OmiseGO Advances Plasma with its Latest Implementation

January 27, 2020
Quantstamp Announcements

Quantstamp is proud to announce that we have enhanced the security of OmiseGO’s More Viable Plasma (More VP). OmiseGO is a repeat customer of Quantstamp: their first audit with Quantstamp took place in Nov 2018 in which our security engineers reviewed More VP’s predecessor, Minimum Viable Plasma. 

The OmiseGO team requested that Quantstamp answer the following questions during their security review:   

Quantstamp discovered a denial-of-service attack vector and several low-risk issues in the initial review process. OmiseGO quickly responded with fixes and, as is customary in all of Quantstamp’s security reviews, Quantstamp then reviewed the suggested fixes and determined that they correctly addressed the initial vulnerabilities. 

Quantstamp also found that if a plasma user has many small UTXOs, it may make withdrawing funds to Layer 1 prohibitively expensive and also leave them open to having funds stolen by malicious plasma operators. OmiseGO stated that they plan to address this by regularly combining UTXOs on the application layer. 

What is Plasma?

Plasma is a Layer 2 technology in development that aims to scale Ethereum so that it can handle higher transaction rates by reducing the amount of data that is stored directly on the main Ethereum blockchain, also referred to as Layer 1 Ethereum. Plasma aims to create blockchains that exist “on top of Ethereum” that enable faster and cheaper transactions but that ultimately rely on the main chain for security.

How is More Viable Plasma different than Minimum Viable Plasma?

More Viable Plasma is designed to improve user experience. In Minimum Viable Plasma, when a user sends a transaction, their transaction is not finalized until they send a 2nd “confirmation message.” A user is only supposed to send this confirmation message once they recognize that their transaction was added to a plasma block. This additional step was required in order to secure their funds against malicious actors.  

In More Viable Plasma, users no longer need to send a confirmation message in order to finalize their transaction. In order to protect users funds in this new design, the exit game was modified. More VP’s exit game can be described as the economic incentives that are built into the way users withdraw funds from Layer 2 to Layer 1 in order to discourage malicious behavior.  

In More Viable Plasma, if a user wants to withdraw their funds from Plasma Layer 2 to Ethereum Layer 1, they must place a bond that can be claimed by other network participants if the user withdrawing funds is cheating the network. 

In order to claim the bond, network participants must provide proof that a malicious user is attempting to withdraw funds they have already spent. This game simultaneously incentivizes network participants to look for dishonest behavior while also disincentivizing potential bad actors from cheating the network. 

More Viable Plasma also included “in-flight exits.” This means that if a malicious operator refuses to add your transaction within a plasma block, users can still safely redeem their funds.  

About Quantstamp

Quantstamp is a Y Combinator-backed company building the standard in blockchain cybersecurity. With a team of security experts dedicated to securing decentralized systems, Quantstamp is enabling a future of safer and more reliable blockchain applications and helping enterprise companies deploy blockchain solutions with a security-first mindset.

--

For more Quantstamp news or anything QSP crypto or QSP coin related, check out Quantstamp Reddit and QSP Twitter.

Quantstamp Announcements
January 27, 2020

Quantstamp is proud to announce that we have enhanced the security of OmiseGO’s More Viable Plasma (More VP). OmiseGO is a repeat customer of Quantstamp: their first audit with Quantstamp took place in Nov 2018 in which our security engineers reviewed More VP’s predecessor, Minimum Viable Plasma. 

The OmiseGO team requested that Quantstamp answer the following questions during their security review:   

Quantstamp discovered a denial-of-service attack vector and several low-risk issues in the initial review process. OmiseGO quickly responded with fixes and, as is customary in all of Quantstamp’s security reviews, Quantstamp then reviewed the suggested fixes and determined that they correctly addressed the initial vulnerabilities. 

Quantstamp also found that if a plasma user has many small UTXOs, it may make withdrawing funds to Layer 1 prohibitively expensive and also leave them open to having funds stolen by malicious plasma operators. OmiseGO stated that they plan to address this by regularly combining UTXOs on the application layer. 

What is Plasma?

Plasma is a Layer 2 technology in development that aims to scale Ethereum so that it can handle higher transaction rates by reducing the amount of data that is stored directly on the main Ethereum blockchain, also referred to as Layer 1 Ethereum. Plasma aims to create blockchains that exist “on top of Ethereum” that enable faster and cheaper transactions but that ultimately rely on the main chain for security.

How is More Viable Plasma different than Minimum Viable Plasma?

More Viable Plasma is designed to improve user experience. In Minimum Viable Plasma, when a user sends a transaction, their transaction is not finalized until they send a 2nd “confirmation message.” A user is only supposed to send this confirmation message once they recognize that their transaction was added to a plasma block. This additional step was required in order to secure their funds against malicious actors.  

In More Viable Plasma, users no longer need to send a confirmation message in order to finalize their transaction. In order to protect users funds in this new design, the exit game was modified. More VP’s exit game can be described as the economic incentives that are built into the way users withdraw funds from Layer 2 to Layer 1 in order to discourage malicious behavior.  

In More Viable Plasma, if a user wants to withdraw their funds from Plasma Layer 2 to Ethereum Layer 1, they must place a bond that can be claimed by other network participants if the user withdrawing funds is cheating the network. 

In order to claim the bond, network participants must provide proof that a malicious user is attempting to withdraw funds they have already spent. This game simultaneously incentivizes network participants to look for dishonest behavior while also disincentivizing potential bad actors from cheating the network. 

More Viable Plasma also included “in-flight exits.” This means that if a malicious operator refuses to add your transaction within a plasma block, users can still safely redeem their funds.  

About Quantstamp

Quantstamp is a Y Combinator-backed company building the standard in blockchain cybersecurity. With a team of security experts dedicated to securing decentralized systems, Quantstamp is enabling a future of safer and more reliable blockchain applications and helping enterprise companies deploy blockchain solutions with a security-first mindset.

--

For more Quantstamp news or anything QSP crypto or QSP coin related, check out Quantstamp Reddit and QSP Twitter.

Get your DeFi application secured by Quantstamp
Secure Now!
Get your DeFi application secured by Quantstamp
Secure Now!
Quantstamp Announcements

Monthly Hacks Roundup: March 2024

March was a volatile month for the web3 security landscape, with significant security breaches totalling over $152 million in losses. Read on as we dive into four major security incidents and the trends from last month 👇

Read more
Quantstamp Announcements

Modular Account: How Audits Can Help Shape Standards And Catalyze Mass Adoption

Quantstamp recently conducted a smart contract audit for Alchemy’s Modular Account, a wallet implementation designed from the ground up for ERC-4337 and ERC-6900 compatibility including two plugins

Read more
Quantstamp Announcements

Quantstamp 2023 Web3 Security Year In Review

As the year comes to a close, we wanted to take a moment to reflect on this year’s biggest hacks, root causes, and noteworthy trends.

Read more
Services
AuditsInfrastructure AuditsEconomic ExploitsInsuranceDeFi Protection
Resources
Audit ReportsAudit Readiness Guide
About
BlogTeamMediaCareers
Back to Top
Follow
Quantstamp logo

Request an Audit

Quantstamp works with a wide variety of teams ranging from new DeFi protocols to established enterprises. 

Share some details about what you’re building and someone from our team will reach out as soon as possible. We appreciate your interest and look forward to hearing about your project!

Close
We received your request successfully

Thank you for expressing your interest in a smart contract audit. You will receive a confirmation email from us and our team will be in touch with you within the next few days.

In the meantime, please consider getting your code and documentation ready in accordance with the Audit Readiness Checklist.

Close
Oops! Something went wrong while submitting the form.
Quantstamp logo

Contact Our Press Team

Are you interested in writing about Quantstamp or learning more about us? 

Fill out the form and we will contact you shortly. We look forward to meeting you.

High-caliber team
Stellar track record
Chain agnostic
Strategic partnerships
Close
We received your request successfully

Thank you for contacting our press team. We will get in touch with you in the next few days.

Close
Oops! Something went wrong while submitting the form.
Quantstamp logo

Contact Us

Let us know how you would like to collaborate with us.

Close
Success
We received your request successfully

Thank you for expressing your interest in Quantstamp. We will contact you as soon as we review your message.

Close
Oops! Something went wrong while submitting the form.