A controversial airdrop? Beosin KYT takes you to track suspicious addresses in the AltLayer airdrop

Feb 08, 2024

A controversial airdrop? Beosin KYT takes you to track suspicious addresses in the AltLayer airdrop


Recently, AltLayer, a leading project in the Rollup as a service (RaaS), has launched the largest airdrop in 2024 so far. The total value of the airdrop exceeds $100 million, which has become a hotly discussed topic in the Web3 space but the airdrop was questioned by the community. 35% of the airdrop share (about 35 million US dollars) was allocated to addresses holding AltLayer NFT (the total circulating supply is only 2157) while addresses participating in the testnet only receive about $30 in ALT tokens per address on average.


AltLayer is a highly scalable, low-cost, and quick-start Rollup solution. After the airdrop on January 25, did the addresses that received the AltLayer airdrop have any abnormal on-chain activities? What security challenges does RaaS face? Below is Beosin's analysis.


AltLayer Architecture

AltLayer helps developers quickly launch modular Rollup by supporting combinations of all major Rollup stacks, data availability layers, settlement layers, and decentralized sequencers. Its major RaaS partners include Optimism, Arbitrum, Polygon, zkSync, EigenLayer, Celestia and Hyperlane.


AltLayer Architecture


As shown in the figure above, the blockchain network built based on AltLayer will process transactions in three steps: first aggregate transactions to improve performance, then generate blocks, and finally verify the blocks. When packaging and generating blocks, AltLayer supports the use of a decentralized sequencer called SQUAD to package transactions. When validate a block, the verifier needs to submit transaction data to Layer1. Developers can choose different data security levels based on performance and security requirements.


In order to achieve decentralized sequencers, AltLayer adds a layer of components called Beacon Layer between the execution layer and the consensus layer . It is one of the core components of AltLayer and provides sequence and validation functions between the execution layer and the consensus layer. The shared ordering node in the beacon layer provides hierarchical transaction ordering services for Rollup in AltLayer , as shown in the figure below. When developers create and start their own Rollup through the AltLayer dashboard , the beacon layer will allocate sequencer nodes to be responsible for executing transactions in the Rollup, as shown in the following figure:



These nodes use a staking/cutting mechanism to incentivize and punish the behavior of nodes to ensure the security and activity of the network. AltLayer plans to open the shared ordering nodes as a decentralized network that anyone can join, but currently these nodes are mainly controlled by AltLayer and its partners.


Airdrop Controversy

After AltLayer announced its airdrop details, the community expressed dissatisfaction with the airdrop quota of 35.47% (106,410,000 ALT tokens) available to NFT Holders.


AltLayer has previously issued two NFT series: AltLayer OG Badge and Oh Ottie!. The total circulation of the two series is only 2157. This means that addresses holding NFTs will receive huge airdrops, while users participating in testnet activities only receive an average of about 1,000 tokens in airdrops per address. Some users were mistakenly labeled as sybils, exacerbating the dissatisfaction of the community.



After we used Beosin KYT to check the addresses of NFT holders, we found that after many NFT Holders purchased OG Badge and received Oh Ottie! series NFTs, their addresses remained dormant until the airdrop.


Take the 0xf39a60D5577220059829f0838c79bB7081Bdb6Ac that has the most airdrops for example:


After withdrawing Ethereum from FTX on July 30, 2022, address 0xf39a only spent a total of 2.569 ETH to purchase 8 OG Badges through Seaport. In addition to receiving the NFT airdrop of the Oh Ottie! series, there was no transaction before receiving AltLayer airdrop.



0xf39a received a total of 1.29 million ALT tokens in this airdrop, and then sent the received tokens to multiple new addresses. Detailed txns can be viewed on Beosin KYT:



The address that received the second most airdrops 0x4f0e22F2888d7F95787c4948576Ab3a54E3ab83c, is similar. On July 28, 2022, ETH was withdrawn from FTX, and a total of 5.3844 ETH was subsequently spent to purchase related NFTs through Seaport.



Analyzing its transactions, it can be found that 0x4f0e first spent 2.0414 ETH to purchase 6 OG Badges from July to August 2022.



Then in February 2023, 0x4f0e continued to spend 3.343 ETH to purchase 7 Oh Ottie! series NFTs. Later, 0x4f0e did not become active again until AltLayer started airdropping.



0x4f0e claimed 1.19 million ALT. Similar to 0xf39a, it also dispersed the received tokens to multiple new addresses. Detailed txns can be viewed on Beosin KYT:



Is it a coincidence that these addresses held NFTs and became dormant? How should a project’s airdrop rules be set to achieve to anti-sybil and fairly reward users? This is an issue that both projects and the community need to continue to explore.


RaaS Track Security Challenge

AltLayer is aleading project of the RaaS track and RaaS can be divided into op-Rollup as a Service and zk-Rollup as a Service according to the supported Rollup. Currently, service providers of RaaS mainly use the op-Rollup stack, which supports the quick start of op-Rollup. The service provider of op-Rollup as a service faces many security challenges.


Usually, the core component of op-Rollup is shown in the figure and consists of 4 parts:




1. Layer1 validator contract. Each Rollup needs to deploy a validator contract on Layer1. The function of this contract is to receive and store the block hash value and status root submitted by Rollup, and update the status of users' deposits and withdrawals to Rollup. Rollup needs to synchronize modifications to Layer1 and Layer2 in a timely manner. The user's status. If the Rollup service operator runs away, the user's assets also need to ensure that they can be withdrawn from the contract on Layer1.


2. Rollup Sequencer. Responsible for processing and executing Rollup transactions, maintaining user status between Layer1 and Rollup, and synchronizing the status of L1 and L2.


3. Fraud proof. Fraud proof is the core of op-Rollup. It is optimistic that all transactions and status are correct. Wait for the third party to challenge and submit relevant proof to Layer1 for confirmation. If fraud is proven, the node that originally issued the relevant transaction will be punished and the state will be rolled back.


4. Data availability. Rollup will store the transaction data in Layer1 to ensure the final confirmation and status update of the data. In this way, even if the Rollup project team runs away, users may get their funds back on Layer1.


If you want to use op-Rollup as a Service, the above four parts will be provided by the RaaS service provider, and the Rollup code and node maintenance will be the responsibility of the RaaS service provider (the service provider may outsource/assign it to its partners). Project parties using RaaS services only need to do operations and marketing to attract users to use their Rollup.


This greatly reduces the setup cost and time of a project, but leaves a lot of room for op-Rollup service providers to do evil. The security challenges that exist include:


Fraud proof that has been mentioned above. Fraud proof is the core of op-Rollup to ensure the safe and stable operation of the network. With the promotion of Rollup as a Service, more and more op-Rollups will be launched. It is difficult for security companies/communities to monitor whether the status of Rollup is normal and whether there is any malicious transaction. The frequency of rollup-related security incidents is likely to increase.


The second is the asset security issue of Layer1 and Layer2 . At present, many op-Rollup assets do not enter Rollup from the recharge of smart contracts deployed on Layer 1. Many assets enter Rollup through third-party cross-chain bridges. The existence of these cross-chain bridges introduces more potential security risks.


The above are the two security issues that currently need to be improved most in op-Rollup and op-Rollup as a Service.


The core components of zk-Rollup are similar to op-Rollup, but zk-Rollup uses validity proof. When the proof is verified to be correct, the status will be updated on Layer1. This ensures that zk-Rollup can always run in the correct state and is more secure than op-Rollup. However, the performance and development difficulty of zk-Rollup have led to the slow progress of zk-Rollup as a Serivce. Currently, the service providers of zk-Rollup as a Serivce are basically still in the development and testing stage.



Currently, AltLayer has reached cooperative relationships with multiple chains to help developers quickly set up Rollups. In order to solve the centralization problem of sequencers, AltLayer introduces a beacon layer for decentralization. However, due to the optimistic assumptions of op-Rollup, it is difficult to monitor the transaction security of each op-Rollup. The following op-Rollups built through RaaS services may have malicious transactions which may be ignored and will not be challenged after a long time.

Original Link

본 글에 기재된 내용들은 작성자 본인의 의견을 정확하게 반영하고 있으며 외부의 부당한 압력이나 간섭 없이 작성되었음을 확인합니다. 작성된 내용은 작성자 본인의 견해이며, (주)크로스앵글의 공식 입장이나 의견을 대변하지 않습니다. 본 글은 정보 제공을 목적으로 배포되는 자료입니다. 본 글은 투자 자문이나 투자권유에 해당하지 않습니다. 별도로 명시되지 않은 경우, 투자 및 투자전략, 또는 기타 상품이나 서비스 사용에 대한 결정 및 책임은 사용자에게 있으며 투자 목적, 개인적 상황, 재정적 상황을 고려하여 투자 결정은 사용자 본인이 직접 해야 합니다. 보다 자세한 내용은 금융관련 전문가를 통해 확인하십시오. 과거 수익률이나 전망이 반드시 미래의 수익률을 보장하지 않습니다. 본 글은 제휴 파트너에 의해 제공된 것으로, (주)크로스앵글은 본 글에 대한 편집 통제권을 가지지 않고 본 글에 포함된 정보의 정확성 및 적시성에 대해 보증하지 않습니다. 본 글에는 제3자 웹사이트에 대한 링크가 포함될 수 있으나 (주)크로스앵글은 제3자 웹사이트에 대해 통제하거나 책임을 부담하지 않습니다.
본 제작 자료 및 콘텐츠에 대한 저작권은 자사 또는 제휴 파트너에게 있으며, 저작권에 위배되는 편집이나 무단 복제 및 무단 전재, 재배포 시 사전 경고 없이 형사고발 조치됨을 알려드립니다.