Please use this identifier to cite or link to this item:
http://hdl.handle.net/10397/119002
| Title: | DoubleUp roll : double-spending in arbitrum by rolling it back | Authors: | Sun, Z Li, Z Peng, X Luo, X Jiang, M Zhou, H Zhang, Y |
Issue Date: | Dec-2024 | Source: | In CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, p. 2577-2590. New York, NY: The Association for Computing Machinery, 2024 | Abstract: | Optimistic rollup protocols are widely adopted as the most popular blockchain scaling solutions. As a dominant implementation, Arbitrum has boasted a total locked value exceeding 18 billion USD, highlighting the significance of optimistic rollups in blockchain ecosystem. Despite their popularity, little research has been done on the security of optimistic rollup protocols, and potential vulnerabilities on them remain unknown. In this work, we unveil three novel double spending attacks on Arbitrum, each enabling an attacker to steal funds from cross-chain applications on Arbitrum. To facilitate these double spending attacks, we introduce an attack to induce manipulable delays in the transaction rollup process and propose a cost optimization solution to reduce further transaction fees associated with the attacks. Our investigations broaden the exploitation of our double spending attacks to another leading optimistic rollup protocol, Optimism, highlighting the generability of our proposed attacks. Through extensive experiments on a local test network, we demonstrated that our attacks lead to severe malicious effects, such as fund losses from double spending. From late 2022 to early 2023, we reported these vulnerabilities to the Arbitrum and Optimism teams. All the issues were acknowledged and resolved, and our research safeguarded billions of dollars at risk, earning us half a million dollars in bug bounty rewards. |
Keywords: | Arbitrum Blockchain Optimistic Rollup State Rollback Attack |
Publisher: | Association for Computing Machinery | ISBN: | 979-8-4007-0636-3 | DOI: | 10.1145/3658644.3690256 | Description: | CCS '24: ACM SIGSAC Conference on Computer and Communications Security, Salt Lake City UT, USA, October 14-18, 2024 | Rights: | © 2024 Copyright held by the owner/author(s). This work is licensed under a Creative Commons Attribution International 4.0 License (https://creativecommons.org/licenses/by/4.0/). The following publication Zhiyuan Sun, Zihao Li, Xinghao Peng, Xiapu Luo, Muhui Jiang, Hao Zhou, and Yinqian Zhang. 2024. DoubleUp Roll: Double-spending in Arbitrum by Rolling It Back. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (CCS '24). Association for Computing Machinery, New York, NY, USA, 2577–2590 is available at https://doi.org/10.1145/3658644.3690256. |
| Appears in Collections: | Conference Paper |
Access
View full-text via PolyU eLinks 
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.