Source and Security of Arbitrum Assets

Arbitrum Assets: Source and Security

On official publicity, the security level of assets (including ETH, USDT, UNI, etc.) in Arbitrum and Optimism is the same as that of L1. Although to date, there have been no reports of asset loss in Rollup. However, in fact, these assets are very complex and can be divided into three categories.

On June 1st, Circle announced that they would release an official version of USDC on Arbitrum.

Actually, there has long been USDC on Arbitrum. Where did this USDC come from? After Circle released the official version, the original USDC was renamed Bridged USDC and its code name changed from USDC to USDC.e. However, this renaming is only a modification of the parsing name at the block browser level, and cannot be modified at the contract level.

This USDC.e was bridged from the official bridge of Arbitrum from L1. Below is a test I just did.

• Core developers of the Ethereum execution layer have confirmed the Cancun EIP list, which includes five EIPs such as EIP-1153, EIP-4788, and EIP-4844.
• EN: Binance.US keeps records of all user funds, which have never left the platform unless withdrawn by the user.
• Discussing the SEC’s lawsuit against Binance: Years of regulatory balance disrupted, optimistic about the final outcome

USDC is sent from L1 to Arbitrum through the official bridge of Arbitrum. In L1, USDC is the USDC contract officially deployed by Circle on L1, and when it comes to Arbitrum, it becomes USDC.e, which is deployed by Arbitrum.

With these two versions of USDC, we can understand the source of assets on Arbitrum.

1. Assets that cross from L1 to Arbitrum through the Arbitrum official bridge https://bridge.arbitrum.io/.

These assets will be saved on the contract used by Arbitrum to deposit and withdraw on L1, which is the main contract of Rollup on L1, used to record the status of all deposit users on L1.

When users cross from L1 to Arbitrum through the Arbitrum official bridge, the action taken is that users deposit funds into the main contract deployed by Arbitrum on L1, and then on the Rollup side, Arbitrum will mint the same amount of assets to the user. Conversely, when users withdraw on the Rollup side, the assets are destroyed on the L1 side.

The security of these assets that are deposited on Arbitrum-Rollup through the Arbitrum official bridge is consistent with the Rollup design document, which is safe and similar to L1. Even if the Rollup operator runs away, users can still forcibly withdraw from the Rollup contract on L1.

2. Token assets independently issued by the project on Arbitrum.

Some assets, such as AiDoge, are launched on Arbitrum, but not on L1. These assets treat Arbitrum as an independent chain. Circle’s official version of USDC launched on Arbitrum is also in this category. If Arbitrum runs away, these assets that are published based on Arbitrum’s native properties will definitely be reset and cannot be restored on L1. This is because there is essentially no such asset on L1.

There is another type of asset that is crossed to Arbitrum through a third-party cross-chain bridge.

Mainstream third-party cross-chain bridges, such as multichain, treat Arbitrum as an independent chain and bridge BSC and Arbitrum, for example. Cross-chain is performed by locking and releasing assets on the two ends of the bridge. The security of these assets that are crossed to Arbitrum through third-party bridges is subject to both the third-party bridge and Arbitrum. If either party runs away or has bugs, the assets may be lost. This situation with third-party bridges is more complex because third-party bridges generally work as a fund pool. For example, multichain bridges ETH assets from ETH-L1 and Arbitrum, so multichain must have corresponding ETH fund pools on both L1 and Arbitrum to provide users with cross-chain functionality. Of course, when users cross from L1 to Arbitrum, they deposit ETH into multichain’s L1 fund pool, and then multichain releases ETH on Arbitrum to users. If one end of the third-party bridge runs out of funds, the bridge can only work in one direction. For the official bridge of Arbitrum, there is no concept of a fund pool. The concept is deposit and mint, and withdraw and burn. Therefore, the security of funds entering and exiting Rollup through third-party bridges is also affected by the fund pool of the bridge. Most of the fund pools for third-party cross-chain bridges are essentially multisignature wallets, which can be run away with. If everything is designed according to the Rollup design document, the recharge contract of the official bridge of Arbiturm on L1 cannot run away with funds. However, Arbitrum has not yet implemented fraud proof, so essentially Arbitrum can shut down the Rollup service and steal money by maliciously modifying the status on both Rollup and L1.

An empty paragraph tag.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!