August 30, 2024




Track 1

Discovering and Investigating Propagated Vulnerabilities from Ethereum to Its Layer-2 Blockchains

Research Assistant Professor, Department of Computer Science & Engineering

Hong Kong University of Science and Technology

Associate Professor, Department of Public & International Affairs

City University of Hong Kong

Ethereum is the most popular blockchain for hosting smart contracts. Despite its decentralization, Ethereum suffers from expensive transaction fees and low throughput in terms of TPS (transactions per second). As a result, third-party layer-2 blockchain networks have emerged in recent years, including self-contained networks such as BSC, Polygon, and Avalanche, as well as roll-up-based networks like Optimism, Avalanche, and Base.

In this talk, we will introduce our recent efforts to discover how Ethereum’s CVE vulnerabilities could propagate from Ethereum to BSC/Optimism/Base/Mantle. The discussion consists of the following three parts:

  • First, the architectural background between Ethereum and its layer-2 blockchain networks will be introduced (around 8 minutes).
  • Second, a novel tool, BlockScope (see the attached whitepaper), will be discussed in terms of its design and implementation (around 18 minutes).
  • Third, our vulnerability discovery in BSC/Optimism/Base/Mantle, including a total of 15 zero-day vulnerabilities (1 for BSC, 4 for Optimism, and 5 for Base/Mantle), will be introduced (around 24 minutes).

Lastly, we will open-source BlockScope for the first time at this conference.