This July, Linea, a Layer2 network developed by the ConsenSys team, announced the opening of Linea Mainnet Alpha access to the entire community, officially joining the Layer2 battle.

What are the advantages of Linea compared to other Layer2 solutions such as zkSync and Optimism among many L2 schemes? What is the current status of the Linea ecosystem? What are the security principles and best practices of Linea?

In order to explore these questions and to spread the technology and vision of the Linea ecosystem more widely, as well as to encourage more Web3 developers to actively participate in deploying and innovating in the Linea ecosystem, on September 19th, the blockchain security team ScaleBit joined forces with Linea and Web3 Future to co-host the offline event "From Alpha To Peak, Let's Dive Into Linea!"

During the event, numerous Web3 industry practitioners gathered together to deeply communicate and share insights towards the Linea ecosystem, inspiring innovative thinking. Alex, a security researcher from the ScaleBit team, presented a wonderful technical sharing for the attendees with Linea's security principles and best practices as the starting point.

Now, we will organize the Tech Talk into a document for more Web3 developers to reference.

Part 1 Linea Introduction

Linea is a zero-knowledge extension protocol (zk-rollup) that is fully equivalent to the Ethereum Virtual Machine (EVM). Its aim is to increase the throughput of Ethereum and reduce transaction fees. Linea relies on an innovative, internally built prover that utilizes zkSNARK technology.

On Linea, transaction fees are 15 to 20 times cheaper than on the Ethereum mainnet. Like some of the tools and infrastructure platforms they have developed, Linea is designed to be developer-friendly, with native support for Consensys' MetaMask, Truffle, and Infura. The chain is also designed to be composable and easy to use, meaning developers don't need to be experts in zkEVM or zk-rollup to build applications on it.

Many ecosystems have deployed and migrated to the Linea network, involving various protocols such as DeFi, cross-chain bridges, NFT, etc. The Linea ecosystem has grown rapidly. Since its launch, the total locked value (TVL) of Linea Mainnet Alpha has been soaring, reaching a peak of 30 million US dollars and currently stabilizing at around 20 million US dollars.

Part 2 Linea vs zkSync vs Optimism

1. Throughput

Linea can achieve 4800 TPS, zkSync can achieve 2000 TPS, and Optimism can achieve 500 TPS.

2. Withdrawal Time

- Linea: Some users have reported delays in the exchange process from Layer 2 to Layer 1 (Ethereum) through the Linea official cross-chain bridge, with delays ranging from 8 to 32 hours up to a maximum of 4 days. The official explanation is that in order to closely monitor transactions and protect user asset security, the team has initially added a withdrawal delay of at least 8 hours for the Linea mainnet. As the system matures, this delay will gradually decrease and eventually be eliminated.

- zkSync: Transactions are verified and aggregated on Layer 2, resulting in relatively fast withdrawal speeds.

- Optimism: Optimistically assume that all Rollup transactions submitted by the sequencer are valid. During the challenge period, if a validator discovers an invalid transaction, they can initiate a fraud proof. If no one challenges the transaction after the challenge period, it is assumed to be valid and the transaction becomes final. Therefore, the withdrawal time is relatively long, around 7 days.

3. Privacy

Currently, all transactions on Ethereum are transparent, and anyone can see the sender, receiver, and all transaction details. However, privacy is also highly valued in various blockchains, and most people do not want to publicly expose the transfer of most of their assets. Therefore, privacy is an important component of the roadmap for various blockchains.

- Linea & zkSync: Linea and zkSync provide high privacy to users as they use zero-knowledge proofs to hide transactions and signatures on both the sidechain and main chain. Only the sender and receiver of the transaction can know its details, and no one can link it to the user's address or identity.

- OptiOptimis: OptiOptimis has low privacy for users because they must publicly disclose their transactions and signatures on both the sidechain and mainchain. Anyone can observe and analyze these transactions and link them to the user's address and identity.

4. EVM Compatibility

- Linea: Almost 100% compatibility can be achieved, and Solidity code can be seamlessly deployed to the Linea chain.

- zkSync: Many opcodes have been modified and a brand new account abstraction model has been introduced. Solidity code needs to be adjusted accordingly.

- OptiOptimis: There are minor opcode changes that require slight modifications to the code in order to deploy it on the chain.

5. Layer 2 Cost Calculation

The implementation of ZK rollups is very complex. Calculating zero-knowledge proofs is both difficult and time-consuming, making the computational cost high. However, the OptiOptimis "fraud proof" transaction scheme eliminates the need for large-scale deployment verification, saving computational resources and ensuring the accuracy of transactions.

Part 3 Account Abstraction

EIP-4337 - Account abstraction in Linea does not change the consensus layer protocol. Account abstraction is achieved through the entry point contract specification, which is a significant achievement.

This proposal actually introduces a higher-level pseudo-transaction object called UserOperation. Transactions are sent through a custom memory pool. Afterwards, UserOperations are bundled into a single transaction by Bundler, similar to how miners operate within the existing transaction memory pool. Bundler (using Flashbots service) calls the EntryPoint contract for verification, and if there are no errors, the transaction will be included in the next block on the network.

EntryPoint contract is a critical part of the infrastructure. When this smart contract is called through Bundler, it first verifies whether UserOperations comply with the rules pre-specified by the account, and then executes them. Please note that EIP-4337 does not have any protocol-level changes. This means that Bundler is an EOA address that submits all these transactions to the chain.

The EntryPoint contract can be further extended by adding a Paymaster. Paymaster provides some benefits, allowing users to pay fees with ERC20 tokens and collect ERC20 tokens as intermediaries through the contract, and then the payer converts them to ETH for system compatibility.

Part 4 Linea Best Security Practices

When starting the development of Linea, the following recommendations are very important. These guidelines are crucial for optimizing code, ensuring security, and maintaining consistency with the unique features of the Linea chain.

1. Use call instead of transfer and send

In Solidity, there are three ways to send Ether: send, transfer, and call.

.send and .transfer are simplified methods for sending ETH to another contract, but they have some limitations. They only provide limited gas (2300 gas) for the execution of the receiving contract's fallback function, and if the execution fails or the receiving contract runs out of gas, they will revert.

call is a lower-level function that provides more control and flexibility. It allows you to specify the amount of gas to send and can handle errors. With call, you can handle return values and check the success or failure of an external contract call. If the call fails, it will return false instead of revert.

Although using call provides more flexibility and control, developers need to be aware that it may introduce reentrancy vulnerabilities compared to send or transfer.

When using call, the fallback function of the receiving contract may be re-entered before the current call is completed, which may cause unexpected behavior and security vulnerabilities. To mitigate this risk, it is necessary to follow best practices, such as implementing the checks-effects-interactions pattern and adding reentrancy protection.

2. In the early stages of the Linea protocol, it was suggested to use the proxy pattern for smart contracts.

Although Linea has undergone extensive testing to ensure full compatibility with the Ethereum Virtual Machine (EVM), issues may still arise.

To apply these error fixes, it may be necessary to upgrade the smart contract. As a precaution, we recommend implementing the proxy mode within a few months after the first deployment on Linea. Using proxy mode allows for more flexible updates and fixes to contract logic without the need for a complete redeployment of the contract. It serves as an abstraction layer, making seamless upgrades and error fixes possible while maintaining the integrity and continuity of the application.

3. Recombination

Reorg is when a block that was originally part of the authoritative chain is no longer part of it because it has been beaten by a competing block. In PoW blockchains like Ethereum, we typically see the "longest chain rule" (or more accurately, the "highest total mining difficulty rule"). This means that when a client sees two blockchains, it will choose the one with the highest total difficulty (i.e. the sum of the difficulties of all blocks in that chain).

All EVM chains may experience reorganization. On certain Layer2 chains, reorganization is more common than on the Ethereum mainnet.

(1) Assuming that we start synchronizing from block 1 with a difficulty of 100.

(2) Block 2a and 3a both reach difficulty 100, and we embed them into our blockchain, forming a total difficulty of 300 for the fork.

(3) Block 3b reached difficulty 110 and claimed that 2a is its parent block, forming a fork with a total difficulty of 310. The fork selection rule found that the "heaviest" chain is the second fork, and then switched to select it. This situation belongs to a reorganization of one block, because only block 3a has been changed.

Assuming that Alice deploys a new vault using a certain function and sends funds to it. Bob sees a network block reorganization and calls the same function. Therefore, he creates a vault with the address where Alice sent the funds. Then Alice's transaction is executed, and she transfers the funds to Bob's vault contract.

4. Reentrancy

Reentrancy attack is one of the most destructive attacks in Solidity smart contracts. It occurs when a function makes an external call to another untrusted contract. The untrusted contract then recursively calls the original function, attempting to drain funds.

The famous re-entry attack incident is the DAO attack, which caused a loss of 60 million US dollars.

5. Precision loss

Solidity uses fixed-point arithmetic, and division can cause precision loss, while division before multiplication can amplify this precision loss. Therefore, the numbers in Solidity also need to be scaled to the same precision before combining calculations.

On April 28th of this year, a white hat submitted a severe vulnerability to DFX Finance, which was a rounding error in token calculation. At the time of submission, $237,143 was at risk of being stolen by malicious hackers in the vulnerable pool. However, DFX Finance quickly took action to fix the vulnerability after receiving the report. Finally, DFX Finance paid a bounty of 100,000 USDT to the white hat company.

And there are other vulnerabilities such as storage conflicts, flash loans, oracle price manipulation, predictable random numbers, and Dos attacks, which are not listed here.

Part 5 The Mendi Finance Hack Incident

In August 2023, the staking contract of the lending protocol Mendi Finance, built on Linea, was attacked, resulting in a loss of approximately 930,000 mendi. The hacker obtained rewards by staking through multiple new addresses. After noticing this security incident, we quickly communicated with Mendi Finance and immediately initiated a security response. After investigation, it was found that the root cause was inconsistent parameter settings and incorrect withdrawal delay time configuration in the protocol.

1. The parameter value for delayed withdrawal was not set during contract deployment, so users can withdraw funds immediately after depositing. After the event occurred, we queried the parameter value for delayed withdrawal at the historical block height and found that it was indeed 0.

2. The ability to claim unreceived rewards is due to a for loop starting from 1 instead of 0. This allows everyone to claim their reward immediately after staking, as the first reward is automatically allocated to the new address.

This article is from a submission and does not represent the views of BlockBeats.

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia