Layer2.Finance

Website	layer2.finance
App	app.l2.finance
Documentation	docs.l2.finance
Repository	github.com/celer-network/layer2-finance-contracts
Social	discord.gg celernetwork @CelerNetwork

Description

Currently the TVL is calculated incorrectly, because it does not take assets locked in DeFi into account.

Layer2.Finance aims to democratize access to DeFi protocols for everyone. Users can aggregate their DeFi usage and save on Ethereum fees.

If you find something wrong on this page you can submit an issue or edit the information.

Risk Analysis

Sequencer failureState validationData availabilityUpgradeabilityProposer failure

State validation

Fraud proofs (1R)

Fraud proofs allow actors watching the chain to prove that the state is incorrect. Single round proofs (1R) only require a single transaction to resolve.

Data availability

On chain

All of the data needed for proof construction is published on chain.

Upgradeability

The code that secures the system can never change.

Sequencer failure

No mechanism

There is no mechanism to have transactions be included if the sequencer is down or censoring.

Proposer failure

Cannot withdraw

Only the whitelisted proposers can publish L2 state roots on L1, so in the event of failure the withdrawals are frozen.

After some period of time, the published state root is assumed to be correct. For a certain time period, usually one week anyone can submit a fraud proof that shows that the state was incorrect. Unfortunately in case of Layer2.Finance only some fraud proofs revert blocks and every successful fraud proof pauses the contract requiring the owner to unpause.

Funds can be stolen if there is no one that checks the published state. Fraud proofs assume at least one honest and able validator.
Funds can be frozen if the problematic fraud proof mechanism is exploited (CRITICAL).

All data required for proofs is published on chain

All the data that is used to construct the system state is published on chain in the form of cheap calldata. This ensures that it will always be available when needed.

RollupChain.sol#L191 - Layer2.Finance source code

Operator

The system has a centralized operator

The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system.

MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.
Funds can be frozen if the sequencer halts its operations (CRITICAL).

There is no force transaction mechanism

If the users find themselves censored they can do nothing to force the inclusion of their transactions.

Users can be censored if the sequencer refuses to include their transactions (CRITICAL).

RollupChain.sol#L191 - Layer2.Finance source code

Withdrawals

Regular exit

The user initiates the withdrawal by submitting a transaction on L2. When the block containing that transaction is finalized the funds become available for withdrawal on L1. The process of block finalization usually takes several days to complete. Finally the user submits an L1 transaction to claim the funds. This transaction does not require a merkle proof.

Funds can be stolen if the operator does not include user's L2 withdrawal transactions (CRITICAL).

RollupChain.sol#L191 - Layer2.Finance source code

Smart Contracts

The system consists of the following smart contracts:

RollupChain 0xf86F…1A05

This contract stores the following tokens: BUSD, DAI, USDC, USDT, WETH.

TransitionDisputer 0x5D3c…007f

Registry 0xFe81…14a8

The current deployment carries some associated risks:

Funds can be stolen if the owner calls owner-only functions that pause the contract and drain funds (CRITICAL).

RollupChain.sol#L460-L496 - Layer2.Finance source code