Why Does the Arbitrum Security Depend on 9 People?

Arbitrum is one of the top-performing level 2 solutions out there.  According to DeFiLlama it takes spot #4 of all chains in TVL. There are many reasons to like Arbitrum. However, Arbitrum is not as decentralized as you thought.

The platform has a DAO, which governs the Arbitrum One and Nova chains. That sounds good, but it has an inherent risk. So, let’s take a closer look at what this risk is for Arbitrum.

The Arbitrum DAO

Arbitrum has decentralized governance. In crypto, it means that there is a DAO behind the project. Their ARB token is the governance token. All ARB holders are part of this Arbitrum DAO. There are four levels of decentralization in Arbitrum: 

  • Chain Ownership

The ‘owner’ can change the protocol. The Arbitrum DAO is the ‘owner’. For example, when Ethereum upgrades, Arbitrum needs to react to it. Or if there’s a bug in the code, it needs fixing. Furthermore, how about planned improvements? All these options need updates. All members of the DAO can vote on upgrades and execute them.

There’s also a ‘Security Council’ that can upgrade the protocol. These are publicly named entities. In emergencies, they can execute upgrades almost instantly. In such an emergency, the DAO path of governance is too slow. But I will get back to this Security Council. There’s a potential and serious risk with this council.

  • Validator Ownership

They are responsible for validating the chain. All validators are publicly listed. However, there’s a potential risk with these validators. They can compromise the system’s safety. A malevolent validator can propose an invalid state update. That can happen, if there’s not at least one honest validator to stop this proposal.

The DAO can change the validator allow-list. For example, it can add or remove members. It can even remove the complete list.

  • Sequencer Ownership

The sequencer collects and orders transactions. Most layer 2 solutions have centralized sequencers. That means that there’s a single point of failure. There’s an explanation of how this works in this article we wrote. The sequencer for this platform is the Arbitrum Foundation. However, the DAO can elect a new organization as a sequencer.

Data Availability Committee (DAC) ownership

This is a committee only active on Arbitrum AnyTrust chains. For example, the Arbitrum Nova chain. These chains depend on a permissioned 7-member committee. The risk is when 6 out of 7 committee members and the sequencers behave maliciously. This can compromise the system’s safety. The DAO can add or remove DAC members. It can also modify the DAC’s power over the system.

The Security Council

The Security Council plays an important role in the Arbitrum governance. I explained its role above. This article also explains some risks associated with the levels of decentralization. However, the Security Council poses some of the biggest risks. In case of emergencies, the Security Council uses 9 of 12 multisig wallets.

These multisig wallets require more than one signature to execute a transaction. In an emergency case, 9 signatures. During a non-emergency case, the Security Council uses 7 of 12 multisig wallets. So, in the Arbitrum docs, you can find this under risks:

If 9 of the Security Council members are compromised or behave maliciously, the system and users’ funds could be compromised.

If a malicious proposal is successfully put through DAO governance, or if 7 of the Security Council members are compromised or behave maliciously, the system’s safety could be compromised. In either of these cases, users will have several weeks to withdraw their funds back to Ethereum before the proposal takes effect.

So, in other words, 7 people can compromise the whole network. However, 9 members can also put the network funds at risk. This includes your funds on Arbitrum. The DAO has too many members to have a realistic chance of compromising the network. However, for 9 people, it’s easier to be in cahoots. And this brings us to the root of the Arbitrum vulnerability. 

In other words, this indicates that the Arbitrum protocol is not as decentralized as we thought. First, there’s the issue of the sequence. This has a single point of failure. Furthermore, we have the Security Council issue, as explained above. Now the question is, how likely is it that at least 9 Security Council members are in cahoots? That’s not for me to answer, but you can get to your own conclusions. The picture below shows the risks posed by the Security Council members.

Arbitrum docs

Source: Arbitrum docs 

Conclusion

Arbitrum has a DAO in place for governance. This would make you think that the protocol has a solid, decentralized foundation. However, there are two weak points in this governance. First, there is the centralized sequencer. This has a single point of failure. Second, the Security Council only needs 7 people to compromise the whole network. However, with 9 people, it also compromises the network funds. That’s because they can govern with a 9 of 12 multisig wallet.

Disclaimer

The information discussed by Altcoin Buzz is not financial advice. This is for educational, entertainment and informational purposes only. Any information or strategies are thoughts and opinions relevant to accepted levels of risk tolerance of the writer/reviewers, and their risk tolerance may be different from yours.

We are not responsible for any losses that you may incur as a result of any investments directly or indirectly related to the information provided. Bitcoin and other cryptocurrencies are high-risk investments, so please do your due diligence.

Copyright Altcoin Buzz Pte Ltd.

The post Why Does the Arbitrum Security Depend on 9 People? appeared first on Altcoin Buzz.

FOLLOW US ON GOOGLE NEWS

Read original article here

Denial of responsibility! Web Times is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – webtimes.uk. The content will be deleted within 24 hours.

Leave a Comment