQUESTS_PER_UNIT_TIME = '1'
+    })
+    afterEach(() => {
+      delete process.env.REQUEST_LIMIT_PERIOD_MILLIS
+      delete process.env.MAX_TRANSACTIONS_PER_UNIT_TIME
+      delete process.env.MAX_NON_TRANSACTION_REQUESTS_PER_UNIT_TIME
+    })
+
+    it('post-refresh: does not rate limit transactions if in range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateTransactionRateLimit(addressOne)
+      accountRateLimiter.validateTransactionRateLimit(addressTwo)
+    })
+
+    it('post-refresh: does not rate limit requests if in range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateRateLimit(ipOne)
+      accountRateLimiter.validateRateLimit(ipTwo)
+    })
+
+    it('post-refresh: rate limits transactions if outside of range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateTransactionRateLimit(addressOne)
+      TestUtils.assertThrows(() => {
+        accountRateLimiter.validateTransactionRateLimit(addressOne)
+      }, TransactionLimitError)
+
+      // Should not throw
+      accountRateLimiter.validateTransactionRateLimit(addressTwo)
+
+      await sleep(1_050)
+      // should not throw anymore
+      accountRateLimiter.validateTransactionRateLimit(addressOne)
+    })
+
+    it('post-refresh: rate limits requests if outside of range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateRateLimit(ipOne)
+      TestUtils.assertThrows(() => {
+        accountRateLimiter.validateRateLimit(ipOne)
+      }, RateLimitError)
+
+      // Should not throw
+      accountRateLimiter.validateRateLimit(ipTwo)
+
+      await sleep(1_050)
+      // should not throw anymore
+      accountRateLimiter.validateRateLimit(ipOne)
+    })
+  })
+
+  describe('Environment Variable Refresh -- duration increased', () => {
+    beforeEach(() => {
+      process.env.REQUEST_LIMIT_PERIOD_MILLIS = '3000'
+      process.env.MAX_TRANSACTIONS_PER_UNIT_TIME = '1'
+      process.env.MAX_NON_TRANSACTION_REQUESTS_PER_UNIT_TIME = '1'
+    })
+    afterEach(() => {
+      delete process.env.REQUEST_LIMIT_PERIOD_MILLIS
+      delete process.env.MAX_TRANSACTIONS_PER_UNIT_TIME
+      delete process.env.MAX_NON_TRANSACTION_REQUESTS_PER_UNIT_TIME
+    })
+
+    it('post-refresh: does not rate limit transactions if in range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateTransactionRateLimit(addressOne)
+      accountRateLimiter.validateTransactionRateLimit(addressTwo)
+    })
+
+    it('post-refresh: does not rate limit requests if in range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateRateLimit(ipOne)
+      accountRateLimiter.validateRateLimit(ipTwo)
+    })
+
+    it('post-refresh: rate limits transactions if outside of range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateTransactionRateLimit(addressOne)
+      TestUtils.assertThrows(() => {
+        accountRateLimiter.validateTransactionRateLimit(addressOne)
+      }, TransactionLimitError)
+
+      // Should not throw
+      accountRateLimiter.validateTransactionRateLimit(addressTwo)
+
+      await sleep(1_050)
+      // should still throw
+      TestUtils.assertThrows(() => {
+        accountRateLimiter.validateTransactionRateLimit(addressOne)
+      }, TransactionLimitError)
+    })
+
+    it('post-refresh: rate limits requests if outside of range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateRateLimit(ipOne)
+      TestUtils.assertThrows(() => {
+        accountRateLimiter.validateRateLimit(ipOne)
+      }, RateLimitError)
+
+      // Should not throw
+      accountRateLimiter.validateRateLimit(ipTwo)
+
+      await sleep(1_050)
+      // should still throw
+      TestUtils.assertThrows(() => {
+        accountRateLimiter.validateRateLimit(ipOne)
+      }, RateLimitError)
+    })
+  })
+
+  describe('Environment Variable Refresh -- tx limit increased', () => {
+    beforeEach(() => {
+      process.env.REQUEST_LIMIT_PERIOD_MILLIS = '1000'
+      process.env.MAX_TRANSACTIONS_PER_UNIT_TIME = '2'
+      process.env.MAX_NON_TRANSACTION_REQUESTS_PER_UNIT_TIME = '1'
+    })
+    afterEach(() => {
+      delete process.env.REQUEST_LIMIT_PERIOD_MILLIS
+      delete process.env.MAX_TRANSACTIONS_PER_UNIT_TIME
+      delete process.env.MAX_NON_TRANSACTION_REQUESTS_PER_UNIT_TIME
+    })
+
+    it('post-refresh: does not rate limit transactions if in range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateTransactionRateLimit(addressOne)
+      accountRateLimiter.validateTransactionRateLimit(addressOne)
+      accountRateLimiter.validateTransactionRateLimit(addressTwo)
+      accountRateLimiter.validateTransactionRateLimit(addressTwo)
+    })
+
+    it('post-refresh: does not rate limit requests if in range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateRateLimit(ipOne)
+      accountRateLimiter.validateRateLimit(ipTwo)
+    })
+
+    it('post-refresh: rate limits transactions if outside of range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateTransactionRateLimit(addressOne)
+      accountRateLimiter.validateTransactionRateLimit(addressOne)
+      TestUtils.assertThrows(() => {
+        accountRateLimiter.validateTransactionRateLimit(addressOne)
+      }, TransactionLimitError)
+
+      // Should not throw
+      accountRateLimiter.validateTransactionRateLimit(addressTwo)
+    })
+
+    it('post-refresh: rate limits requests if outside of range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateRateLimit(ipOne)
+      TestUtils.assertThrows(() => {
+        accountRateLimiter.validateRateLimit(ipOne)
+      }, RateLimitError)
+
+      // Should not throw
+      accountRateLimiter.validateRateLimit(ipTwo)
+    })
+  })
+
+  describe('Environment Variable Refresh -- request limit increased', () => {
+    beforeEach(() => {
+      process.env.REQUEST_LIMIT_PERIOD_MILLIS = '1000'
+      process.env.MAX_TRANSACTIONS_PER_UNIT_TIME = '1'
+      process.env.MAX_NON_TRANSACTION_REQUESTS_PER_UNIT_TIME = '2'
+    })
+    afterEach(() => {
+      delete process.env.REQUEST_LIMIT_PERIOD_MILLIS
+      delete process.env.MAX_TRANSACTIONS_PER_UNIT_TIME
+      delete process.env.MAX_NON_TRANSACTION_REQUESTS_PER_UNIT_TIME
+    })
+
+    it('post-refresh: does not rate limit transactions if in range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateTransactionRateLimit(addressOne)
+      accountRateLimiter.validateTransactionRateLimit(addressTwo)
+    })
+
+    it('post-refresh: does not rate limit requests if in range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateRateLimit(ipOne)
+      accountRateLimiter.validateRateLimit(ipOne)
+      accountRateLimiter.validateRateLimit(ipTwo)
+      accountRateLimiter.validateRateLimit(ipTwo)
+    })
+
+    it('post-refresh: rate limits transactions if outside of range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateTransactionRateLimit(addressOne)
+      TestUtils.assertThrows(() => {
+        accountRateLimiter.validateTransactionRateLimit(addressOne)
+      }, TransactionLimitError)
+
+      // Should not throw
+      accountRateLimiter.validateTransactionRateLimit(addressTwo)
+    })
+
+    it('post-refresh: rate limits requests if outside of range', async () => {
+      await sleep(2_000)
+      // Should not throw
+      accountRateLimiter.validateRateLimit(ipOne)
+      accountRateLimiter.validateRateLimit(ipOne)
+      TestUtils.assertThrows(() => {
+        accountRateLimiter.validateRateLimit(ipOne)
+      }, RateLimitError)
+
+      // Should not throw
+      accountRateLimiter.validateRateLimit(ipTwo)
+    })
   })
 })
diff --git a/packages/rollup-full-node/test/app/routing-handler.spec.ts b/packages/rollup-full-node/test/app/routing-handler.spec.ts
index 4bdda94621ca..a8836f79b887 100644
--- a/packages/rollup-full-node/test/app/routing-handler.spec.ts
+++ b/packages/rollup-full-node/test/app/routing-handler.spec.ts
@@ -1,10 +1,12 @@
 /* External Imports */
 import {
+  add0x,
   JsonRpcError,
   JsonRpcErrorResponse,
   JsonRpcResponse,
   JsonRpcSuccessResponse,
   SimpleClient,
+  sleep,
   TestUtils,
 } from '@eth-optimism/core-utils'
 /* Internal Imports */
@@ -67,6 +69,9 @@ const getSignedTransaction = async (
   })
 }
 
+const whitelistedIpAddress = '9.9.9.9'
+const whitelistedIpAddress2 = '8.8.8.8'
+
 const transactionResponse = 'transaction'
 const readOnlyResponse = 'read only'
 const transactionResponsePayload: JsonRpcSuccessResponse = {
@@ -120,8 +125,6 @@ describe('Routing Handler', () => {
     let rateLimiter: DummyRateLimiter
     let routingHandler: RoutingHandler
 
-    const whitelistedIpAddress = '9.9.9.9'
-
     beforeEach(() => {
       rateLimiter = new DummyRateLimiter()
       routingHandler = new RoutingHandler(
@@ -240,7 +243,7 @@ describe('Routing Handler', () => {
       }, InvalidTransactionDesinationError)
     })
 
-    it('allows transactions to the whitelisted address from deployer address', async () => {
+    it('allows transactions to any address from deployer address', async () => {
       // Should not throw
       await routingHandler.handleRequest(
         Web3RpcMethods.sendRawTransaction,
@@ -290,6 +293,198 @@ describe('Routing Handler', () => {
     })
   })
 
+  describe('Environment variable refresh', () => {
+    let routingHandler: RoutingHandler
+    let rateLimiter: DummyRateLimiter
+    const whitelistedTo: string = add0x(Wallet.createRandom().address)
+
+    beforeEach(() => {
+      rateLimiter = new DummyRateLimiter()
+      routingHandler = new RoutingHandler(
+        new DummySimpleClient(transactionResponsePayload),
+        new DummySimpleClient(readOnlyPayload),
+        '',
+        rateLimiter,
+        ['0.0.0.0'],
+        [whitelistedTo],
+        new Set<string>([
+          Web3RpcMethods.sendRawTransaction,
+          Web3RpcMethods.networkVersion,
+        ]),
+        1_000
+      )
+    })
+
+    describe('Contract deployer address', () => {
+      let deployerWallet: Wallet
+      beforeEach(() => {
+        deployerWallet = Wallet.createRandom()
+        process.env.CONTRACT_DEPLOYER_ADDRESS = add0x(deployerWallet.address)
+        process.env.COMMA_SEPARATED_RATE_LIMIT_WHITELISTED_IPS = '0.0.0.0'
+        process.env.COMMA_SEPARATED_TO_ADDRESS_WHITELIST = whitelistedTo
+      })
+      afterEach(() => {
+        delete process.env.CONTRACT_DEPLOYER_ADDRESS
+        delete process.env.COMMA_SEPARATED_RATE_LIMIT_WHITELISTED_IPS
+        delete process.env.COMMA_SEPARATED_TO_ADDRESS_WHITELIST
+      })
+
+      it('allows transactions any address from deployer address', async () => {
+        await sleep(1100)
+        // Should not throw
+        await routingHandler.handleRequest(
+          Web3RpcMethods.sendRawTransaction,
+          [
+            await getSignedTransaction(
+              Wallet.createRandom().address,
+              deployerWallet
+            ),
+          ],
+          ''
+        )
+      })
+
+      it('disallows transactions to any address from non-deployer address', async () => {
+        await sleep(1100)
+
+        await TestUtils.assertThrowsAsync(async () => {
+          return routingHandler.handleRequest(
+            Web3RpcMethods.sendRawTransaction,
+            [await getSignedTransaction()],
+            ''
+          )
+        }, InvalidTransactionDesinationError)
+      })
+    })
+
+    describe('To address whitelist', () => {
+      let toAddress1: string
+      let toAddress2: string
+      beforeEach(() => {
+        toAddress1 = add0x(Wallet.createRandom().address)
+        toAddress2 = add0x(Wallet.createRandom().address)
+        process.env.COMMA_SEPARATED_TO_ADDRESS_WHITELIST = [
+          toAddress1,
+          toAddress2,
+        ].join(',')
+
+        process.env.COMMA_SEPARATED_RATE_LIMIT_WHITELISTED_IPS = '0.0.0.0'
+      })
+      afterEach(() => {
+        delete process.env.COMMA_SEPARATED_TO_ADDRESS_WHITELIST
+        delete process.env.COMMA_SEPARATED_RATE_LIMIT_WHITELISTED_IPS
+      })
+
+      it('allows transactions to whitelisted addresses', async () => {
+        await sleep(1100)
+        // Should not throw
+        await routingHandler.handleRequest(
+          Web3RpcMethods.sendRawTransaction,
+          [await getSignedTransaction(toAddress1)],
+          ''
+        )
+
+        await routingHandler.handleRequest(
+          Web3RpcMethods.sendRawTransaction,
+          [await getSignedTransaction(toAddress2)],
+          ''
+        )
+      })
+
+      it('disallows transactions to non-whitelisted address', async () => {
+        await sleep(1100)
+        await TestUtils.assertThrowsAsync(async () => {
+          await routingHandler.handleRequest(
+            Web3RpcMethods.sendRawTransaction,
+            [await getSignedTransaction(whitelistedTo)],
+            ''
+          )
+        }, InvalidTransactionDesinationError)
+      })
+    })
+
+    describe('Rate limit whitelisted IPs', () => {
+      beforeEach(() => {
+        process.env.COMMA_SEPARATED_RATE_LIMIT_WHITELISTED_IPS = [
+          whitelistedIpAddress,
+          whitelistedIpAddress2,
+        ].join(',')
+
+        process.env.COMMA_SEPARATED_TO_ADDRESS_WHITELIST = whitelistedTo
+      })
+      afterEach(() => {
+        delete process.env.COMMA_SEPARATED_RATE_LIMIT_WHITELISTED_IPS
+        delete process.env.COMMA_SEPARATED_TO_ADDRESS_WHITELIST
+      })
+
+      it('lets transactions through when not limited', async () => {
+        await sleep(1100)
+        // This should not throw
+        await routingHandler.handleRequest(
+          Web3RpcMethods.sendRawTransaction,
+          [await getSignedTransaction(whitelistedTo)],
+          ''
+        )
+      })
+
+      it('does not let transactions through when limited', async () => {
+        await sleep(1100)
+        rateLimiter.limitNextTransaction = true
+        await TestUtils.assertThrowsAsync(async () => {
+          return routingHandler.handleRequest(
+            Web3RpcMethods.sendRawTransaction,
+            [await getSignedTransaction(whitelistedTo)],
+            ''
+          )
+        }, TransactionLimitError)
+      })
+
+      it('lets transactions through when limited and whitelisted', async () => {
+        await sleep(1100)
+        rateLimiter.limitNextTransaction = true
+        // This should not throw
+        await routingHandler.handleRequest(
+          Web3RpcMethods.sendRawTransaction,
+          [await getSignedTransaction(whitelistedTo)],
+          whitelistedIpAddress
+        )
+      })
+
+      it('lets requests through when not limited', async () => {
+        await sleep(1100)
+        // This should not throw
+        await routingHandler.handleRequest(
+          Web3RpcMethods.networkVersion,
+          [],
+          ''
+        )
+      })
+
+      it('does not let requests through when limited', async () => {
+        await sleep(1100)
+        rateLimiter.limitNextRequest = true
+        await TestUtils.assertThrowsAsync(async () => {
+          return routingHandler.handleRequest(
+            Web3RpcMethods.networkVersion,
+            [],
+            ''
+          )
+        }, RateLimitError)
+      })
+
+      it('lets requests through when limited and whitelisted', async () => {
+        await sleep(1100)
+        rateLimiter.limitNextRequest = true
+        // This should not throw
+        await routingHandler.handleRequest(
+          Web3RpcMethods.networkVersion,
+          [],
+          whitelistedIpAddress
+        )
+      })
+    })
+  })
+
   describe('Formatted JSON RPC Responses', () => {
     let routingHandler: RoutingHandler