How does a L2 with a Security Council differ from an L2 with Proof of Authority in the trust assumptions?

Security Council
1

Hello,
I hope this is the right place to asks for it.

If I understand correctly, if 9 of the 12 Security Council members are compromised, all funds can be taken from the users of Arbitrum.
So to use Arbitrum, one has to make the trust assumption that at least 4 of the 12 Security Council members are honest under all circumstances, including blackmail and $5 wrench attacks.
Isn’t this the same trust assumption you have to make if you want to use a Proof of Authority chain?
How is Arbitrum One more secure than Arbitrum Nova or any other Proof of Authority like the XRP network?

1 Like
2

This is not true, they have a different function.
Read the constitution

  • DAO Treasury : All $ARB tokens held in a governance smart contract governed directly by the ArbitrumDAO and/or the Security Council of The Arbitrum Foundation via on-chain voting mechanisms.

*All this is done through voting

3

I am not refer only to the $ARB treasury but in general to the security of Arbitrum.

The Arbitrum documentation says:
“If 9 of the Security Council members are compromised or behave maliciously, the system and users’ funds could be compromised.”
source: The state of Arbitrum's progressive decentralization | Arbitrum DAO - Governance docs

So when 9 people can compromise the whole Arbitrum network, how is Arbitrum more decentralized then any Proof of Authority chain? How does the security of Arbitrum One and Arbitrum Nova differ if both rely on such a centralized trust assumption?

4

Thanks for this question, it made me do some digging on the matter. From what I have gathered, the Security Council does not control any smart contracts that hold user funds. Even in a worst-case scenario where 9 out of 12 SC members are compromised, they cannot directly take users’ funds from the system.

The SC does have the power to push protocol upgrades bypassing any delays, meaning that a malicious SC could attempt to introduce an upgrade that alters key contracts. This is indeed a risk as you can see in L2beat’s Arbitrum review: Arbitrum One - L2BEAT

However, there are multiple deterrents for this to happen. The first one is the DAO itself, as it has ultimate governance authority and can intervene if a suspicious proposal is presented. Any contract upgrade is visible on-chain and it would follow a governance response. The SC is also deterred by public scrutiny, loss of reputation and backslash.

As a rollup, users can always withdraw funds back to Ethereum considering the bridge contract was not compromised. In an extreme case, a Fork can be done to restore any harm which would also make an attack less attractive for perpetrators.

In a PoA chain like XRP the same entities or validators (vetted by Ripple) control protocol rules and transactions, so they have full control of the network. In contrast, transaction validation in Arbitrum is independent from the SC.

A bigger risk for Arbitrum could arguably be the centralized sequencer which cannot take user funds but could halt the network if it fails. However, there is a roadmap in place and initiatives to further decentralize the sequencer and this: Team 8: Decentralized Sequencing .

“Arbitrum’s long-term vision includes transitioning from a centralized Sequencer to a decentralized, fair sequencing model. In this framework, a committee of servers (or validators) collectively determines transaction ordering, ensuring fairness, reducing the influence of any single party, and making it more resistant to manipulation.” Check: The Sequencer and Censorship Resistance | Arbitrum Docs

Also very interesting: Distributed Sequencer Technology — A Path Towards Decentralized Sequencing | by Figment Capital | Medium

1 Like
5

Thank you for the answer

Yes, this would happen in a 7/12 SC attack scenario, but in a 9/12 SC attack the Arbitrum DAO can only react when its to late.

There are two problems with this, both resulting from the high amount of value locked in Arbitrum One, as i am writing this, its $14.1B

  1. This amount is so high then its probably more then 9/12 SC members would made in the rest of their blockchain carrier. So the argument that their would destroy their reputation, doesn’t necessary prevent them from an attack.
  2. This amount is so high that a highly sophisticated criminal organization could set a budget of $141M to attack the network, which are $15,6M for each of the 9 SC members they want to target. If they are successful with their attack, they would 100x their “investment”.
    Now imagine how much of a budget that is to bribe the environment of the keyholders, pay private detectives to find out secret information, hire criminal mercenaries to attack physically or digitally and so on.

And the more the value locked in Arbitrum is increasing, the more the budget for attacking the network is increasing.

As an L2 the value of the tokens in Arbitrum is not derived from Arbitrum itself but from they, beeing backed by Ethereum. If you fork Arbitrum you don’t fork the locked value with it, because this would be a double spend on Ethereum.
So you can’t withdraw anything from the forked Arbitrum network to the Ethereum Main Chain, which would make the forked Arbitrum seen as without value for most people.