Skip to main content

Arbitrum: Understanding the risks

Arbitrum One — the first permissionless Ethereum layer 2 rollup with full Ethereum smart contract functionality — is live on mainnet — as is Nova, our first AnyTrust chain; We're sure you're (almost) as excited as we are! Here are some risks you should know about before using the system:

State Of progressive decentralization

The Arbitrum DAO system is the owner of both the Arbitrum One and Arbitrum AnyTrust chains; see “State of Progressive Decentralization” for more.

General words of caution: Software bugs

Offchain Labs’ implementation of the Arbitrum protocol has been carefully constructed, is perpetually being audited by several independent firms, and is continuously reviewed and tested following best engineering practices. That said, there remains a non-zero chance that our codebase contains some undiscovered vulnerabilities that put user funds at risk. Users should carefully factor this risk into their decision to use Arbitrum One and/or Arbitrum Nova, and in deciding how much of their value to entrust into the system. Note that Offchain Labs also sponsors a multi-million dollar bug bounty program to incentivize any party who funds such a critical bug to disclose it responsibly.

General words of caution: Scams

Arbitrum, like Ethereum, is permissionless; on both platforms, anybody can deploy any smart contract code they want. Users should treat interacting with contracts on Arbitrum exactly as they do with Ethereum, i.e., they should only do so if they have good reason to trust that the application is secure.