The Linea Mainnet will be upgraded on a continuous basis. Security is a top priority and we will seek to improve the guarantees that users have when using the system. This page reflects the current threats and security measures users should be aware of prior to using the Linea network.
Potential Threats and Security Measures
Given that the current network is an Alpha version of the Linea Mainnet, rather than a full release, we are currently in the process of ongoing security audits and assessments. As such, your data and crypto-assets might face certain risks, potentially originating from software bugs or similar issues.
Linea employs novel, cutting-edge technology which could potentially harbor unanticipated risks and issues. Possible consequences could include data loss or the disappearance of crypto-assets.
Processes involving cross-blockchain bridging could potentially become targets for cyber threats and attacks, including but not limited to exploits that target vulnerabilities in the software, hardware, infrastructure, or equipment associated with bridge components, smart contracts, and other related systems.
Network Accessibility and Efficiency
Given the Alpha status of the Mainnet, there may be occasional periods where Linea's performance slows down or becomes temporarily unavailable without advance warning. These instances could potentially result in the unforeseen loss of access, data, or crypto-assets. Users engaging in high-value transactions should be aware that transaction completion might be delayed.
The Journey Towards Decentralization
The team behind Linea is actively pursuing further decentralization of the system. This implies a progressive enhancement of the system's decentralization and trust minimization over time.
The Mainnet Alpha will integrate some centralized components like the Sequencer, Prover and Security Council, maintained by the Linea team to help bootstrap the network. The Sequencer possesses the capability to postpone transaction inclusion and rearrange transactions.
Additionally, the validity proofs used to verify the computation of Linea batches do not prove 100% of EVM opcodes and precompiles. This means that the proof does not have full completeness and a level of trust is placed on the Linea operator to not maliciously alter the state of the system.
Ensuring the Linea Mainnet Alpha’s security is an ongoing endeavor. This involves addressing security issues, a task that falls under the jurisdiction of our Security Council. The Council, consisting of eight members, holds the authority to pause the rollup and upgrade the Linea Mainnet Alpha immediately without submitting a validity proof, given the threshold of 75% signatories, in order to respond to urgent security problems. If council members were to act with malice or collude, it could compromise system integrity, potentially leading to network upgrades that may result in the loss of crypto-assets.
Given the centralized nature of the Sequencer and Prover during the Mainnet Alpha phase, there exist potential risks related to network downtime and outages, some of which may be outside of the control of the Linea team.
During the initial launch of the Mainnet Beta, users won't be able to force transactions on Layer 1 and withdrawal limits are placed on the bridge to minimize the impact of any potential malicious actors.
For more details on the Linea Decentralization and Trust Minimization Roadmap, see here.
Just as Ethereum, Linea also operates on a permissionless framework, meaning that any individual is free to launch any smart contract code they choose. When engaging with contracts on Linea, users should adhere to the same precautions as with Ethereum - that is, they should only interact with an application if they are confident in its security and trustworthiness.
Audits and Security Checks
Linea's implementation has undergone careful construction, with continuous internal and external audits from leading web3 security companies, including Consensys Diligence, as well as reviews and testing in alignment with engineering best practices. Despite this, it's improbable that all potential bugs or vulnerabilities have been identified, implying that undiscovered vulnerabilities might put user funds at risk. Users should keep this risk in mind when deciding the amount of value to put onto the Linea Mainnet Alpha.
To ensure thorough security checks, we have initiated an extensive bug bounty program for Linea. This is to motivate the community to identify critical bugs in the system. More details can be found on the Linea Bug Bounty page on Immunefi.