jakiro
Recently, Altlayer, the head project of the Rollup as a Service (RaaS) track, opened the largest airdrop in 2024, with a total airdrop value of more than $ 100 million, becoming a hot -discovery event of the Web3 community.
And this time Altlayer’s airdrop activity was questioned by the community. The 35%(about 35 million US dollars) of the airdrop share was assigned to the address holding the Altlayer NFT (only 2157).The average address is worth about $ 14,000 AlT token, and the average address of the address of the test network is only about $ 30 AlT token per addressEssenceIn addition, the growth supervisor of the trader BlurCrypto and Altlayer argued whether there are insider transactions for $ 200,000 in social media.
Altlayer is a solution with high expansion, low cost, and quickly starting Rollup.After the air investment on January 25, is there any abnormal chain activity on the address of the Altlayer airdrop?What are the security challenges facing the RaaS track where Altlayer is located?Today, the Beosin team will analyze it one by one.
Altlayer technical architecture
Altlayer helps developers to quickly start modular Rollup by supporting the combination of all major ROLLUP technology stacks, data availability layers, settlement layers, and decentralized sorters.Its main RaaS partners include Optimism, Arbitrum, Polygon, ZKSYNC, Eigenlayer, Celestia and Hyperlane.
>
As shown in the figure above, the blockchain network based on Altlayer will process transactions in three steps: first aggregate transactions to improve performance, regenerate blocks, and finally verify the block.When packing and generating blocks, Altlayer supports the use of decentralized sorters named Squad to package transactions.When verifying the block, the verifications need to submit transaction data to Layer1. Developers can choose different data security levels according to performance and security needs.
In order to achieve decentralized sorting, Altlayer added a component called the Beacon Layer between the execution layer and the consensus layerEssenceIt is one of the core components of Altlayer, which provides coordination and verification function between the execution layer and the consensus layer.The shared sort node in the beacon layer provides layered transaction sorting services for ROLLUP in ALTLAYERAs shown in the figure below.When the developer creates and starts his own RollUp through Altlayer’s instrument panel, the label layer will allocate the disorder node to execute the transaction in Rollup, as shown in the figure below:
>
These shared sorting nodes use the pledge/cutting mechanism to motivate and punish the behavior of sorters to ensure the security and activity of the network.The Altlayer plans to open a shared sorting node as a decentralized network that anyone can join, but these nodes are currently controlled by Altlayer and its cooperation projects.
Airdrop dispute
After Altlayer announced the airdrop rules, the community was dissatisfied with the airdrop quota of 35.47%(106,410,000 ALT tokens) at NFT HOLDERS.Because Altlayer has previously released two NFT series: Altlayer OG Badge and OH OTTIE!The total number of circulation of the two series is only 2157EssenceThis means that the address holding NFT will get huge airdrops, and the average address of users participating in the test network event will only get about 1,000 token airdrops. Some users are misrepresented as witch, which is even more dissatisfied with the community.
>
Altlayer airdrop allocation
After we checked the address of the NFT holder with Beosin Kyt, we found thatAfter many NFT Holders buy OG Badge and receive the OH OTTIE! Series NFT, their address temporarily stops the event until Altlayer’s airdrop opening starts.Essence
Take the most airdropping 0xF39A60D5577220059829F0838C79bb7081bdb6ac as an example:
The 0xF39A address was proposed from FTX on July 30, 2022. After the Ethereum was proposed, only 2.569 ETH purchased 8 OG BADGE through Seaport. Except for the NFT airdrops of the OTTIE! Series, there was no transaction before receiving the Candida Air Investment.Record.
>
Beosin kyt
>
8 OG BADGE purchased by 0XF39A
0XF39A received 1.29 million ALT tokens in this airdrop, and then sent to the tokens it received to multiple new addresses.The specific operation can be viewed in Beosin Kyt:
>
The address of the second -multiple airdrop 0x4F00E222888D7F95787C4948576AB3A54E3AB83C is similar. On July 28, 2022, ETH was proposed from FTX, and then the relevant NFT was purchased by SeaporT 5.3844 ETH.
>
Beosin kyt
Analysis of its transactions can find that 0x4F0E first spent 2.0414 ETH purchased 6 OG Badge from July-August 2022.
>
Then in February 2023, 0x4F0E continued to spend 3.343 ETH purchased 7 OTTIE! Series NFT.It was then reappeared until Altlayer opened the airdrop.
>
0x4F0E received 1.19 million Alt, similar to 0xf39A, and it also dispersed the tokens received to multiple new addresses.The specific operation can be viewed in Beosin Kyt:
>
Is the hoarding and silence of these addresses coincidental?How should the airdrop rules of the project be set to achieve anti -witch and fair rewarding users?This is a problem that the project party and the community need to continue to explore.
RaaS track security challenge
Altlayer is the head project of the RaaS track, and the RaaS track can be divided into OP-Rollup as a Service and ZK-Rollup as a Service based on the supported Rollup.At present, the OP-Rollup technology stack mainly uses the service provider of the RAAS track, supports the rapid startup of OP-Rollup.The service provider of Op-Rollup as a Service is facing many security challenges.
Usually, the core component of OP-RollUp is composed of 4 parts as shown in the figure:
>
1. 1.Layer1 verification device contractEssenceEach rollup needs to deploy a verification contract contract in Layer1. The function of this contract is to receive and store the block hash value and status root submitted by Rollup. Update the state of recharging users to Rollup. Rollup needs to modify Layer1 and Layer2 simultaneously in time.The state of the user.If the Rollup service operator runs, the user’s assets also need to ensure that it can be extracted in the contract on Layer1.
2.Trading sorter(Rollup Sequencer).Responsible for handling and executing Rollup transactions, maintaining the status of users between Layer1 and Rollup, and the status of synchronous L1 and L2.
3..ScamEssenceThe fraud proof is the core of OP-Rollup. Optimistic believes that all transactions and status are correct. When a third party has a challenge, submit relevant certificates to Layer1 and wait for confirmation.If fraud is proven, nodes that were originally released related transactions would be punished and the status will roll back.
4. 4..Data usabilityEssenceRollup will deposit transaction data into Layer1 to ensure the final confirmation and status update of the data.In this way, even if the Rollup project party is running, users may withdraw money on Layer1.
If you want to do OP-ROLLUP As a Service, the above four parts are provided by RAAS service providers. Rollup’s code and node maintenance will be responsible for RaaS service providers (service providers may outsourcing/allocated to their partners).The project party using RaaS service only needs to do operation and marketing to attract users to use their own Rollup.
This greatly reduces the cost and time of the project party, but it is left to the OP-ROLLUP service provider with great room for evil. The safety challenges are:
First, the fraudulent certificate mentioned aboveEssenceCrack proves are the core of OP-Rollup to ensure that network security and stable operation, and with the promotion of Rollup as a Service, more and more OP-Rollup’s launch is difficult to allow security companies/communities to monitor the state of Rollup normal and whether there are any.Mal malicious transactions.Subsequent related ROLLUP security incidents have increased frequency.
Second, the asset security issues of Layer1 and Layer2EssenceAt present, many OP-Rollup’s assets are not recharged from their smart contracts deployed in Layer1 to Rollup. Many assets are rollup entered through third-party cross-chain bridges. These cross-chain bridges have introduced more potential security.Risk, last month of ORBIT Chain lost $ 80 million due to private key leakage.
The above are the two security issues that OP-Rollup and OP-Rollup As a Service are currently most needed.
The core component of ZK-Rollup is similar to OP-RollUp, but ZK-Rollup uses effective proof. When it is proven to be verified as correct, the status will be updated on Layer1.This ensures that ZK-Rollup can always maintain the correct state, which is safer than OP-Rollup.However, the performance and development difficulty of ZK-Rollup lead to the slow progress of ZK-Rollup as a Serivce. At present, the service providers of ZK-Rollup as a Serivce are basically in the development test stage.
Summarize
At present, Altlayer, as the head project of the RAAS track, has reached a cooperative relationship with multiple public chain project parties to help developers start Rollup quickly. In order to solve the centralized problem of sorters, Altlayer introduced a layer of beam layer to centralize the centerTransfer and layered verification.However, due to the premise of OP-ROLLUP’s optimistic assumptions, it is difficult to monitor the trading security of each OP-ROLLUP.OP-ROLLUP built through RaaS service may have malicious transactions but have not been challenged for a long time, causing capital lossEssence
