Donate to L2BEAT's Gitcoin grant. A new matching round has just started!

Arbitrum logoArbitrum

TVL: $2.45 B

-8.60% / 7 days

...

...

Tokens:

News

Description[Edit][Issue]

Arbitrum is an Optimistic Rollup that aims to feel exactly like interacting with Ethereum, but with transactions costing a fraction of what they do on L1.

Risk summary

Technology

Fraud proofs ensure state correctness[Edit][Issue]

After some period of time, the published state root is assumed to be correct. For a certain time period, usually one week one of the whitelisted actors can submit a fraud proof that shows that the state was incorrect.[1][2]

  • Funds can be stolen if none of the whitelisted verifiers checks the published state. Fraud proofs assume at least one honest and able validator (CRITICAL).

All transaction data is recorded on chain[Edit][Issue]

All executed transactions are submitted to an on chain smart contract. The execution of the rollup is based entirely on the submitted transactions, so anyone monitoring the contract can know the correct state of the rollup chain.[3]

    Operator

    The system has a centralized sequencer[Edit][Issue]

    While proposing blocks is open to anyone the system employs a privileged sequencer that has priority for submitting transaction batches and ordering transactions.[4][5]

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

    Users can force any transaction[Edit][Issue]

    Because the state of the system is based on transactions submitted on-chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract directly.[3]

      Withdrawals

      Regular exit[Edit][Issue]

      The user initiates the withdrawal by submitting a transaction on L2. When the block containing that transaction is finalized the funds become available for withdrawal on L1. The process of block finalization usually takes several days to complete. Finally the user submits an L1 transaction to claim the funds. This transaction requires a merkle proof.[7][8]

      • Funds can be frozen if the centralized validator goes down. Users cannot produce blocks themselves and exiting the system requires new block production (CRITICAL).[6]

      Tradeable Bridge Exit[Edit][Issue]

      When a user initiates a regular withdrawal a third party verifying the chain can offer to buy this withdrawal by paying the user on L1. The user will get the funds immediately, however the third party has to wait for the block to be finalized. This is implemented as a first party functionality inside Arbitrum's token bridge.[9]

        Other considerations

        EVM compatible smart contracts are supported[Edit][Issue]

        Arbitrum uses the Arbitrum Virtual Machine (AVM) to execute transactions. This is similar to the EVM, but is independent from it and allows fraud proofs to be executed.[10]

        • Funds can be lost if there are mistakes in the highly complex AVM implementation.

        Smart Contracts[Edit][Issue]

        The system consists of the following smart contracts:

        The current deployment carries some associated risks:

        • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

        References

        1. Executing and Securing the Chain - Arbitrum documentation
        2. Note: onlyValidator modifier
        3. Submitting Transactions - Arbitrum documentation
        4. Validators - Arbitrum documentation
        5. If the sequencer is malicious - Arbitrum documentation
        6. Mainnet for everyone - Arbitrum Blog
        7. L2 to L1 Messages Lifecycle - Arbitrum documentation
        8. Rules for Confirming or Rejecting Rollup Blocks - Arbitrum documentation
        9. Tradeable Bridge Exits - Arbitrum documentation
        10. AVM - Arbitrum documentation