The assumption that EVM compatibility implies security equivalence is one of the most dangerous beliefs in smart contract development. EVM compatibility tells you that your bytecode will execute — it says nothing about whether your security model holds in the new execution environment. L2 chains introduce a set of systemic differences — in block production, transaction ordering, timestamp semantics, message passing, and precompile availability — that can individually or collectively render a secure mainnet contract exploitable.

This article catalogs these differences at the contract level and provides Solidity patterns for handling each one correctly.

1. Sequencer Centralization and Transaction Ordering

On Ethereum mainnet, no single party controls transaction ordering. Validators are pseudonymous, block builders are in open competition, and — while MEV exists — ordering is ultimately governed by market dynamics across many actors. On most production L2s today, this is not the case.

Most current optimistic rollups rely on centralized sequencers for transaction ordering. While this doesn’t compromise the validity of the chain’s state (invalid transactions can still be challenged via fraud proofs), it creates real censorship risks and a single point of failure.

The practical implication for smart contracts is severe: the sequencer can observe every pending transaction before inclusion and arbitrarily reorder them within a batch. This is not a theoretical concern — it is a structural property of the architecture.

If the sequencer becomes unavailable, users will lose access to the standard read/write APIs, preventing them from interacting with applications on the L2 network. Although the L2 chain’s security and state commitments remain enforced by Layer 1, no new batched blocks will be produced by the sequencer.

Users with sufficient technical expertise can still interact directly with the network through the underlying rollup contracts on L1. However, this process is more complex and costly, creating an unfair advantage for those who can bypass the sequencer.

This imbalance in access can lead to disruptions or distortions in applications, such as liquidations or market operations that rely on timely transactions.

What contracts are affected? Any contract that depends on ordering fairness: Dutch auctions, commit-reveal schemes, TWAP-based oracles that can be manipulated between observation windows, and liquidation engines that rely on predictable inclusion order.

The mitigation is not a single pattern but a design orientation: assume that a well-resourced actor can see your transaction before it is included and can insert their own transactions before or after it. Commit-reveal schemes remain the strongest structural defense:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

/// @notice Commit-reveal auction resistant to sequencer front-running.
/// Users commit a hash of (bid, salt) in round 1, reveal in round 2.
contract CommitRevealAuction {
    struct Commitment {
        bytes32 hash;
        uint256 block;
    }

    uint256 public constant REVEAL_DELAY = 20; // blocks
    mapping(address => Commitment) public commitments;
    mapping(address => uint256) public revealedBids;

    function commit(bytes32 _hash) external {
        commitments[msg.sender] = Commitment({
            hash: _hash,
            block: block.number
        });
    }

    function reveal(uint256 _bid, bytes32 _salt) external {
        Commitment memory c = commitments[msg.sender];
        require(
            block.number >= c.block + REVEAL_DELAY,
            "Reveal window not open"
        );
        require(
            keccak256(abi.encodePacked(_bid, _salt)) == c.hash,
            "Hash mismatch"
        );
        revealedBids[msg.sender] = _bid;
        delete commitments[msg.sender];
    }
}
On Arbitrum, `block.number` returns a value close to the L1 block number at the time the sequencer received the transaction — not the L2 block number. This means a `REVEAL_DELAY` expressed in `block.number` units behaves differently from mainnet. See Section 3.

The sequencer’s centralized nature creates a specific vulnerability for any contract that consumes oracle data. Because oracles on blockchains are contracts that need to be updated via transactions, if the sequencer becomes unavailable, oracle feeds on that particular L2 will stop being updated and become stale.

This is not an edge case. If the sequencer’s downtime exceeds the delay time implemented in the emergency procedure to submit transactions to the network, users are theoretically able to use stale prices to execute transactions.

The real-world attack vector is straightforward: at the time of the interaction, the sequencer responsible for recording the oracle’s reference prices is down, resulting in the oracle returning an invalid or stale price. The user, being aware of the sequencer downtime, exploits the invalid prices of the lending pool’s assets to buy, sell, flashloan, or liquidate positions based on the outdated oracle data. As a result, the user receives more tokens than they should according to the actual market price, causing a financial gain for the user and a loss for the protocol.

Chainlink provides a purpose-built feed to detect this condition. The updateStatus function in the ArbitrumSequencerUptimeFeed contract updates the latest sequencer status to 0 if the sequencer is up and 1 if it is down. It also records the block timestamp to indicate when the message was sent from the L1 network.

L2 Sequencer Uptime Feeds monitor the health of the sequencer, allowing smart contracts to automatically pause operations or enter a grace period if the network becomes unstable.

If you are using Chainlink Data Feeds on L2 networks like Arbitrum, OP, and Metis, you must also check the latest answer from the L2 Sequencer Uptime Feed to ensure that the data is accurate in the event of an L2 sequencer outage.

The following is a complete, production-oriented implementation of a sequencer-aware price oracle consumer:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import {AggregatorV2V3Interface} from
    "@chainlink/contracts/src/v0.8/interfaces/AggregatorV2V3Interface.sol";

/// @title SequencerAwarePriceFeed
/// @notice Wraps a Chainlink price feed with L2 sequencer uptime enforcement.
///         Reverts if the sequencer is down or if the grace period has not elapsed
///         since the sequencer last recovered.
contract SequencerAwarePriceFeed {
    AggregatorV2V3Interface public immutable priceFeed;
    AggregatorV2V3Interface public immutable sequencerFeed;

    /// @notice The grace period after sequencer recovery before prices are trusted.
    ///         This ensures stale prices from the downtime window are flushed.
    uint256 public constant GRACE_PERIOD = 1 hours;

    /// @notice Maximum acceptable age for a price update.
    uint256 public constant STALENESS_THRESHOLD = 2 hours;

    error SequencerDown();
    error GracePeriodNotElapsed(uint256 timeRemaining);
    error StalePrice(uint256 updatedAt, uint256 threshold);
    error InvalidPrice(int256 answer);

    constructor(
        address _priceFeed,
        address _sequencerFeed
    ) {
        priceFeed = AggregatorV2V3Interface(_priceFeed);
        sequencerFeed = AggregatorV2V3Interface(_sequencerFeed);
    }

    /// @notice Returns the latest validated price.
    /// @dev    Reverts under any condition that could indicate stale or
    ///         manipulated data due to sequencer disruption.
    function getPrice() external view returns (int256 price) {
        _checkSequencer();
        price = _getValidatedPrice();
    }

    function _checkSequencer() internal view {
        (
            ,
            int256 sequencerAnswer,
            uint256 startedAt,
            ,
        ) = sequencerFeed.latestRoundData();

        // sequencerAnswer == 0 means the sequencer is up.
        // sequencerAnswer == 1 means the sequencer is down.
        if (sequencerAnswer != 0) {
            revert SequencerDown();
        }

        // startedAt is the timestamp when the sequencer came back online.
        uint256 timeSinceRecovery = block.timestamp - startedAt;
        if (timeSinceRecovery < GRACE_PERIOD) {
            revert GracePeriodNotElapsed(GRACE_PERIOD - timeSinceRecovery);
        }
    }

    function _getValidatedPrice() internal view returns (int256 answer) {
        (
            ,
            answer,
            ,
            uint256 updatedAt,
        ) = priceFeed.latestRoundData();

        if (updatedAt < block.timestamp - STALENESS_THRESHOLD) {
            revert StalePrice(updatedAt, STALENESS_THRESHOLD);
        }

        if (answer <= 0) {
            revert InvalidPrice(answer);
        }
    }
}

The GRACE_PERIOD is critical and often omitted in naive implementations. Without it, an attacker can submit a transaction the moment the sequencer recovers, before fresh oracle updates have propagated — effectively still exploiting the stale price window.

The sequencer uptime feed is available on Arbitrum One, OP Mainnet, Base, Metis, Scroll, Mantle, Soneium, and zkSync. Confirm the correct feed address from the [Chainlink documentation](https://docs.chain.link/data-feeds/l2-sequencer-feeds) for each network — they are not the same address across chains.

3. block.timestamp and block.number Across L2s

This is one of the most underappreciated differences between L2 execution environments, and it affects a large class of time-dependent contracts: vesting schedules, lock periods, TWAP observations, rate limiters, and epoch-based governance systems.

Arbitrum

Block timestamps on Arbitrum are not linked to the timestamp of the L1 block. They are updated every L2 block based on the sequencer’s clock.

Accessing block numbers within an Arbitrum smart contract — i.e., block.number in Solidity — will return a value close to, but not necessarily exactly, the L1 block number at which the sequencer received the transaction.

This divergence is most dangerous for force-included transactions. For transactions that are force-included from the L1 (bypassing the sequencer), block.timestamp will be equal to the L1 timestamp when the transaction was put in the delayed inbox on L1 (not when it was force-included), or the L2 timestamp of the previous L2 block — whichever of the two timestamps is greater.

The practical implication: smart contracts containing logic to retrieve block number and timestamp are being migrated from Ethereum to Arbitrum, and this logic has resulted in inconsistencies in the behavior of the contract between Ethereum and Arbitrum, causing issues when dealing with time-related operations.

A real example: a user may open a position before synchronization occurs (at which point the L1 block number obtained on L2 is 1000), and then close it in the next block (obtaining a number of 1004 on L2). Although it appears that five L1 blocks have passed since the last transaction, only one L2 block has actually been produced. When using block.number to check the number of blocks passed between opening and closing, the values obtained may be greater than 1, while in reality only one L2 block has been generated — bypassing locking protection.

Optimism / Base (OP Stack)

Optimism uses a fixed 2-second block time. This is a controlled, predictable cadence, which makes block.timestamp more reliable than on Arbitrum — but it also means that block-count-based assumptions from mainnet (where a 12-second block time is the baseline) will be numerically wrong by a factor of 6.

The Pattern: Always Use block.timestamp in Seconds, Never Rely on Block Count for Duration

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

/// @title L2SafeVesting
/// @notice Vesting contract that uses block.timestamp exclusively.
///         Never relies on block.number for duration, which is unreliable on L2s.
contract L2SafeVesting {
    struct VestingSchedule {
        uint256 startTime;
        uint256 cliffDuration;   // seconds
        uint256 totalDuration;   // seconds
        uint256 totalAmount;
        uint256 claimed;
    }

    mapping(address => VestingSchedule) public schedules;

    error CliffNotReached();
    error NothingToClaim();

    function createSchedule(
        address beneficiary,
        uint256 cliffDuration,
        uint256 totalDuration,
        uint256 totalAmount
    ) external {
        schedules[beneficiary] = VestingSchedule({
            startTime: block.timestamp,
            cliffDuration: cliffDuration,
            totalDuration: totalDuration,
            totalAmount: totalAmount,
            claimed: 0
        });
    }

    function claim() external {
        VestingSchedule storage s = schedules[msg.sender];

        // Safe: comparing seconds, not block counts.
        if (block.timestamp < s.startTime + s.cliffDuration) {
            revert CliffNotReached();
        }

        uint256 elapsed = block.timestamp - s.startTime;
        if (elapsed > s.totalDuration) elapsed = s.totalDuration;

        uint256 vested = (s.totalAmount * elapsed) / s.totalDuration;
        uint256 claimable = vested - s.claimed;

        if (claimable == 0) revert NothingToClaim();

        s.claimed += claimable;
        // transfer logic omitted for brevity
    }
}
Never write `require(block.number >= startBlock + 50, "Too early")` on an L2. Express all durations in seconds and use `block.timestamp`. The only exception is if you explicitly need to reference L1 finality — in which case use Arbitrum's `ArbSys.arbBlockNumber()` and document the assumption clearly.

4. Cross-Layer Message Security

L1-to-L2 and L2-to-L1 messaging introduces an entirely new attack surface that does not exist in mainnet-only contracts. The two primary concerns are address aliasing and replay/reentrancy across the message bridge.

Address Aliasing

Address aliasing in Arbitrum is a security measure that prevents cross-chain exploits. Without it, a malicious actor could impersonate a contract on a child chain by simply sending a message from that contract’s parent chain address.

The Arbitrum protocol’s usage of L2 Aliases for L1-to-L2 messages prevents cross-chain exploits that would otherwise be possible if we simply reused the same L1 addresses as the L2 sender — i.e., tricking an L2 contract that expects a call from a given contract address by sending a retryable ticket from the expected contract address on L1.

The aliasing mechanism applies a fixed offset to the sender’s address. A contract at 0x1234...abcd on L1 sends messages that appear from 0x2345...bcde on L2 (roughly address + 0x1111000000000000000000000000000000001111).

Arbitrum was initially going to allow L1 addresses to pass calls directly to L2 with msg.sender preserved. After realizing security issues with this approach, the Arbitrum team shifted to aliasing. Uniswap Labs was not made aware of this change before deploying on Arbitrum — the Uniswap Factory was deployed with the owner set to the same, unaliased address of the L1 Uniswap Timelock contract. This is a real-world example of address aliasing causing a production governance failure.

The correct pattern for L1→L2 permission checks:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import {AddressAliasHelper} from
    "@arbitrum/nitro-contracts/src/libraries/AddressAliasHelper.sol";

/// @title L2Governor
/// @notice Receives governance calls from an L1 Timelock via Arbitrum's
///         canonical cross-chain messaging. Correctly handles address aliasing.
contract L2Governor {
    address public immutable l1TimelockAddress;

    error UnauthorizedCaller(address caller, address expected);

    constructor(address _l1Timelock) {
        l1TimelockAddress = _l1Timelock;
    }

    /// @notice Modifier that enforces calls originate from the L1 Timelock.
    ///         Uses AddressAliasHelper to undo the alias before comparing.
    modifier onlyL1Timelock() {
        address originalSender = AddressAliasHelper.undoL1ToL2Alias(msg.sender);
        if (originalSender != l1TimelockAddress) {
            revert UnauthorizedCaller(originalSender, l1TimelockAddress);
        }
        _;
    }

    function executeGovernanceAction(bytes calldata data) external onlyL1Timelock {
        // governance logic
    }
}

L2-to-L1 Message Delays

In the L2→L1 direction, the security model is inverted: your contract must wait. In the L2 to L1 direction, a user must wait for the dispute period to pass between publishing their messages and actually executing them on L1 — this is a direct consequence of the security model of optimistic rollups.

Any cross-chain protocol that attempts to finalize an L2→L1 message atomically, or assumes that an L2 event immediately implies an L1 state change, is broken by design on optimistic rollups.

5. The Finality Gap in Optimistic Rollups

The challenge window is the most structurally significant difference between optimistic rollup security and mainnet security.

The critical word is “optimistic.” The sequencer posts a state root without any cryptographic proof that it is correct. Ethereum accepts it provisionally. For the next several days — the challenge window, typically seven days — any watcher can dispute the state root by submitting a fraud proof. If the proof verifies, the fraudulent sequencer loses its bond and the state rolls back. If the window closes without a successful challenge, the state is final.

This creates a concrete class of vulnerabilities:

1. Withdrawal bridge exploitation. Any protocol that allows immediate withdrawal to L1 based on an L2 event is assuming finality that doesn’t exist yet. The seven-day challenge period creates a delay for final transaction settlement. Users withdrawing funds to Layer 1 must wait through this period, though some solutions offer liquidity providers to enable faster withdrawals for a fee.

2. Liveness assumptions. The security model assumes at least one honest verifier monitors the network and submits fraud proofs when necessary. If all verifiers go offline or collude, invalid transactions could be finalized.

3. Griefing via the challenge mechanism. Current systems lack mechanisms to proactively ensure validators are diligently monitoring L2 state transitions, creating a vulnerability where fraudulent states could be finalized.

The correct response in your contract design is to treat L2 state as soft-finalized until the window expires. For protocols that bridge value, use a time-locked withdrawal pattern:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

/// @title FinalityAwareWithdrawal
/// @notice Demonstrates a withdrawal pattern that enforces the challenge window
///         before releasing funds from an L2→L1 bridge.
///         Deploy on L1. The L2 side sends a message that creates a pending withdrawal.
contract FinalityAwareWithdrawal {
    /// @notice The challenge window for the underlying optimistic rollup.
    ///         Set to 7 days for Arbitrum/Optimism mainnet. Use a shorter
    ///         value only on testnets or with explicit rollup-specific justification.
    uint256 public constant CHALLENGE_WINDOW = 7 days;

    struct PendingWithdrawal {
        address recipient;
        uint256 amount;
        uint256 initiatedAt;
        bool executed;
    }

    mapping(bytes32 => PendingWithdrawal) public pendingWithdrawals;

    event WithdrawalInitiated(bytes32 indexed id, address recipient, uint256 amount);
    event WithdrawalExecuted(bytes32 indexed id);

    error ChallengeWindowNotExpired(uint256 remainingSeconds);
    error AlreadyExecuted();
    error InvalidWithdrawal();

    /// @notice Called by the canonical bridge when an L2 withdrawal message arrives.
    function initiateWithdrawal(
        bytes32 withdrawalId,
        address recipient,
        uint256 amount
    ) external {
        // In production: restrict to the canonical bridge address.
        pendingWithdrawals[withdrawalId] = PendingWithdrawal({
            recipient: recipient,
            amount: amount,
            initiatedAt: block.timestamp,
            executed: false
        });

        emit WithdrawalInitiated(withdrawalId, recipient, amount);
    }

    function executeWithdrawal(bytes32 withdrawalId) external {
        PendingWithdrawal storage w = pendingWithdrawals[withdrawalId];

        if (w.recipient == address(0)) revert InvalidWithdrawal();
        if (w.executed) revert AlreadyExecuted();

        uint256 elapsed = block.timestamp - w.initiatedAt;
        if (elapsed < CHALLENGE_WINDOW) {
            revert ChallengeWindowNotExpired(CHALLENGE_WINDOW - elapsed);
        }

        w.executed = true;
        emit WithdrawalExecuted(withdrawalId);

        // Transfer funds to recipient
        (bool success, ) = w.recipient.call{value: w.amount}("");
        require(success, "Transfer failed");
    }
}
ZK rollups do not have this problem. Native zkSync Era bridge withdrawals reach Ethereum finality in roughly a few minutes to one hour, depending on when the next proof batch is submitted and verified onchain — significantly faster than the seven-day challenge window on optimistic rollups like Optimism and Arbitrum. If your protocol's security model is incompatible with a seven-day finality gap, evaluate ZK rollups as your deployment target.

6. Precompile Availability Differences

EVM precompiles are native contracts at fixed addresses that perform cryptographic or utility operations at reduced gas cost. The assumption that precompiles available on Ethereum mainnet are available — or have identical behavior — on every L2 is incorrect, and failures here surface as unexpected reverts or silent incorrect results.

zkSync Era

Some EVM cryptographic precompiles (notably RSA / modExp) aren’t currently available on zkSync Era. However, other cryptographic primitives like ecrecover, keccak256, sha256, ecadd, and ecmul are supported as precompiles.

zkSync Era’s zkEVM is “EVM compatible” with high fidelity but not byte-for-byte identical: a small number of opcodes behave differently, and some precompiles are absent. In practice, the vast majority of contracts deploy without modifications, but protocol developers working with low-level assembly or specific precompiles should test carefully.

The reason for the difference is architectural: the reason for having dedicated contracts for certain operations, as opposed to reusing the existing EVM precompile implementations, is that the ZKsync VM runs on an L2 whose computation validity is proven by means of ZK proofs submitted to the L1 for verification. This makes it necessary to have provable implementations of all operations executed by the VM.

Users should be aware that the gas cost of calling each precompile is different from its EVM counterpart. The Modexp contract has a hardcoded limit on the lengths of the inputs (base, exponent, and modulus) that is set to 32 bytes.

Arbitrum

Arbitrum adds its own suite of precompiles beyond the standard EVM set, such as ArbSys (at 0x0000000000000000000000000000000000000064), ArbGasInfo, and ArbRetryableTx. Precompiles are smart contracts with special addresses that provide specific functionality, executed natively by the EVM client rather than at the bytecode level. This allows precompiles to perform tasks that would otherwise be costly, difficult, or even impossible to implement with standard smart contract code.

A concrete risk: code that uses staticcall to a precompile address and checks the return value will silently fail on chains where that precompile doesn’t exist, because the call will succeed (returning empty data) but the result will be invalid. Always validate return data length:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

/// @title PrecompileGuard
/// @notice Demonstrates safe wrapping of precompile calls with availability checks.
///         Relevant for protocols that call ecrecover, identity, or chain-specific
///         precompiles and need to behave correctly across deployment targets.
library PrecompileGuard {
    address constant ECRECOVER  = address(0x01);
    address constant SHA256     = address(0x02);
    address constant IDENTITY   = address(0x04);
    address constant MOD_EXP    = address(0x05);

    error PrecompileCallFailed(address precompile);
    error PrecompileReturnedEmpty(address precompile);

    /// @notice Safe ecrecover wrapper. Returns address(0) on failure rather
    ///         than reverting, mirroring EVM behavior — but explicitly validates
    ///         that the call itself succeeded.
    function safeEcrecover(
        bytes32 hash,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal view returns (address recovered) {
        bytes memory input = abi.encode(hash, uint256(v), r, s);
        bool success;
        bytes memory result;

        (success, result) = ECRECOVER.staticcall(input);

        if (!success) revert PrecompileCallFailed(ECRECOVER);

        // ecrecover returns 32 bytes (left-padded address) on success.
        // An empty return indicates invalid signature — this is expected behavior,
        // not a chain compatibility error.
        if (result.length == 0) return address(0);
        if (result.length != 32) revert PrecompileReturnedEmpty(ECRECOVER);

        assembly {
            recovered := mload(add(result, 32))
        }
    }

    /// @notice Checks whether a specific precompile address is callable.
    ///         Useful for feature detection before depending on chain-specific precompiles.
    function isPrecompileAvailable(
        address precompile,
        bytes memory testInput
    ) internal view returns (bool available) {
        (available, ) = precompile.staticcall(testInput);
    }
}
If your contract uses `modexp` (precompile `0x05`) for RSA signature verification or modular arithmetic, test it explicitly on each target L2. On zkSync Era, the input length for `modexp` is limited to 32 bytes — inputs exceeding this limit will not behave as on mainnet.

7. Chain-Specific Parameterization: The Multi-Chain Deployment Risk

Protocols that deploy the same bytecode across multiple chains often use hardcoded parameters that were calibrated for mainnet. On L2s, these parameters can become attack vectors.

The common mistakes:

Hardcoded oracle addresses. A price feed address on Ethereum mainnet is not the same as on Arbitrum One. If the address happens to resolve to a different contract on the target chain, you may be reading from an unrelated or malicious feed.

Hardcoded chain-specific addresses. USDC’s address, WETH’s address, Uniswap’s router — none of these are the same across chains. The infamous pattern of hardcoding 0xC02aaA... as WETH has broken contracts on every non-mainnet deployment.

Missing block.chainid guards on signed messages. Without including block.chainid in your EIP-712 domain separator, a signature created on one chain is valid on every chain where the contract is deployed at the same address. Replay attacks across chains are a direct consequence.

CREATE2 address collisions. Because CREATE2 is deterministic given the same deployer, salt, and bytecode, a contract deployed identically on two chains will land at the same address. This is often intentional — but it means that access control lists, whitelists, and admin addresses that are valid on one chain are silently assumed valid on another.

The defense is a structured initialization pattern that enforces chain-specific configuration at deploy time:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

/// @title ChainAwareDeployment
/// @notice Base contract that enforces chain-specific parameterization.
///         Prevents the "same bytecode, different context" vulnerability class.
abstract contract ChainAwareDeployment {
    uint256 public immutable deployedChainId;
    address public immutable canonicalWETH;
    address public immutable canonicalUSDC;
    address public immutable sequencerUptimeFeed; // address(0) on mainnet

    error WrongChain(uint256 expected, uint256 actual);
    error ChainConfigMissing(uint256 chainId);

    constructor(
        address _weth,
        address _usdc,
        address _sequencerFeed
    ) {
        deployedChainId = block.chainid;
        canonicalWETH = _weth;
        canon
icalWETH = _weth;
    }

    function wrap() external payable {
        require(block.chainid == deployedChainId, "wrong chain");
        IWETH(canonicalWETH).deposit{value: msg.value}();
        IWETH(canonicalWETH).transfer(msg.sender, msg.value);
    }
}

L2 Vulnerability Audit Checklist

Sequencer dependency

  • The Chainlink L2 sequencer uptime feed is checked before consuming any price oracle
  • Operations that would be harmful during sequencer downtime (liquidations, forced exits) are paused when the feed reports the sequencer is down
  • A grace period after sequencer restart is enforced before resuming price-sensitive operations

Chain ID and replay protection

  • All signed messages include block.chainid (not a hardcoded value) in the domain separator
  • Contracts deployed to multiple L2s have verified that their initialization parameters are chain-specific
  • Bridge messages include both source and destination chain IDs in the payload hash

Block timestamp and time-based logic

  • No time-lock, cooldown, or deadline relies on block.timestamp being accurate to the second on L2
  • TWAP oracles use a window that accounts for the L2’s actual block production rate
  • Rate-limiting logic based on block.number accounts for different block times per chain

Finality and message ordering

  • Cross-chain messages wait for L2 finality (not just L2 block inclusion) before executing irreversible actions on L1
  • The protocol has an explicit policy for handling sequencer-induced transaction reordering
  • Force-include mechanisms are understood and their security implications are documented

Deployment hygiene

  • Contract addresses are not hardcoded across chains — address registries or deterministic deployment with salt is used
  • Pre-compiled contract addresses are verified to exist on the target L2
  • Gas cost assumptions are validated on the specific L2 (L2 opcodes can differ from mainnet)