Bankless: The Prosperity and Challenges of Optimistic Rollup

Optimistic Rollup: Prosperity and Challenges of Bankless.

Author: Jack Inabinet, Translation: Kate, Marsbit

In the past few years, Ethereum’s Layer 2 networks have seen tremendous growth, especially Optimistic Rollups like Arbitrum and Optimism. Value is shifting towards them, but are they growing too big, too fast?

-Bankless Team

Optimistic Rollups have never been pessimistic. Since the beginning of this year, the TVLs of Ethereum’s two main Optimistic Rollup combinations, Arbitrum and Optimism, have increased by 108% and 52% respectively, which is impressive.

• Inventory of DAO trends that have received ARB airdrops: Balancer, Radiant, Stargate DAO……
• Is cryptocurrency the biggest scam in history? A decade-long history of love and hate between enthusiasts and critics
• Evolution of the Web3 Community: The Decline of PFP Community and the New Dawn of NFT

But despite these benefits, Optimistic Rollups are not the ultimate goal of Ethereum’s scalability. While they continue to grow in terms of TVL and help solidify L2 as an integral part of the Ethereum ecosystem, as they become increasingly successful, the likelihood of black swan attacks on the core security components of Optimistic Rollups only increases.

Today, we’ll explain why Optimistic Rollups (despite their popularity) are still vulnerable to exploitation, explore zero-knowledge solutions to mitigate all of these issues, and circle back to the DAO hack to explain why Ethereum may not simply be able to get out of trouble. Another major vulnerability.

Weaknesses of Optimistic Rollups

As the name suggests, Optimistic Rollups optimistically assume that the rollup state submitted by the operator to Ethereum is correct, unless proven otherwise, and derive their security from the cryptographic “fraud proof”.

Today, Arbitrum is the only major L2 with a valid fraud proof, and only licensed participants can prove that its state is incorrect. If participants disagree on the state of the chain, the rollup protocol will initiate an anti-fraud proof calculation, which is a form of on-chain dialogue between challengers and rollups to determine whether the state is valid. Otherwise, the change in transaction state is reverted and the hash is reset to a state root that can be proven correct. Optimistic Rollups revolve around a 7-day standard challenge period, which gives well-intentioned participants enough time to question the state of data aggregation.

However, the security of Optimistic Rollups is based on two core assumptions:

1. Someone submits a fraud proof in the case of an invalid state

Regarding assumption one, we can reasonably expect that an honest participant would attempt to challenge an invalid state by attempting to publish a fraud proof.

2. The underlying L1 is still anti-censorship.

The anti-censorship feature of Ethereum is certainly commendable. For example, when a block is full, EIP-1559 will exponentially increase the base fee (a part of the transaction fee). In theory, this should prevent participants from DDoS attacking L1 through spam transactions to prevent the publication of fraud evidence, because the gas cost required for the attack will quickly exceed the value accumulated before the 7-day challenge period ends.

Source: Twitter

Unfortunately, even in the hypothetical future world where all Optimistic rollups have fraud proofs without permission, a worrying attack vector still exists. Although unlikely, it is still possible to prevent the publication of fraud evidence while circumventing the exponential gas fee growth of EIP-1559 through collusion by validators.

Competing parties must be able to submit fraud proofs at the L1 level, as rollup protocols interpret no challenge as implicit agreement on their state. The potential censorship of fraud proofs that arises from collusion at L1 would invalidate point 2, making the security commitment of rollup invalid.

Source: Twitter

The inevitable choice

Although their Optimistic counterparts are easier to implement and dominate the Ethereum L2 field today, zkRollups may disrupt the current paradigm by offering instant confirmation, faster finality, higher throughput, and native privacy.

Unlike arguing incorrect rollup states with fraud proofs, these rollups choose validity proofs, which are a form of off-chain computation that can verify the correctness of transactions submitted by rollup operators and prove the correctness of rollups without revealing the state itself.

Although cryptographically complex, this proof design means that the published state will always reflect the correct state of L2 and means that zkRollups rely only on Ethereum’s anti-censorship feature, not security, as Optimistic rollups do under their fraud-proof scheme.

Some of these zkRollups have already entered the main network, and their rapid adoption shows the demand for zero-knowledge extension solutions built on Ethereum.

The zkSync Era is the leader in terms of both user and TVL inflows (largely due to speculation from airdrops), accumulating a staggering $155 million in TVL since its deployment to the mainnet at the end of March.

Source: Artemis

It is undeniable that competitors have been working hard to achieve similar success, and since the beginning of April, Starknet and Polygon’s zkEVM have seen a large amount of TVL inflows.

Just yesterday, Polygon Labs proposed an upgrade to the existing Polygon PoS chain, during which the discussion around what a “rollup” is further descended into confusion.

Source: Twitter

However, a key difference is to separate the zkRollup highlighted above (including Polygon’s zkEVM Rollup) from zero-knowledge validity (seemingly the future of the Polygon PoS chain).

While publishing validity or “zk” proofs to Ethereum does ensure the correctness of Polygon PoS state transitions, users will still rely on the MATIC network for data availability and functionality to maintain validity.

Source: Polygon Labs

While this approach will undoubtedly reduce transaction costs and improve scalability, the “validity” vision proposed for Polygon PoS will not inherit the full security package supported by Ethereum or the liveliness required for a true zkRollup by outsourcing data availability outside of Ethereum.

DAO Hacker

When considering any potential black swan events in the future, it is helpful to look back at history. Less than a year after Ethereum went live, this nascent ecosystem was forced to face a catastrophic event: the DAO hack.

Launched in April 2016, the DAO raised $150 million in just four weeks during its formation period by granting token holders unprecedented voting rights. Unfortunately, their unprecedented success in fundraising was short-lived, as an attacker used a reentrancy attack to drain nearly all of the ETH controlled by the DAO.

Despite the best efforts of the white hat hacker group “Robin Hood” to recover these funds, the attacker still left with $40 million worth of ETH, equivalent to 5% of the circulating ether supply at the time. In the aftermath of the chaos, the Ethereum community reached the ultimate reset button: an irregular state change!

Although Ethereum often uses coordinated hard forks to achieve protocol upgrades, as seen during Merge and Shapella, clearing the DAO hack required additional steps. This hard fork not only fixed the vulnerability that caused the DAO to crash, but also returned all hacked funds to their rightful owners.

Rolling back the DAO hack was a controversial decision, with much of the resistance coming from Bitcoin supporters who believed that an irregular state chain would decrease the credibility of the Ethereum network and circumvent the entire premise of blockchain immutability. Ultimately, professional hard forkers won the battle, and the feat was made possible because of concerns that the massive concentration of hacked ether (5%) would make people take the network less seriously.

If rollups were exploited, such a reset would be required — and there would be good reason to do so, as it previously solved the problem — but don’t count your cross-chain chickens before they hatch this time around, as no one will be coming to save your crypto project.

The decision to hard fork was not made lightly, and using it to manipulate account balances certainly undermines the value proposition of blockchain technology. Implementing similar hard fork-like requests has been stalled in proposal purgatory, such as EIP-867 (aimed at standardizing fund recovery requests) and EIP-999 (aimed at revoking 513k ETH Blockingrity Wallet disaster).

Ethereum wizard Vitalik Buterin recently issued a stern rebuke of any potential rollback nodes in his article “Don’t Overload Ethereum’s Consensus,” arguing that fragile social consensus creates a high risk of chain splits and that hard forks should be used with caution in mature communities.

While the article primarily discusses the danger that re-staking poses to social consensus, Vitalik specifically notes that rollups may depend on Ethereum to fork and recover funds, an application of consensus that carries high risk and may therefore lead to chain splits.

Source: Vitalik Buterin

Unless we see a fundamental change in Ethereum’s community guardians, we are unlikely to see another DAO-style irregular state change to cover up rollup vulnerabilities.

TL;DR

To be honest, we are still in the early stages of the Ethereum scalability journey!

Optimistic rollups represent the best attempt by developers to scale Ethereum so far, but they are still vulnerable to attacks and the attack surface will only expand as they become more successful. However, seeking alternative scaling solutions is imperative in the face of the reality that Ethereum’s social consensus may not be able to save exploited Optimistic rollups.

While the drawbacks today are apparent, further time and development will enable the teams behind various zkRollup and similar rollup scaling methods to refine their solutions and address Ethereum’s current scaling challenges.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!