Search

Search for projects by name

Recategorisation happening in
Learn more
SummaryValue SecuredActivityLivenessRisk summaryRisk analysisData availabilityState validationOperatorSequencingWithdrawalsOther considerationsPermissionsSmart contracts

Plume Network logoPlume Network

Badges

About

Plume is a modular L2 blockchain for real-world assets (RWAs) that integrates asset tokenization and compliance providers directly into the chain.

Value secured
$75.83 M0.14%
Canonically Bridged
$27.87 M
Natively Minted
$47.96 M
Externally Bridged
$0.00
View TVS Breakdown
  • Tokens
  • Past day UOPS
    3.53418%
  • Gas token
    PLUME
  • Type
    Optimium
  • Purposes
    Universal, RWA
  • Chain ID
    98866
    • Sequencer failureState validationData availabilityExit windowProposer failure
    Explore more in Discovery UI

    Badges

    About

    Plume is a modular L2 blockchain for real-world assets (RWAs) that integrates asset tokenization and compliance providers directly into the chain.

    Value Secured

    2025 Feb 21 — Jun 14

    Total value securedTotal
    $75.83 M0.14%
    Canonically BridgedCanonically Bridged ValueCanonical
    $27.87 M10.6%
    Natively MintedNatively Minted TokensNative
    $47.96 M7.63%
    Externally BridgedExternally Bridged ValueExternal
    $0.000.00%
    View TVS breakdown
    Activity

    2025 Feb 20 — Jun 13

    Liveness

    The chart illustrates how "live" the project's operators are by displaying how frequently they submit transactions of the selected type and if these intervals deviate from their typical schedule.

    2025 May 15 — Jun 14

    30D avg. tx data subs. interval
    18 minutes
    30D avg. state updates interval
    11 hours
    Past 30 days anomalies
    Risk summary
    Fraud proof system is fully deployed but is not yet permissionless as it requires Validators to be whitelisted.

    Funds can be lost if

    1. the sequencer posts an unavailable transaction root (CRITICAL),
    2. the data is not available on the external provider (CRITICAL).

    MEV can be extracted if

    1. the operator exploits their centralized position and frontruns user transactions.
    Risk analysis
    Fraud proof system is fully deployed but is not yet permissionless as it requires Validators to be whitelisted.
    Sequencer failureState validationData availabilityExit windowProposer failure
    Sequencer failure
    Self sequence

    In the event of a sequencer failure, users can force transactions to be included in the project’s chain by sending them to L1. There can be up to a 1d delay on this operation.

    State validation
    Fraud proofs (INT)

    No actor outside of the single Proposer can submit fraud proofs. Interactive proofs (INT) require multiple transactions over time to resolve. The challenge protocol can be subject to delay attacks. There is a 5d 14h challenge period.

    Data availability
    External

    Proof construction and state derivation fully rely on data that is posted on Celestia. Sequencer tx roots are checked against the Blobstream bridge data roots, signed off by Celestia validators.

    Exit window
    None

    There is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.

    Proposer failure
    Self propose

    Anyone can become a Proposer after 11d 23h of inactivity from the currently whitelisted Proposers.

    Data availability

    Data is posted to Celestia

    Transactions roots are posted onchain and the full data is posted on Celestia. The blobstream bridge is used to verify attestations from the Celestia validator set that the data is indeed available.

    • Funds can be lost if the sequencer posts an unavailable transaction root (CRITICAL).

    • Funds can be lost if the data is not available on the external provider (CRITICAL).

    1. Introducing Blobstream: streaming modular DA to Ethereum
    Learn more about the DA layer here: Celestia logoCelestia
    State validation
    A diagram of the state validation
    A diagram of the state validation

    Updates to the system state can be proposed and challenged by a set of whitelisted validators. If a state root passes the challenge period, it is optimistically considered correct and made actionable for withdrawals.

    State root proposals

    Whitelisted validators propose state roots as children of a previous state root. A state root can have multiple conflicting children. This structure forms a graph, and therefore, in the contracts, state roots are referred to as nodes. Each proposal requires a stake, currently set to 0.1 ETH, that can be slashed if the proposal is proven incorrect via a fraud proof. Stakes can be moved from one node to one of its children, either by calling stakeOnExistingNode or stakeOnNewNode. New nodes cannot be created faster than the minimum assertion period by the same validator, currently set to 15m. The oldest unconfirmed node can be confirmed if the challenge period has passed and there are no siblings, and rejected if the parent is not a confirmed node or if the challenge period has passed and no one is staked on it.

    • Funds can be stolen if none of the whitelisted verifiers checks the published state. Fraud proofs assume at least one honest and able validator (CRITICAL).

    1. How is fraud proven - Arbitrum documentation FAQ
    Challenges

    A challenge can be started between two siblings, i.e. two different state roots that share the same parent, by calling the startChallenge function. Validators cannot be in more than one challenge at the same time, meaning that the protocol operates with partial concurrency. Since each challenge lasts 5d 14h, this implies that the protocol can be subject to delay attacks, where a malicious actor can delay withdrawals as long as they are willing to pay the cost of losing their stakes. If the protocol is delayed attacked, the new stake requirement increases exponentially for each challenge period of delay. Challenges are played via a bisection game, where asserter and challenger play together to find the first instruction of disagreement. Such instruction is then executed onchain in the WASM OneStepProver contract to determine the winner, who then gets half of the stake of the loser. As said before, a state root is rejected only when no one left is staked on it. The protocol does not enforces valid bisections, meaning that actors can propose correct initial claim and then provide incorrect midpoints.

    1. Fraud Proof Wars: Arbitrum Classic
    Operator

    The system has a centralized sequencer

    While forcing transaction is open to anyone the system employs a privileged sequencer that has priority for submitting transaction batches and ordering transactions.

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

    1. Sequencer - Arbitrum documentation

    Users can force any transaction

    Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly. After a delay of 1d in which a Sequencer has failed to include a transaction that was directly posted to the smart contract, it can be forcefully included by anyone on the host chain, which finalizes its ordering.

    1. SequencerInbox.sol - source code, forceInclusion function
    2. Sequencer Isn't Doing Its Job - Arbitrum documentation
    Sequencing

    Delayed forced transactions

    To force transactions from the host chain, users must first enqueue “delayed” messages in the “delayed” inbox of the Bridge contract. Only authorized Inboxes are allowed to enqueue delayed messages, and the so-called Inbox contract is the one used as the entry point by calling the sendMessage or sendMessageFromOrigin functions. If the centralized sequencer doesn’t process the request within some time bound, users can call the forceInclusion function on the SequencerInbox contract to include the message in the canonical chain. The time bound is hardcoded to be 1d.

    Withdrawals

    Regular messaging

    The user initiates L2->L1 messages by submitting a regular transaction on this chain. When the block containing that transaction is settled, the message becomes available for processing on L1. The process of block finalization usually takes several days to complete.

    1. Transaction lifecycle - Arbitrum documentation
    2. L2 to L1 Messages - Arbitrum documentation
    3. Mainnet for everyone - Arbitrum Blog

    Autonomous exit

    Users can (eventually) exit the system by pushing the transaction on L1 and providing the corresponding state root. The only way to prevent such withdrawal is via an upgrade.

    Other considerations

    EVM compatible smart contracts are supported

    Arbitrum One uses Nitro technology that allows running fraud proofs by executing EVM code on top of WASM.

    1. Inside Arbitrum Nitro
    Permissions
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    Disco UI BannerExplore in Disco

    Ethereum

    Roles:

    Sequencer 0x9346…4B3D

    Can submit transaction batches or commitments to the SequencerInbox contract on the host chain.

    Validator 0x8976…7dE3

    Can propose new state roots (called nodes) and challenge state roots on the host chain.

    Actors:

    Conduit Multisig 1 0x4a49…A746
    • A Multisig with 4/11 threshold.
    • Can upgrade with no delay
      • Bridge
        via - acting via UpgradeExecutor → ProxyAdmin
      • RollupProxy
        via - acting via UpgradeExecutor
      • Outbox
        via - acting via UpgradeExecutor → ProxyAdmin
      • SequencerInbox
        via - acting via UpgradeExecutor → ProxyAdmin
      • ChallengeManager
        via - acting via UpgradeExecutor → ProxyAdmin
      • Inbox
        via - acting via UpgradeExecutor → ProxyAdmin
      • UpgradeExecutor
        via - acting via UpgradeExecutor → ProxyAdmin
      • RollupEventInbox
        via - acting via UpgradeExecutor → ProxyAdmin
    • Can interact with RollupProxy
      • Pause and unpause and set important roles and parameters in the system contracts: Can delegate Sequencer management to a BatchPosterManager address, manage data availability, DACs and the fastConfirmer role, set the Sequencer-only window, introduce an allowList to the bridge and whitelist Inboxes/Outboxes
        via - acting via UpgradeExecutor

    Participants (11):

    0x8117…E7Ac0x860e…c0530x5093…66280xA073…bda20xF331…647D0xF0B7…A4f00xa400…e6e40x3840…Fd5f0xa0C6…90380xefCf…dD5C0x4D80…5BAe
    Used in:
    Smart contracts
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    Disco UI BannerExplore in Disco
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    Ethereum

    Bridge 0x3538…EF83Implementation (Upgradable)Admin

    Escrow contract for the project’s gas token (can be different from ETH). Keeps a list of allowed Inboxes and Outboxes for canonical bridge messaging.

    • Roles:
      • admin: ProxyAdmin; ultimately Conduit Multisig 1
    • This contract stores the following tokens: PLUME.
    Can be upgraded by:
    Conduit Multisig 1 with no delay
    Implementation used in:
    RollupProxy 0x35c6…c2aCImplementation #1 (Upgradable)Implementation #2 (Upgradable)Admin

    Central contract for the project’s configuration like its execution logic hash (wasmModuleRoot) and addresses of the other system contracts. Entry point for Proposers creating new Rollup Nodes (state commitments) and Challengers submitting fraud proofs (In the Orbit stack, these two roles are both held by the Validators).

    • Roles:
      • admin: UpgradeExecutor; ultimately Conduit Multisig 1
      • owner: UpgradeExecutor; ultimately Conduit Multisig 1
      • validators: EOA 1
    Can be upgraded by:
    Conduit Multisig 1 with no delay
    Implementation used in:
    SequencerInbox 0x85eC…0b59Implementation (Upgradable)Admin

    A sequencer (registered in this contract) can submit transaction batches or commitments here.

    • Roles:
      • admin: ProxyAdmin; ultimately Conduit Multisig 1
      • batchPosters: EOA 2
    Can be upgraded by:
    Conduit Multisig 1 with no delay
    Implementation used in:
    ChallengeManager 0x8c66…caE6Implementation (Upgradable)Admin

    Contract that allows challenging state roots. Can be called through the RollupProxy by Validators or the UpgradeExecutor.

    • Roles:
      • admin: ProxyAdmin; ultimately Conduit Multisig 1
    Can be upgraded by:
    Conduit Multisig 1 with no delay
    Implementation used in:
    UpgradeExecutor 0xd688…8C04Implementation (Upgradable)Admin

    Central contract defining the access control permissions for upgrading the system contract implementations.

    • Roles:
      • admin: ProxyAdmin; ultimately Conduit Multisig 1
      • executors: Conduit Multisig 1
    Can be upgraded by:
    Conduit Multisig 1 with no delay
    Implementation used in:
    Outbox 0x7e46…4E71Implementation (Upgradable)Admin

    Facilitates L2 to L1 contract calls: Messages initiated from L2 (for example withdrawal messages) eventually resolve in execution on L1.

    • Roles:
      • admin: ProxyAdmin; ultimately Conduit Multisig 1
    Can be upgraded by:
    Conduit Multisig 1 with no delay
    Implementation used in:
    Inbox 0x943f…Ba1DImplementation (Upgradable)Admin

    Facilitates sending L1 to L2 messages like depositing ETH, but does not escrow funds.

    • Roles:
      • admin: ProxyAdmin; ultimately Conduit Multisig 1
    Can be upgraded by:
    Conduit Multisig 1 with no delay
    Implementation used in:
    OneStepProofEntry 0x0537…262f

    One of the modular contracts used for the last step of a fraud proof, which is simulated inside a WASM virtual machine.

    Proxy used in:
    OneStepProver0 0x6982…f482

    One of the modular contracts used for the last step of a fraud proof, which is simulated inside a WASM virtual machine.

    Proxy used in:
    ValidatorUtils 0x84eA…db44

    This contract implements view only utilities for validators.

    Proxy used in:
    OneStepProverHostIo 0x856E…4771

    One of the modular contracts used for the last step of a fraud proof, which is simulated inside a WASM virtual machine. This version uses the Blobstream DA bridge (0x7Cf3876F681Dbb6EdA8f6FfC45D66B996Df08fAe) as source of truth for the DA referenced by the fault proof.

    Proxy used in:
    OneStepProverMath 0x9c40…72C5

    One of the modular contracts used for the last step of a fraud proof, which is simulated inside a WASM virtual machine.

    Proxy used in:
    ProxyAdmin 0xb90f…31CC
    • Roles:
      • owner: UpgradeExecutor
    OneStepProverMemory 0xcaBf…3FCe

    One of the modular contracts used for the last step of a fraud proof, which is simulated inside a WASM virtual machine.

    Proxy used in:
    RollupEventInbox 0xf576…97eaImplementation (Upgradable)Admin

    Helper contract sending configuration data over the bridge during the systems initialization.

    • Roles:
      • admin: ProxyAdmin; ultimately Conduit Multisig 1
    Can be upgraded by:
    Conduit Multisig 1 with no delay
    Implementation used in:

    Value Secured is calculated based on these smart contracts and tokens:

    Escrow for PLUME 0x3538…EF83Implementation (Upgradable)Admin

    Contract managing Inboxes and Outboxes. It escrows PLUME sent to L2.

    Can be upgraded by:
    ProxyAdmin with no delay
    Implementation used in:

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).