Papers
Topics
Authors
Recent
Search
2000 character limit reached

Security Analysis of Smart Contract Migration from Ethereum to Arbitrum

Published 27 Jul 2023 in cs.CR | (2307.14773v3)

Abstract: When migrating smart contracts from one blockchain platform to another, there are potential security risks. This is because different blockchain platforms have different environments and characteristics for executing smart contracts. The focus of this paper is to study the security risks associated with the migration of smart contracts from Ethereum to Arbitrum. We collected relevant data and analyzed smart contract migration cases to explore the differences between Ethereum and Arbitrum in areas such as Arbitrum cross-chain messaging, block properties, contract address alias, and gas fees. From the 36 types of smart contract migration cases we identified, we selected 4 typical types of cases and summarized their security risks. The research shows that smart contracts deployed on Ethereum may face certain potential security risks during migration to Arbitrum, mainly due to issues inherent in public blockchain characteristics, such as outdated off-chain data obtained by the inactive sequencer, logic errors based on time, the permission check failed, Denial of Service(DOS) attacks. To mitigate these security risks, we proposed avoidance methods and provided considerations for users and developers to ensure a secure migration process. It's worth noting that this study is the first to conduct an in-depth analysis of the secure migration of smart contracts from Ethereum to Arbitrum.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (39)
  1. Arbitrum (2023) Welcome to Ethereum. https://ethereum.org/ (Date last accessed: August 31, 2023).
  2. Arbitrum (2023) Take it to the next layer with Nitro: Making Ethereum more inclusive and sustainable. https://arbitrum.io/ (Date last accessed: August 31, 2023).
  3. CoinMarketCap (2023) Today’s Cryptocurrency Prices by Market Cap. https://coinmarketcap.com/ (Date last accessed: August 31, 2023).
  4. Arbitrum (2023) Arbitrum Portal. https://portal.arbitrum.io/?chains=arbitrum-one (Date last accessed: August 31, 2023).
  5. CoinGecko (2023) Top Layer 2 Chains by Total Value Locked (TVL). https://www.coingecko.com/en/chains/layer-2 (Date last accessed: August 31, 2023).
  6. Arbitrum (2023) Why Nitro? https://docs.arbitrum.io/why-nitro (Date last accessed: August 31, 2023).
  7. Solidity () Solidity. https://soliditylang.org/ (Date last accessed: August 31, 2023).
  8. Vyper (2023) What is vyper? https://docs.vyperlang.org/en/stable/ (Date last accessed: August 31, 2023).
  9. Cairo (2023) The Cairo Programming Language https://book.cairo-lang.org/zh-cn/index.html (Date last accessed: August 31, 2023).
  10. Starknet (2023) Welcome to Starknet. https://www.starknet.io/en (Date last accessed: August 31, 2023).
  11. Polygon zkEVM (2023) Bring Ethereum to everyone. https://polygon.technology/polygon-zkevm (Date last accessed: August 31, 2023).
  12. Polygon (2023) Differences between EVM and zkEVM. https://wiki.polygon.technology/docs/zkevm/protocol/evm-diff/ (Date last accessed: August 31, 2023).
  13. BasketCoin (2021) Migration to Binance Smart Chain (BSC). https://medium.com/@basketcoin/migration-to-binance-smart-chain-bsc-e42dd66cfe97 (Date last accessed: August 31, 2023).
  14. The Sandbox (2022) The Sandbox is deploying on Polygon. https://medium.com/sandbox-game/the-sandbox-is-deploying-on-polygon-c44e026afeb2 (Date last accessed: August 31, 2023).
  15. OpenBlox (2022) Migration guide: How to move your Blox from Ethereum to Arbitrum. https://medium.com/openblox/migration-guide-how-to-move-your-blox-from-ethereum-to-arbitrum-b736970830a3 (Date last accessed: August 31, 2023).
  16. Fix the Cross Chain Messaging Bridge on Arbitrum (2022) https://gov.uniswap.org/t/temperature-check-fix-the-cross-chain-messaging-bridge-on-arbitrum/18073 (Date last accessed: August 31, 2023).
  17. Arbitrum (2023) A Gentle Introduction to Arbitrum. https://docs.arbitrum.io/intro/ (Date last accessed: August 31, 2023).
  18. Arbitrum (2023) Arbitrum Address Aliasing. https://docs.arbitrum.io/arbos/l1-to-l2-messaging#address-aliasing (Date last accessed: August 31, 2023).
  19. Arbitrum (2023) L2 to L1 Messaging. https://docs.arbitrum.io/arbos/l2-to-l1-messaging (Date last accessed: August 31, 2023).
  20. Arbitrum (2023) ArbOs. https://docs.arbitrum.io/arbos/ (Date last accessed: August 31, 2023).
  21. Arbitrum (2023) ArbOs Gas. https://docs.arbitrum.io/arbos/gas (Date last accessed: August 31, 2023).
  22. Arbitrum (2023) ArbOs L1 Pricing. https://docs.arbitrum.io/arbos/l1-pricing (Date last accessed: August 31, 2023).
  23. Arbitrum (2023) The Sequencer. https://docs.arbitrum.io/sequencer (Date last accessed: August 31, 2023).
  24. Arbitrum (2023) Transaction Lifecycle in Arbitrum. https://docs.arbitrum.io/tx-lifecycle (Date last accessed: August 31, 2023).
  25. Ethereum (2023) Ethereum - learn. https://ethereum.org/en/learn/ (Date last accessed: August 31, 2023).
  26. ChainLink (2023) ChainLink - l2-sequencer-feeds. https://docs.chain.link/data-feeds/l2-sequencer-feeds (Date last accessed: August 31, 2023).
  27. Evert0x (2023) GLPOracle. https://github.com/sherlock-audit/2023-01-sentiment/blob/main/oracle/src/gmx/GLPOracle.sol (Date last accessed: August 31, 2023).
  28. r0ohafza (2023) GLPOracle.t.sol. https://github.com/sentimentxyz/oracle/blob/815233add2d23a7e2a2c5136504537b234a65c47/src/tests/GLPOracle.t.sol (Date last accessed: August 31, 2023).
  29. r0ohafza (2023) GLPOracleUpdate.sol. https://github.com/sentimentxyz/oracle/blob/main/src/gmx/GLPOracle.sol (Date last accessed: August 31, 2023).
  30. TriHaz (2022) Trading.sol. https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L857-L868 (Date last accessed: August 31, 2023).
  31. tintinweb (2022) MarginFactory.sol. https://github.com/tintinweb/smart-contract-sanctuary-arbitrum/blob/662d22a0f98c6a0c8ef23e43ac6d6a3eac5968da/contracts (Date last accessed: August 31, 2023).
  32. Uniswap (2021) UniswapV3Factory. https://arbiscan.io/address/0x1F98431c8aD98523631AE4a59f267346ea31F984#contracts (Date last accessed: August 31, 2023).
  33. DavidBDiligence (2022) DOS. https://github.com/Consensys/smart-contract-best-practices/blob/master/docs/attacks/denial-of-service.md (Date last accessed: August 31, 2023).
  34. Sherlock-admin (2023) Pool. https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L216-L263 (Date last accessed: August 31, 2023).
  35. OpenZeppelin (2023) OpenZeppelin. https://www.openzeppelin.com/ (Date last accessed: August 31, 2023).
  36. Chainlink (2023) Chainlink. https://chain.link/ (Date last accessed: August 31, 2023).
  37. Code4rena () code4rena. https://code4rena.com/ (Date last accessed: August 31, 2023).
  38. Code4rena () code4rena. https://www.cyfrin.io/ (Date last accessed: August 31, 2023).
  39. Code4rena () code4rena. https://www.halborn.com/ (Date last accessed: August 31, 2023).

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Authors (2)

  1. Xueyan Tang 
  2. Lingzhi Shi 

Collections

Sign up for free to add this paper to one or more collections.

Sign Up

Tweets

Sign up for free to view the 5 tweets with 0 likes about this paper.

Sign Up for Free