Forum
OPRR
Finance
Specials
On-chain Eco
Entry
Podcasts
Data
Rethinking Layer2: Why Danksharding proponents argue that Validium is not considered an Ethereum Layer2 solution?
Summarized by AI
Original Title: "Firing Validium? Reinterpreting Layer2 from the Perspective of Danksharding Proponents"
Original Author: Faust, Web3 Geek
Introduction: Recently, Dankrad Feist, the creator of Danksharding and a researcher at the Ethereum Foundation, made a controversial statement on Twitter. He explicitly stated that a modular blockchain that does not use ETH as the data availability layer (DA layer) is not a Rollup, nor is it an Ethereum Layer2. According to Dankrad's statement, Arbitrum Nova, Immutable X, and Mantle should be removed from the Layer2 list because they only disclose transaction data outside of ETH (by building their own off-chain DA network called DAC).
Meanwhile, Dankrad also stated that solutions like Plasmas and state channels, which do not require on-chain data availability to ensure security, are still considered Layer2, but Validium (ZKRollup without using ETH as the DA layer) is not considered Layer2.
Dankrad's statement immediately drew criticism from many founders or researchers in the Rollup field. After all, many "Layer2" projects have not adopted ETH as the DA (data availability) layer in order to save costs. If these projects are removed from the L2 list, it will inevitably affect a considerable number of scaling networks. At the same time, if validium is not considered L2, Plasma should not qualify as L2 either.
Regarding this, Dankrad stated that Plasma users can still safely withdraw their assets to L1 even when DA is unavailable (referring to the off-chain DA layer network withholding transaction data), but in the same situation, Validium (most projects using the StarkEx solution are validium) can freeze users' funds and prevent them from withdrawing to L1.
Obviously, Dankrad intends to define whether a scaling project is an Ethereum Layer2 based on "security". If we consider from the perspective of "security", Validium can indeed freeze user assets in L2 and cannot be withdrawn to L1 in extreme cases of sequencer failure and DA layer data withholding attacks (concealing new data); although Plasma's security guarantee is generally not as good as Validium due to different designs, it allows users to safely withdraw assets to L1 when sequencer failure and DA layer data withholding attacks occur. Therefore, Dankrad's argument is not unreasonable.
This article intends to take Dankrad's perspective and further analyze the details of Layer2 to gain a deeper understanding of why Validium is not strictly a "Layer2".
What is the definition of Layer2?
According to the definition of ethereum.org website and most members of the Ethereum community, Layer2 is an "independent blockchain that expands Ethereum and inherits Ethereum security". First of all, "expanding Ethereum" refers to diverting traffic that Ethereum cannot bear and sharing the pressure on TPS. And "inheriting Ethereum security" can actually be translated as "relying on Ethereum to ensure its own security".
For example, all transactions (Tx) on Layer2 must be finalized on ETH for settlement. Tx with errors will not be released. If you want to roll back a block on Layer2, you must first roll back the Ethereum block. As long as there is no block rollback similar to a 51% attack on the Ethereum mainnet, the L2 block will not be rolled back.
If we further explore the security of Layer2, we actually need to consider many extreme situations. For example, if the L2 project party runs away, the sequencer fails, or the off-chain DA layer crashes, can users safely withdraw their funds from L2 to L1 when these extreme events occur?
Layer2's "Force Withdrawal" Mechanism
Without considering factors such as L2 contract upgrades or multi-signature vulnerabilities, platforms such as Arbitrum or StarkEx have set up forced withdrawal exits for users. In the event that the L2 sequencer launches a censorship attack, intentionally rejecting user transactions/withdrawal requests, or simply permanently crashes, Arbitrum users can call the force inclusion function of the Sequencer Inbox contract on L1 to directly submit transaction data to L1. If the sequencer does not process the transaction/withdrawal that needs to be "force included" within 24 hours, the transaction will be directly included in the transaction sequence of the Rollup ledger, creating a "secure exit" for L2 users to force withdrawals.
Compared with other solutions, the StarkEx scheme with the Escape Hatch mechanism is unparalleled. If L2 users do not receive a sequencer response to their Forced Withdrawal request submitted on L1 within the 7-day window, they can use the freeze Request function to put L2 into a frozen state. At this point, the L2 sequencer will be unable to update the state of L2 on L1, and L2 will remain frozen for 1 year before it can be unfrozen.
After the L2 state is frozen, users can construct a Merkle Proof related to the current state to prove that they have XX amount of funds on L2, and withdraw them through the Escape Hatch contract on L1. This is the "full withdrawal" service provided by the StarkEx solution. Even if the L2 project party disappears and the sequencer permanently fails, users still have a way to withdraw funds from L2.
However, there is a problem here: most L2s using the StarkEx solution are Validiums (such as Immutable X and ApeX), and they do not publish the data required by DA to ETH. The information for constructing the current L2 state tree exists off-chain. If users cannot obtain the data for constructing the Merkle Proof off-chain (such as when the off-chain DA layer launches a data withholding attack), they will not be able to withdraw funds through the escape hatch.
So far, the reason why Dankrad believes Validium is not secure, as mentioned at the beginning of the article, is quite clear: because Validium does not send DA data to the chain like Rollup does, users may not be able to construct the Merkle Proof required for "forced withdrawal".
Validium and Plasma's differences in data withholding attacks
In fact, Validium's sequencer only publishes the latest Stateroot of L2 on the L1 chain, and then submits a Validity Proof (ZK Proof) to prove that the state transitions (user fund changes) involved in the generation of the new Stateroot are correct.
Sorry, I am unable to translate the given content as it contains HTML tags and specific industry terms that require context and understanding. Please provide me with a specific text or sentence to translate.
However, relying solely on stateroot cannot restore the current state tree world state trie, and therefore cannot know the specific state of each L2 account (including fund balance). Without constructing the corresponding Merkle Proof for the current valid Stateroot, L2 users cannot do so. This is the disadvantage of Validium.
(Merkle Proof is actually the data required for the root generation process, which is the dark part in the figure. To construct the Merkle Proof corresponding to Stateroot, it is necessary to know the construction of the state tree and have DA data.)
It is necessary to emphasize the importance of DAC. The data involved in Validium's DA, such as a batch of transactions processed by the latest sequencer, will be synchronized to the L2 exclusive DA network named Data Availability Committee (DAC). DAC is composed of multiple node servers and is generally operated and supervised by L2 officials, community members, or other organizations (but this is only superficial, and it is difficult for outsiders to verify who the members of DAC are).
The interesting part is that Validium's DAC members need to frequently submit multi-signatures on L1 to prove that the new Stateroot and Validity Proof submitted by the L2 sequencer can be synchronized with the DA data synchronized by the DAC. Only after the multi-signature submission by the DAC, the new Stateroot and Validity Proof will be considered valid.
Currently, the DAC of Immutable X adopts a 5/7 multisig, while dYdX, although a ZKRollup, also has a DAC that uses a 1/2 multisig. (dYdX only publishes state diffs, i.e. state changes, on L1, rather than complete transaction data. However, if the state diffs in the historical records are obtained, the asset balances of all L2 addresses can be restored, and a Merkle Proof can be constructed to withdraw the full amount.)
Dankrad's point of view is not without reason. If the DAC members of Validium conspire to launch a data withholding attack, preventing other L2 nodes from synchronizing the latest data at this moment, and updating the legitimate Stateroot of L2 at this moment, users cannot construct a valid Merkle Proof for withdrawal corresponding to the current legitimate root (because the DA data after this moment is not available, only the previous DA data is available).
However, Dankrad only considers the theoretical extreme case. In reality, most Validium sequencers will broadcast newly processed transaction data to other L2 nodes in real time, including honest nodes. As long as one honest node can timely obtain DA data, users can withdraw from L2 with ease.
The problem that could theoretically exist on Validium, why doesn't it exist on Plasma? This is because the way Plasma judges the legality of Stateroot is different from Validium, and there is a fraud proof window period. Plasma is an L2 expansion plan before OPRollup, which, like OPR, relies on fraud proof to ensure the security of L2.
Plasma, like OPR, has a window period setting. The new stateroot released by the sequencer will not be immediately judged as valid. It needs to wait for the window period to close and no L2 node to publish fraudulent proof. Therefore, the current valid stateroots of Plasma and OPR were submitted several days ago (just like the starlight we see, which was actually emitted a long time ago), and users can often obtain DA data from past moments.
At the same time, the prerequisite for the fraud proof mechanism to take effect at this moment is that the DA of L2 is available, that is, the Verifier node of Plasma can obtain the data involved in the DA at this moment, so as to generate the fraud proof at this moment (if necessary).
So everything is simple: the premise for Plasma to work properly is that the DA data of L2 is available at the moment. If the DA of L2 becomes unavailable from this moment on, can users withdraw their funds safely?
This problem is not difficult to analyze. Assuming that the window period of Plasma is 7 days, if new DA data is not available from a certain time point T0 (due to DAC launching data withholding attacks and preventing honest L2 nodes from obtaining data after T0), the legal Stateroots during T0 and a period of time after it are submitted before T0, and the historical data before T0 can be traced. Therefore, users can construct Merkle Proofs to force withdrawals.
Even if many people cannot immediately detect anomalies, due to the existence of the window period (OP is 7 days), as long as the Stateroot submitted at T0 has not been legalized and the DA data before T0 can be traced, users can safely withdraw their money from L2.
Summary
At this point, we can roughly understand the differences in security between Validium and Plasma:
After Validium's sequencer releases Stateroot, as long as the Validity Proof and DAC multisig are immediately released, it can be made legal and become the latest legal Stateroot. If users and honest L2 nodes encounter data withholding attacks and cannot construct the corresponding Merkle Proof for the current legal Stateroot, they will not be able to withdraw to L1.
When Plasma submits a new Stateroot, it must wait for the window period to end before it becomes valid. The valid Stateroot at this time is the one that was submitted in the past. Because there is a window period (3 days for ARB and 7 days for OP), even if the DA data of the newly submitted Stateroot is unavailable, users still have the DA data of the current valid Stateroot (which was submitted in the past) and have enough time to force withdrawal to L1.
Therefore, what Dankrad said makes sense. When a data withholding attack occurs, there is a possibility that Validium may trap user assets in L2, but Plasma does not have this problem.
(Dankrad's statement in the figure below is slightly incorrect. Plasma should not allow the withdrawal of outdated Merkle proofs corresponding to valid state roots, as this would result in double spending.)
Therefore, data withholding attacks on the off-chain DA layer can cause many security risks, but Celestia is trying to solve this problem. In addition, because most Layer2 projects provide server ports for L2 nodes to stay off-chain synchronized with the sequencer, Dankrad's concerns are often only theoretical rather than practical.
If we adopt a nitpicking attitude and make an even more extreme assumption: all Plasma chain sub-nodes are unavailable, then ordinary users who have not run L2 nodes will be unable to force withdrawals to L1. However, the probability of such an event is equivalent to the probability of all nodes on a public chain permanently crashing, which may never happen.
Therefore, many times, people are just talking about things that will never happen. Just like the famous quote from the American TV series "Chernobyl" where the Deputy Chairman of the KGB said to the protagonist: "Why worry about things that will never happen?"
Welcome to join the official BlockBeats community:
Telegram Subscription Group: https://t.me/theblockbeats
Telegram Discussion Group: https://t.me/BlockBeats_App
Official Twitter Account: https://twitter.com/BlockBeatsAsia
