We do the research, you get the alpha!
Get exclusive reports and access to key insights on airdrops, NFTs, and more! Subscribe now to Alpha Reports and up your game!
Go to Alpha Reports
The on-chain competition is always watching, but sometimes it will be compelled to help.
Offchain Labs, the core team behind the Ethereum layer-2 scaling network Arbitrum, recently uncovered several security issues in a testnet version of Optimism, a separate Ethereum layer-2 scaling network created by OP Labs.
After fixes were implemented, the issues were detailed Friday in a blog post published by Offchain Labs co-founder Ed Felton. As the potential vulnerability was found in Optimism’s system for contesting potentially fraudulent transactions, it could have been seized on by bad actors, Felton explained.
“We believe that if your current protocol were deployed on mainnet, it would put user funds at very high risk,” Offchain Labs said it told OP Labs in a late March message, adding that “example exploit code” had been included for informational purposes.
Arbitrum and Optimism are so-called Ethereum rollups, intended to offer lower transaction costs for users by bundling batches of transactions together and then relaying them to Ethereum in a processed form. Within that class of scaling solutions, both layer-2s are categorized as “optimistic” rollups, which assume all transactions they process are legitimate.
To prevent bad actors from abusing the optimistic nature of Arbitrum and Optimism, both networks utilize fraud proofs. Effectively, the security model gives network participants a window to challenge transactions and check their validity through a rules-based process.
The issues identified by Offchain Labs pertained to the time alloted for participants to “make a move” to contest transactions through Optimism’s fraud prevention system. By abusing that timing to their advantage, a bad actor could have tricked the system into accepting a fraudulent chain history, or to prevent it from accepting the correct chain history, according to Felton’s post.
“The OP protocol as originally deployed on testnet was susceptible to traitor attacks of this type because it allowed a traitor to get time credit it didn’t deserve,” he explained. “The result was that the fraud proof system didn’t improve security guarantees.”
Offchain Labs’ intervention with Optimism comes as Ethereum layer-2s continue to make new use of “blobs.” Introduced in the latest Ethereum upgrade, the data structure allows layer-2s to further save on transaction costs with a dedicated, cheap space for posting data to Ethereum.
From an adoption perspective, Optimism and Arbitrum are two of the largest among Ethereum layer-2s. According to a Dune dashboard, for example, Arbitrum and Optimism handled 1.7 million and 600,000 transactions on Monday, respectively. Meanwhile, Ethereum’s mainnet saw 1.1 million transactions.
Though the security issues could’ve caused headaches for users down the line, nipping them on Optimism’s testnet means that ultimately nobody was impacted. When it comes to layer-2s with comparable architectures looking out for each other, a spokesperson for OP Labs told Decrypt that Offchain Labs’ recent input was still much valued.
“We’re always appreciative when teams take the time to review our testnet code,” the spokesperson said in a statement. “It’s a critical part of the development process.”
Edited by Ryan Ozawa.
Stay on top of crypto news, get daily updates in your inbox.
Source: https://decrypt.co/228318/arbitrum-offchain-labs-optimism-vulnerability