Security is taken for granted, until it’s not. Spend a month on crypto twitter and you can see the abundance of protocol, bridge, and wallet hacks that plague the builders and users of web3. These hacks become trending topics, with famous vigilante accounts doing post-incident tracing, audit firms being called out, and unprecedented incidents such as the Kyberswap governance attack that drained $48M from the protocol. In web3, security is a hot topic.
Linea is committed to building the safest place to be in web3. We believe that investing heavily in a security approach that advances past “audits and chill” is a paramount responsibility at the network level to protect our community’s on-chain interests. Conviction in security as a fundamental network value drove the Linea team to build an innovative zero-knowledge infrastructure as the bedrock of the network, rather than following the road of forking an open-source codebase or deploying an optimistic rollup. Beyond the infrastructure layer is the ecosystem, and here lies our main focus: to push the needle on security by partnering with various projects and creating a security-conscious culture among both developers and users. We believe that these mutual approaches will deliver the most secure layer 2 (L2) in the long run.
Read on to discover Linea’s Full-Spectrum Security system, dive deep into our ground-breaking zero-knowledge technology, and how security culture at the social layer all combine to make Linea the ecosystem where dapps thrive, users are safe, and innovation flourishes.
A cryptographically secure zero-knowledge (zk) infrastructure is the foundation of creating the safest place to interact with web3. Unlike Optimistic Rollups that prioritize trust in third parties, publishing data to Ethereum mainnet and providing a challenge period to dispute fraudulent transactions, zero-knowledge rollups prove transaction validity right away. To put it succinctly: zk rollups, like Linea, rely on hard cryptography for security, whereas legacy technology pursued by optimistic rollups relies on cryptoeconomics and game theory. Building an ecosystem with zero-knowledge at the heart of it is like building a city on top of solid ground.
In the world of zkEVMs, Linea’s infrastructure is industry-leading and designed for progressive decentralization, starting with the client and prover.
Linea’s award-winning, recursion-friendly, lattice-based prover is more performant than standard schemes and can rapidly generate proofs of computation over large batches of transactions
Linea uses zkSNARK proofs to verify the computational integrity of every Linea transaction in Ethereum, offering users high levels of security at low cost.
Linea is the first zkEVM to introduce more than one client, aligning with Ethereum’s goal of client diversity. This reduces the risk of single-point-of-failure bugs compared to having a single client.
Linea’s pioneering multi-prover roadmap underscores the importance of decentralization for the network, which, when achieved, will further strengthen resilience.
Linea adopts a research-directed approach to ensuring overall integrity. For example, by applying formal verification at multiple levels, such as the on-chain Plonk verifier and the ZK arithmetization.
There is a lot to be done to achieve our vision of being web3’s safe haven for builders, crypto natives, and the on-chain curious. We believe that Linea’s protocol infrastructure will yield boons to our ecosystem over the long haul, providing more security, a better UX, and technical agility that can only be achieved by building something from scratch.
Above the infrastructure level, a network’s ecosystem is a sum of many moving parts: from protocol smart contracts to the security of decentralized applications (dapps) and human behavior, all the way to the tools users trust to interact with the network. Linea’s team observed that the L2 ecosystem security extends in an array of potential vulnerabilities like a spectrum of light. Some wavelengths are readily apparent to the naked eye while others are invisible, but critical to address for the ecosystem’s health.
A core promise of our Full-Spectrum Security System is that we actively monitor our ecosystem for threats to catch and prevent vulnerabilities in real-time. Further, network security requires decentralization. We have partnered with over 20 firms to bolster our security and trust mechanisms, leveraging industry-leader expertise to move towards our goal of building the most secure zkEVM environment. Combining a decentralized security approach, we have begun to implement our Full-Spectrum Security System (v1).
Threat Prevention is the foundational step any dapp or protocol should take to ensure that production environments are reasonably safe. Audits and bug bounties make up a large portion of threat prevention. This is mostly backwards-looking, as firms or independent parties look at deployed codebase.
Real-Time Monitoring boosts network security by making vulnerability detection happen in real-time for smart contracts critical to the protocol. 24/7 monitoring doesn’t go as deep as threat prevention audits, but real-time threat detection can help alert the ecosystem to potential vulnerabilities and provide precious response time in the event of an emergency.
Incident Response helps mitigate the impact and remediate the cause of any attack or accident. While we can (and do!) have a robust plan for responding to any attack that targets our systems, the interoperable nature of these protocols means that an incident may require coordination across multiple, independent parties. Community-driven initiatives like SEAL 911 fill this gap by reducing response time and helping coordinate efforts across different companies, projects, and time zones. Complemented by Post-Incident Tracing, we can harness the immutable, transparent nature of on-chain activity to empower on-chain investigations that can identify and trace malicious actors, determine exactly how an exploit occurred, and identify strategies to counter further vulnerabilities.
User Protection helps prevent vulnerabilities at the level where a dapp user interacts on-chain. This starts with comprehensive education and community support, so people know the best practices to protect themselves in a permissionless ecosystem. Our robust community support teams in Discord host regular AMAs and are available to chat to help address issues that surface in real-time. Additionally, security products like threat scanners, wallet plugin monitors, and social reputation firms can make it easier for web3 users to make informed decisions about when to be suspicious and avoid interacting with their wallet.
We will explore each level of the spectrum and share some love with the partners who help bring our vision of security to life here in the coming days.
Can the social layer enhance network security? We believe it can. It is a key component to building the safest L2 ecosystem. On Linea, we make sure that any dapp we engage with officially has successfully passed an audit. As we implement new ways to scale distribution mechanisms for dapps, we’ll continue to prioritize the teams who have implemented high-grade security measures.
The concept of a security culture is new, and it’s something we’re just beginning to explore. If you’re a dapp builder or Linea community member with a great idea to develop a grassroots security initiative, please get in touch with us!
Our mission is to make web3 safe and accessible for everyone by establishing the most robust security system in web3, and empowering dapps to build, grow, and succeed. We believe that the model of zero-knowledge proofs will invariably provide more confidence in network safety for participants. Our vision is a secure place for the world on-chain, where builders and users can flock and know that their safety is a #1 priority.
Over time, we expect to see security breaches to be increasingly common on the increasingly diverse L2 landscape. Security incidents, in time, happen to everyone. We are deeply appreciative of our security and trust partners whose tireless efforts bring additional layers of protection to the Linea ecosystem.
Expect more details about Linea’s approach to security soon as we continue working to build the safest place to be in web3.