Donate to L2BEAT's Gitcoin grant. A new matching round has just started!

Boba Network logoBoba Network

TVL: $889 M

-35.60% / 7 days






Boba is an L2 Ethereum scaling & augmenting solution built by the Enya team as core contributors to the OMG Foundation. Boba is an Optimistic Rollup scaling solution that claims to reduce gas fees, improve transaction throughput, and extend the capabilities of smart contracts.

Risk summary


Fraud proofs are in development[Edit][Issue]

Ultimately Boba Network will use fraud proofs to enforce state correctness. This feature is currently in development and the system permits invalid state roots. Users have the ability to run a validator software and compute valid state roots locally, but cannot act on them on chain.[1][2]

  • Funds can be stolen if an invalid state root is submitted to the system.

All transaction data is recorded on chain[Edit][Issue]

All executed transactions are submitted to an on chain smart contract. The execution of the rollup is based entirely on the submitted transactions, so anyone monitoring the contract can know the correct state of the rollup chain.[3][4]


    The system has a centralized sequencer[Edit][Issue]

    While proposing blocks is open to anyone the system employs a privileged sequencer that has priority for submitting transaction batches and ordering transactions.[5]

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

    Users can force any transaction[Edit][Issue]

    Because the state of the system is based on transactions submitted on-chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract directly.[4]


      Regular exit[Edit][Issue]

      The user initiates the withdrawal by submitting a transaction on L2. When the block containing that transaction is finalized the funds become available for withdrawal on L1. The process of block finalization usually takes several days to complete. Finally the user submits an L1 transaction to claim the funds. This transaction requires a merkle proof.[6]

      • Funds can be frozen if the centralized validator goes down. Users cannot produce blocks themselves and exiting the system requires new block production (CRITICAL).

      Fast exit[Edit][Issue]

      Users can initiate a fast exit which makes use of liquidity pools, and charges a small fee for the convenience. Users funds can then be withdrawn on L1 after only minutes.[7]

        Other considerations

        EVM compatible smart contracts are supported[Edit][Issue]

        Boba Network uses the Optimistic Virtual Machine (OVM) to execute transactions. This is similar to the EVM, but is independent from it and allows fraud proofs to be executed.[8]

        • Funds can be lost if there are mistakes in the highly complex OVM implementation.

        Smart Contracts[Edit][Issue]

        The system consists of the following smart contracts:

        The current deployment carries some associated risks:

        • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).


        1. The incentive contract for verification proofs is disabled - Boba FAQ
        2. Checking Boba Mainnet for Fraud - Boba Optimism repository
        3. Data Availability Batches - Paradigm Research
        4. Canonical Transaction Chain - Boba documentation
        5. Boba operates the only "Sequencer" node - Boba FAQ
        6. The Standard Bridge - Boba documentation
        7. The LP Bridge - Boba documentation
        8. Execution Contracts - Learn more about the Boba Network execution contracts