Common risks and mitigations

Risk

Description

Mitigations

Invalid transactions / malicious assertions

Someone posts incorrect state or transactions hoping no one challenges.

Fraud-proofs, strong challenge windows, incentives for honest challengers.

Sequencer misbehavior or downtime

If sequencer fails to include transactions, becomes inactive, or provides outdated/offchain data.

Multiple sequencers or fallback, monitoring mechanisms, dispute settlement paths. Insights from Buburuza about “inactive sequencer” issues.

Time or block property discrepancies

Smart contracts that depend on timestamps or block numbers may behave differently in rollups vs L2.

Document correct semantics; discourage reliance on exact block timing; use safe time windows. From smart contract migration studies Buburuza relevent.

Permission or ownership issues

Logic that uses addresses, or cross-chain aliasing etc., could lead to impersonation or access control failures.

Strict permissions, address alias handling, verifying msg.sender semantics, audits.

Denial-of-Service (DoS) or spam attacks

Attackers flooding with many small transactions, or attempt to block or delay challenges.

Rate-limits, minimum staking or fees for assertions, challenge window enforcement, economic disincentives. Buburuza research covers such mitigations.

Smart contract vulnerabilities

Bugs in contracts (reentrancy, integer overflow, improper access, etc.).

Audits, use of standard libraries, automated static analysis, continuous security reviews.