This time AltLayer’s airdrop activity was questioned by the community. 35% of the airdrop share (about 35 million US dollars) was allocated to addresses holding AltLayer NFT (the total circulation is only 2157), and each address received an average value of about 14,000. US dollars in ALT tokens, while addresses participating in the testnet only receive about US$30 in ALT tokens per address on average. Additionally, traders BlurCrypto got into an argument on social media with AltLayer’s head of growth over whether there was an insider trading profit of $200,000.
AltLayer is a highly scalable, low-cost, and quick-start Rollup solution. After the airdrop on January 25, did the address that received the AltLayer airdrop have any abnormal on-chain activities? What security challenges does AltLayer's RaaS track face? Today the Beosin team will analyze it one by one for everyone.
AltLayer technical architecture
AltLayer helps developers quickly launch modular Rollup by supporting combinations of all major Rollup technology stacks, data availability layers, settlement layers, and decentralized sorter sets. Its key RaaS partners include Optimism, Arbitrum, Polygon, zkSync, EigenLayer, Celestia and Hyperlane.
As shown in the figure above, the blockchain network built based on AltLayer will process transactions in three steps: first aggregate transactions to improve performance, then generate blocks, and finally verify the blocks. When packaging and generating blocks, AltLayer supports the use of a decentralized sequencer called SQUAD to package transactions. When verifying a block, the verifier needs to submit transaction data to Layer1. Developers can choose different data security levels based on performance and security requirements.
In order to achieve decentralized sorting, AltLayer adds a layer of components called Beacon Layer between the execution layer and the consensus layer. It is one of the core components of AltLayer and provides coordination and verification functions between the execution layer and the consensus layer. The shared ordering node in the beacon layer provides hierarchical transaction ordering services for Rollup in AltLayer, as shown in the figure below. When developers create and start their own Rollup through the AltLayer dashboard, the beacon layer will allocate sequencer nodes to be responsible for executing transactions in the Rollup, as shown in the following figure:
These shared ordering nodes use a staking/cutting mechanism to incentivize and punish the behavior of orderers to ensure the security and activity of the network. AltLayer plans to open the shared ordering nodes as a decentralized network that anyone can join, but currently these nodes are mainly controlled by AltLayer and its partner projects.
Airdrop controversy
After AltLayer announced the airdrop details, the community expressed dissatisfaction with the airdrop quota of 35.47% (106,410,000 ALT tokens) available to NFT Holders. Because AltLayer has previously issued two NFT series: AltLayer OG Badge and Oh Ottie!, the total circulation of the two series is only 2157. This means that addresses holding NFTs will receive huge airdrops, while users participating in testnet activities only receive an average of about 1,000 tokens in airdrops per address. Some users were mistakenly labeled as witches, exacerbating the dissatisfaction of the community.
AltLayer airdrop distribution
After we used Beosin KYT to check the addresses of NFT holders, we found that after many NFT Holders purchased OG Badge and received the Oh Ottie! series of NFTs, their addresses temporarily stopped activity until the AltLayer airdrop started.
Take the 0xf39a60D5577220059829f0838c79bB7081Bdb6Ac that has the most airdrops as an example:
After withdrawing Ethereum from FTX on July 30, 2022, address 0xf39a only spent a total of 2.569 ETH to purchase 8 OG Badges through Seaport. In addition to receiving the NFT airdrop of the Oh Ottie! series, there was no transaction before receiving the token airdrop. Record.
KYT of Beos
The 8 OG Badge0xf39a purchased received a total of 1.29 million ALT tokens in this airdrop, and then sent the received tokens to multiple new addresses. Specific operations can be viewed on Beosin KYT:
The address that received the second most airdrops, 0x4f0e22F2888d7F95787c4948576Ab3a54E3ab83c, is similar. On July 28, 2022, ETH was withdrawn from FTX, and a total of 5.3844 ETH was subsequently spent to purchase related NFTs through Seaport.
Beosin KYT analyzed its transactions and found that 0x4f0e first spent 2.0414 ETH to purchase 6 OG Badges from July to August 2022.
Then in February 2023, 0x4f0e continued to spend 3.343 ETH to purchase 7 Oh Ottie! series NFTs. Later, 0x4f0e did not become active again until AltLayer started airdropping.
0x4f0e claimed 1.19 million ALT. Similar to 0xf39a, it also dispersed the received tokens to multiple new addresses. Specific operations can be viewed on Beosin KYT:
Is the hoarding and silence at these addresses a coincidence? How should the project’s airdrop rules be set to achieve anti-witchcraft and fairly reward users? This is an issue that both project parties and the community need to continue to explore.
RaaS track security challenge
AltLayer is the head project of the RaaS track, and the RaaS track can be divided into op-Rollup as a Service and zk-Rollup as a Service according to the supported Rollup. Currently, service providers in the RaaS track mainly use the op-Rollup technology stack, which supports the quick start of op-Rollup. The service provider of op-Rollup as a service faces many security challenges.
Usually, the core component of op-Rollup is shown in the figure and consists of 4 parts:
1. Layer1’s validator contract. Each Rollup needs to deploy a validator contract on Layer1. The function of this contract is to receive and store the block hash value and status root submitted by Rollup, and update the status of users' deposits and withdrawals to Rollup. Rollup needs to synchronize modifications to Layer1 and Layer2 in a timely manner. The user's status. If the Rollup service operator runs away, the user's assets also need to ensure that they can be withdrawn from the contract on Layer1.
2. Transaction Sequencer (Rollup Sequencer). Responsible for processing and executing Rollup transactions, maintaining user status between Layer1 and Rollup, and synchronizing the status of L1 and L2.
3. Proof of fraud. Fraud proof is the core of op-Rollup. It is optimistic that all transactions and status are correct. Wait for the third party to challenge and submit relevant proof to Layer1 for confirmation. If fraud is proven, the node that originally issued the relevant transaction will be punished and the state will be rolled back.
4. Data availability. Rollup will store the transaction data in Layer1 to ensure the final confirmation and status update of the data. In this way, even if the Rollup project team runs away, users may get their funds back on Layer1.
If you want to do op-Rollup as a Service, the above four parts will be provided by the RaaS service provider, and the Rollup code and node maintenance will be the responsibility of the RaaS service provider (the service provider may outsource/assign it to its partners). Project parties using RaaS services only need to do operations and marketing to attract users to use their Rollup.
This greatly reduces the startup cost and time of the project side, but leaves a lot of room for op-Rollup service providers to do evil. The security challenges that exist include:
One is the proof of fraud mentioned above. Fraud proof is the core of op-Rollup to ensure the safe and stable operation of the network. With the promotion of Rollup as a Service, more and more op-Rollups are launched. It is difficult for security companies/communities to monitor whether the status of Rollup is normal and whether there is any problem. Bad faith transactions. The frequency of subsequent rollup-related security incidents is likely to increase.
The second is the asset security issue of Layer1 and Layer2. At present, many op-Rollup assets do not enter Rollup from the recharge of smart contracts deployed on Layer 1. Many assets enter Rollup through third-party cross-chain bridges. The existence of these cross-chain bridges introduces more potential security. Risk, last month Orbit Chain lost $80 million due to private key leaks.
The above are the two security issues that currently need to be improved most in op-Rollup and op-Rollup as a Service.
The core components of zk-Rollup are similar to op-Rollup, but zk-Rollup uses validity proof. When the proof is verified to be correct, the status will be updated on Layer1. This ensures that zk-Rollup can always run in the correct state and is more secure than op-Rollup. However, the performance and development difficulty of zk-Rollup have led to the slow progress of zk-Rollup as a Serivce. Currently, the service providers of zk-Rollup as a Serivce are basically still in the development and testing stage.
Summarize
Currently, AltLayer, as the head project of the RaaS track, has reached cooperative relationships with multiple public chain projects to help developers quickly start Rollup. In order to solve the centralization problem of the sorter, AltLayer introduces a beacon layer for decentralization. ization and layered verification. However, due to the optimistic assumptions of op-Rollup, it is difficult to monitor the transaction security of each op-Rollup. Subsequent op-Rollups built through RaaS services may have malicious transactions but have not been challenged for a long time, resulting in financial losses.
