SECURING THE FUTURE OF ZK PROOFS & ETHEREUM SCALABILITY
In-Depth Audit of Aligned Layer’s Smart Contracts and Batch Processing
At FuzzingLabs, we recently completed a comprehensive security audit of Aligned Layer, a decentralized network designed to provide fast, efficient, and low-cost verification of zero-knowledge (ZK) and validity proofs on the Ethereum blockchain. This post summarizes the key findings of our audit, with a focus on the protocol’s strengths and the vulnerabilities we uncovered. Additionally, we’ll introduce the Eigen Layer, an integral component of the system, and discuss how it strengthens Ethereum’s security using proof-of-stake mechanisms.
What is Aligned Layer?
Aligned Layer is a cutting-edge solution aimed at enhancing Ethereum’s scalability by offloading verification processes off-chain. It overcomes the inherent limitations of traditional blockchain verification systems, which tend to be slow and expensive due to the need for nodes to re-execute every transaction. Aligned Layer speeds up the process by enabling faster proof verification—up to 2,500 proofs per second—using Ethereum’s proof-of-stake (PoS) security model.
The platform operates in two modes:
- Fast Mode: A subset of Ethereum validators verify proofs in parallel, achieving a consensus and posting results on Ethereum.
- Aggregation Mode: The system compresses multiple proofs, optimizing large-scale verification.
Eigen Layer Integration
Aligned Layer leverages Eigen Layer, a middleware protocol for Ethereum. It enhances Ethereum’s security by enabling off-chain computations to be verified and secured by the Ethereum PoS validators.
Eigen Layer’s design enables Aligned Layer to handle a significant number of transactions while ensuring trustless verification, making it a powerful tool for zk-rollups, identity protocols, and decentralized applications (dApps) requiring high throughput and low latency.
Aligned Layer Security Audit Recap
Our audit for Aligned Layer focused on critical components such as smart contracts, the Batcher, Operator, and Aggregator.
- Number of Vulnerabilities Identified: 28
- Severity Levels: Ranging from Critical to Informational, these issues spanned categories such as Denial of Service (DoS), race conditions, and access control flaws.
- Interesting Findings:
- MEV Aggregator Fee Vulnerability: We identified a frontrunning risk where an attacker could exploit the gas price to extract all the batcher’s balance.
- OOM Operator Issue: An out-of-memory (OOM) vulnerability was found in the Operator component, where crafted gzip HTTP responses could exhaust memory, leading to a DoS attack.
- OOM Explorer: Similarly, the Explorer component was vulnerable to OOM attacks, triggered by reading response bodies without limits.
Audit Specifics: No Scope Limitations
One of the key strengths of this audit was its full white-box nature, with no scope limitations. This gave us full access to the Aligned Layer codebase and architecture, allowing a deep dive into its security posture. A significant focus was placed on smart contracts, a critical component in ensuring the security of blockchain-based platforms. We also developed custom fuzzing tools, automating vulnerability detection for key components.
Strengths of Aligned Layer
Despite the identified vulnerabilities, Aligned Layer demonstrated notable strengths:
- High Throughput: Its ability to handle over 2,500 proofs per second positions it as a leading platform for zk-proof verifications.
- Ethereum’s PoS Security: By building on Ethereum’s PoS system, Aligned Layer ensures robust security through trusted validators.
- Batch Processing Capabilities: The platform efficiently manages large numbers of proofs and transactions, making it scalable for various decentralized applications.
Moreover, the Aligned Layer team responded promptly to our findings. They were not only quick in addressing the reported issues but also highly attentive to our feedback. Throughout the audit process, the team remained in tune with our recommendations and demonstrated a strong commitment to improving the platform’s security. Their receptiveness and proactive collaboration ensured that the vulnerabilities were fixed efficiently, reinforcing the platform’s robustness.
Conclusion
Our audit of Aligned Layer highlighted both the potential and the challenges of this innovative protocol. While we uncovered a number of vulnerabilities, the swift and attentive response from the Aligned Layer team underscores their commitment to security and transparency. Their ability to address issues rapidly, combined with the protocol’s impressive throughput and integration with Ethereum’s proof-of-stake system, positions Aligned Layer as a leading solution in the zk-proof verification space.
For more details on our findings and the security recommendations for Aligned Layer, you can view the full audit report.
About Us
Founded in 2021 and headquartered in Paris, FuzzingLabs is a cybersecurity startup specializing in vulnerability research, fuzzing, and blockchain security. We combine cutting-edge research with hands-on expertise to secure some of the most critical components in the blockchain ecosystem.
Contact us for an audit or long term partnership!
