Ethereum is the most popular blockchain for hosting smart contracts. Despite its decentralization, Ethereum suffers from expensive transaction fees and low throughput in terms of TPS (transactions per second). As a result, third-party layer-2 blockchain networks have emerged in recent years, including self-contained networks such as BSC, Polygon, and Avalanche, as well as roll-up-based networks like Optimism, Avalanche, and Base.
In this talk, we will introduce our recent efforts to discover how Ethereum’s CVE vulnerabilities could propagate from Ethereum to BSC/Optimism/Base/Mantle. The discussion consists of the following three parts:
- First, the architectural background between Ethereum and its layer-2 blockchain networks will be introduced (around 8 minutes).
- Second, a novel tool, BlockScope (see the attached whitepaper), will be discussed in terms of its design and implementation (around 18 minutes).
- Third, our vulnerability discovery in BSC/Optimism/Base/Mantle, including a total of 15 zero-day vulnerabilities (1 for BSC, 4 for Optimism, and 5 for Base/Mantle), will be introduced (around 24 minutes).
Lastly, we will open-source BlockScope for the first time at this conference.
