Security is not a service you can purchase from a third party like EigenLayer or Babylon. It is an emergent property of a system's economic and cryptographic design. Renting security creates a principal-agent problem where the security provider's incentives diverge from the protocol's long-term health.
liquid-staking-and-the-restaking-revolution
Blog
Why Credible Neutrality Cannot Be Rented
The property of a base layer not favoring specific applications is a social and architectural construct, not a cryptoeconomic service that can be resold. This is the fundamental flaw in the restaking security marketplace thesis.
introduction
THE FLAWED PREMISE
Introduction: The Great Security Bazaar
The market for outsourced blockchain security is built on a fundamental misalignment where trust is treated as a commodity.
Credible neutrality is a property, not a product. A system like Bitcoin or Ethereum is credibly neutral because its rules are immutable and its validators are permissionless. When a new chain rents Ethereum's validators via restaking, it inherits their staked ETH, not Ethereum's social consensus or fork choice rules.
The security bazaar creates systemic risk. A restaked validator set securing hundreds of actively validated services (AVS) faces correlated slashing conditions. A failure in one AVS, like a faulty oracle or bridge, can trigger a cascade that destabilizes the entire rented security pool, a risk not present in sovereign chains like Solana or Celestia.
Evidence: The Total Value Restaked (TVR) on EigenLayer exceeds $15B, creating a massive, interconnected system of rehypothecated capital where a single slashing event could have unprecedented cross-protocol contagion.
thesis-statement
THE INCENTIVE MISMATCH
The Core Argument: Architecture, Not Economics
Credible neutrality is a structural property of a system's design, not a service that can be purchased from a third party.
Credible neutrality is a property of a system's architecture, not a tokenomic model. It describes a system whose rules cannot be manipulated for the benefit of its operators. This is a binary, architectural state, not a spectrum of economic incentives.
You cannot rent trustlessness. Protocols like Across and Stargate attempt to secure cross-chain transfers with economic games and bonded relayers. This creates a rent-seeking intermediary layer, reintroducing the trusted third party that blockchains were built to eliminate.
Economic security is contingent, architectural security is absolute. A system secured by slashing conditions or fraud proofs can fail if the economic cost of attack drops below the reward. A system secured by cryptographic proofs and deterministic execution cannot.
Evidence: The Solana Wormhole bridge hack lost $326M despite a validator set. The economic security model failed. In contrast, a ZK light client bridge like Succinct's Telepathy uses cryptographic proofs, making its security a function of math, not money.
key-trends
WHY CREDIBLE NEUTRALITY CANNOT BE RENTED
The Restaking Illusion: Three Fatal Trends
Restaking markets security as a commodity, but the underlying economic and political dynamics create systemic fragility.
01
The Problem: Concentrated Slashing Risk
A single operator's fault can cascade across dozens of protocols. The shared security model creates a single point of failure where correlated slashing events are inevitable.
- EigenLayer slashing could simultaneously penalize Ethereum L2s, Cosmos app-chains, and Alt-DA layers.
- Risk is non-diversifiable; a $10B+ TVL pool backing hundreds of AVs is a systemic liability.
1 Fault
100s of Penalties
$10B+
Correlated TVL
02
The Problem: Protocol Sovereignty Erosion
Restaking turns protocol security into a political auction. The highest-bidding AVs can outbid others for validator loyalty, creating a pay-to-win security market.
- Validators are economically incentivized to prioritize highest-paying AVs, not network health.
- This commoditization directly attacks the credible neutrality that makes base layers like Ethereum trustworthy.
Auction
Security Model
0
Credible Neutrality
03
The Problem: The Yield Cartel
Restaking creates a financialized super-class of validators whose primary loyalty is to extract yield, not secure any specific chain. This aligns with the Lido governance problem but at the infrastructure layer.
- Operators form cartels to maximize restaking fees, creating centralized points of control.
- The result is a meta-governance layer that can hold individual protocols hostage.
Yield > Security
Validator Priority
Meta-Layer
Governance Risk
WHY CREDIBLE NEUTRALITY CANNOT BE RENTED
Security Model Comparison: Base Layer vs. Rented Security
A first-principles comparison of security derived from a protocol's own tokenized stake versus security outsourced to a third-party network.
| Security Feature / Metric | Base Layer (e.g., Ethereum, Solana) | Rented Security (e.g., EigenLayer, Babylon) | Hybrid / Restaking |
|---|---|---|---|
Economic Security Source | Native Token (ETH, SOL) | Delegated Stake from Base Layer | Native Token + Delegated Stake |
Slashing Jurisdiction | Protocol-native ruleset | Third-party AVS (Actively Validated Service) ruleset | Dual jurisdiction (native + AVS) |
Liveness Fault Cost | Full stake slashing (e.g., 32 ETH) | Partial slashing via delegation pool | Cascading slashing risk |
Censorship Resistance Guarantee | Credibly neutral by architectural design | Contingent on AVS operator neutrality | Dependent on base layer neutrality |
Maximum Extractable Value (MEV) Risk | Contained within base layer consensus | Amplified via cross-AVS MEV extraction | Multiplied across layers |
Time to Finality for Shared Security | Native consensus (e.g., 12.8 mins for Ethereum) | AVS consensus + base layer finality (~hours) | AVS finality + base layer checkpointing |
Protocol Upgrade Sovereignty | Full autonomy via governance | Subject to AVS operator set approval | Shared sovereignty with restaking pool |
Security Cost (Annualized) | Staking yield opportunity cost (~3-5%) | AVS operator fees + delegation fees (5-20%+) | Base layer yield cost + AVS fees |
deep-dive
THE INCENTIVE MISMATCH
The Slippery Slope: From Neutral Arbiter to Captive Security Provider
Rented security inherently corrupts neutrality, as the economic incentives of the provider will always supersede the protocol's.
Credible neutrality is a property, not a service. It emerges from a system's immutable design and incentive alignment, which cannot be outsourced to a third-party validator set like Polygon's AggLayer or a shared sequencer network.
Renters become captives. The security provider's revenue depends on the client's fees, creating a principal-agent conflict. The provider will prioritize its own chain's liveness or censor transactions to protect its cash flow.
Shared sequencers demonstrate this flaw. A sequencer serving both Arbitrum and a competing rollup will face irreconcilable conflicts in transaction ordering during MEV opportunities, inevitably favoring one chain.
Evidence: The Celestia vs. EigenDA debate centers on this. A dedicated data availability network's incentives align with neutrality; a rollup's attached DA layer does not.
counter-argument
THE MARKET FALLACY
Steelman & Refute: "But the Market Will Optimize!"
The argument that market competition will naturally produce credible neutrality is a fundamental misunderstanding of its cryptographic nature.
Credible neutrality is cryptographic, not economic. It is a property of a system's architecture, not its business model. A rented oracle like Chainlink or a sequencer auction like those proposed for L2s cannot retroactively engineer this property; it must be foundational.
Markets optimize for profit, not neutrality. Competition between providers like Lido and Rocket Pool drives efficiency and yield, not censorship resistance. The profit motive inherently creates centralization pressure and extractive incentives, as seen in MEV capture.
The endpoint is capture. Without a credibly neutral base layer, all higher-level optimizations—be it via intents on UniswapX or cross-chain messaging via LayerZero—become points of leverage. The market optimizes the rent extraction, not the public good.
risk-analysis
WHY RENTED NEUTRALITY FAILS
The Inevitable Risks of Renting Neutrality
Infrastructure neutrality cannot be outsourced; it must be a verifiable, protocol-native property.
01
The Oracle Problem: The Renter Becomes the Arbiter
A third-party 'neutral' service must interpret real-world data or state, creating a single point of trust and failure.
- Centralized Failure: The service (e.g., Chainlink, Pyth) becomes the de facto arbiter of truth for $100B+ in DeFi.
- Incentive Misalignment: The renter's profit motive (maximizing fees, MEV) directly conflicts with user outcomes.
- Regulatory Attack Surface: A single entity can be coerced or sanctioned, compromising the entire network it serves.
1
Point of Failure
$100B+
TVL at Risk
02
Sequencer Capture: The MEV Cartel
Rollups that rent sequencing from a centralized provider (e.g., many L2s) cede control of transaction ordering, the ultimate source of value.
- Extractable Value: The sequencer can front-run, censor, or reorder transactions, capturing >90% of chain MEV.
- Fragile Liveness: Users rely on a single entity's liveness; if it fails, the chain halts.
- Protocol Neutrality Voided: The sequencer can favor its own DApps or partners, turning the L2 into a captured platform.
>90%
MEV Capture
0
Decentralization
03
The Bridge Custodian: Your Assets Are Their IOU
Bridged assets are liabilities on the destination chain, secured only by the bridge's multisig or validator set.
- Counterparty Risk: $2B+ has been stolen from bridges (Wormhole, Ronin) because the custodian was compromised.
- Rug Risk: The bridge operators can freeze or confiscate assets at will, as seen with sanctioned Tornado Cash funds.
- Neutrality Theater: Bridges like LayerZero and Across market decentralization but rely on a handful of validators for finality.
$2B+
Stolen from Bridges
<10
Key Holders
04
Intent-Based Routing: The Searcher's Dilemma
Protocols like UniswapX and CowSwap outsource execution to a network of searchers, trading centralization for efficiency.
- Opaque Auction: The 'winning' searcher is selected off-chain by a centralized relayer, with no verifiable fairness.
- Rent Extraction: Searchers bundle user intents to maximize their profit, not user surplus.
- Neutrality by Committee: The system is only as neutral as the relayer's rules, which can be changed unilaterally.
Off-Chain
Auction
100%
Opaque Fees
05
The Staking-As-A-Service Trap
Delegating stake to centralized providers (e.g., Coinbase, Lido, Binance) for convenience erodes consensus security.
- Voting Bloc Risk: A few large providers control >33% of stake on networks like Ethereum, risking finality.
- Slashing Centralization: The provider's failure (bug, attack) causes mass slashing for passive delegators.
- Governance Capture: The provider votes with its pooled stake, overriding the will of individual token holders.
>33%
Stake Controlled
Mass
Slashing Risk
06
The Solution: Protocol-Native Neutrality
Credible neutrality is a cryptographic property, not a service level agreement. It must be enforced by the protocol's own state transition function.
- Verifiable Sequencing: Force transaction ordering through a decentralized sequencer set or based on pure cryptography (e.g., time).
- Trust-Minimized Bridges: Use light clients or validity proofs (zk-proofs) to verify state, not validator signatures.
- Stake Distribution: Design incentives that penalize centralization (e.g., quadratic slashing, stake caps).
0
Trust Assumptions
Protocol
Native Enforcement
takeaways
THE RENT IS TOO DAMN HIGH
TL;DR for Protocol Architects
Credible neutrality is a core property, not a service you can outsource. Renting it introduces systemic fragility.
01
The Oracle Problem is a Proxy
Relying on third-party oracles like Chainlink or Pyth for neutrality outsources your protocol's most critical governance function: truth. This creates a single point of failure and political capture.
- Key Risk: Oracle committee decisions become de-facto protocol upgrades.
- Key Limitation: Latency and cost for ~500ms updates create arbitrage vectors.
- The Reality: You haven't solved neutrality; you've just delegated it to a different set of humans.
1
Point of Failure
~500ms
Decision Latency
02
Sequencers Are Not Sovereign
Using a shared sequencer like Espresso or Astria for "neutral" ordering trades liveness for credible neutrality. The sequencer operator becomes a centralized arbiter of MEV and censorship.
- Key Risk: Sequencer downtime halts your entire rollup ecosystem.
- Key Trade-off: You gain interoperability but inherit the sequencer's political and technical risks.
- The Reality: This is the shared security debate for execution layers. Can you trust a profit-maximizing entity to be neutral?
100%
Liveness Dependency
$$$
MEV Control
03
Intent Solvers as Cartels
Architectures like UniswapX and CowSwap that rely on solver networks for fulfillment replace transparent on-chain logic with opaque off-chain competition. The winning solver is the one with the best private orderflow, not the most neutral.
- Key Risk: Solver market consolidation leads to extractable value being captured by a few players.
- Key Illusion: User gets a good price, but the system's neutrality degrades into a private bidding war.
- The Reality: This optimizes for efficiency at the direct cost of verifiable, credibly neutral process.
Opaque
Auction Process
Cartel Risk
Market Structure
04
Bridge Guardians are Attack Vectors
Multisig or MPC-based bridges like those from Wormhole or LayerZero rent security from a set of external validators. This creates a $10B+ TVL honeypot secured by off-chain social consensus.
- Key Risk: Validator set compromise or collusion leads to total fund loss.
- Key Flaw: Neutrality is defined by a mutable, often anonymous, permissioned set.
- The Reality: Every major bridge hack stems from this rented security model. True neutrality requires cryptoeconomic finality.
$10B+
TVL at Risk
Social
Security Layer
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall