Why Staking Models for Provers Are Fundamentally Flawed

To slash a prover for a faulty proof, you need an oracle to verify the proof was wrong. This creates a circular dependency: the entire system's security relies on a faster, more secure verification method than the one you're trying to secure.

• Recursive Insecurity: You need a 'higher court' prover to judge the first, leading to infinite regress.
• Verifier's Dilemma: If on-chain verification is cheap enough to judge, the prover network is redundant.
• Economic Mismatch: Slashing a $1M bond for a $10k computation job is catastrophic overkill.

Slashing for liveness failures (e.g., being offline) is catastrophic for decentralized prover networks. It directly attacks the redundancy the network needs to be robust.

• Penalizing Redundancy: If 9/10 provers are honest but slow, slashing them degrades network health.
• MEV-Driven Censorship: A dominant staking prover could selectively delay or censor proofs to trigger slashing of competitors.
• Capital Lockup Inefficiency: $1B+ in TVL sitting idle as slashable bonds is capital that could be generating proofs.

Models like EigenLayer's 'attributable security' or shared slashing pools simply socialize risk and create moral hazard. They don't solve the core verification problem.

• Risk Contagion: A bug in one AVS (Active Validation Service) can drain the shared pool, collapsing unrelated services.
• Pricing Impossibility: Actuarially pricing the risk of a novel cryptographic fault is guesswork.
• Adversarial Alignment: A rational actor will exploit the weakest-linked AVS to drain the shared pool, as seen in cross-chain bridge hacks.

The viable model is a competitive, un-staked market for proof generation. Security emerges from continuous performance, not locked capital.

• Performance Bonds, Not Stakes: Provers post re-bondable bonds for workload allocation, not slashable for correctness.
• Continuous Auditing: Fraud is detected via probabilistic verification and economic arbitration (e.g., fraud proofs, multi-prover schemes).
• Real-World Precedent: This is how AWS, Cloudflare, and BloXroute operate—reputation and SLA breaches replace slashing.

Staking forces provers to lock capital for a task (computation) that requires negligible collateral but significant CPU/GPU resources. This creates artificial scarcity and inefficient capital allocation.

• Capital inefficiency: Ties up $100M+ in stake for a job that costs $100 in electricity.
• Barrier to entry: Favors capital-rich, not compute-rich, participants.
• Misaligned slashing: Penalizing for downtime is irrelevant; the real failure is producing an invalid proof.

A competitive, permissionless auction (like a proof-of-work market) where sequencers bid for the cheapest, fastest valid proof. This mirrors real-world compute markets (AWS Spot Instances).

• Dynamic pricing: Proof cost reflects real-time supply (prover capacity) and demand (rollup blocks).
• Permissionless participation: Any prover with a GPU can join; no stake required.
• Efficiency: Drives costs toward the marginal cost of electricity + hardware depreciation.

RISC Zero's Bonsai network is a live example of a proof marketplace. It decouples proof generation from specific chains, creating a neutral utility layer.

• Universal verifiability: Any chain (Ethereum, Avalanche, Solana) can request a ZK proof of arbitrary computation.
• Prover competition: A decentralized network of provers competes on price and speed for jobs.
• No app-specific staking: Removes the need for each rollup to bootstrap its own prover staking pool.

Staking is designed to secure consensus, not computation. For validity proofs, security is cryptographic, not economic. A single honest prover can always produce the correct proof.

• Cryptographic finality: A valid ZK proof is objectively true; staking adds no additional security.
• Liveness vs. correctness: Staking pools guard against liveness failure (not posting), but a market with many provers provides superior liveness guarantees.
• Real threat model: The risk is prover collusion to censor, not stealing funds, which a decentralized market mitigates.

The correct economic model is a simple fee-for-service transaction, settled upon delivery of a valid proof. This aligns with the UniswapX and Across intent-based model for bridging.

• No locked capital: Provers are paid per job, freeing capital for other uses.
• Cost transparency: Fees are explicit and competitive, not hidden via inflation/staking rewards.
• Sybil resistance: Achieved via proof-of-work (the actual computation), not proof-of-stake.

Proof generation will commoditize. Markets will emerge for specific proof systems (Groth16, Plonk, STARKs) and hardware (GPU, FPGA, ASIC), similar to mining pools. LayerZero's Oracle/Relayer model shows the blueprint.

• Vertical specialization: Provers optimize for specific ZK circuits (e.g., ECDSA, Keccak).
• Hardware markets: Dedicated providers (like Espresso Systems for sequencing) will dominate.
• Network effects: The most liquid proof market becomes the default utility layer for all rollups.

Locking capital for security is a legacy model from L1s like Ethereum. For provers, it creates massive overhead and a $1B+ opportunity cost for operators. This cost is passed to users as higher fees, making ZK-Rollups like zkSync and StarkNet less competitive versus Optimistic Rollups.

• Inefficient Security: Security scales with capital, not computational integrity.
• Barrier to Entry: Only well-funded entities can participate, leading to centralization.
• Liquidity Lockup: Capital is idle, unable to be deployed in DeFi protocols like Aave or Compound.

Slashing for faulty proofs is a blunt instrument. It fails to account for honest software bugs or network latency, punishing operators for failures unrelated to malice. This creates risk aversion, stifling innovation and reducing the pool of reliable provers.

• Punishes Honest Errors: A bug in a Cairo or Circom circuit can trigger catastrophic loss.
• Creates Legal Risk: Operators face existential financial risk, requiring complex insurance from protocols like Nexus Mutual.
• Incentivizes Conservatism: Provers avoid cutting-edge optimizations to minimize slashing risk.

A staking-based prover network has a hard scalability limit. The time-to-finality is gated by the slowest, most conservative staker in the committee. This is antithetical to high-performance ZK-VMs like RISC Zero or SP1, which are designed for ~1 second proof times.

• Lowest Common Denominator: Performance is dictated by the weakest node.
• Latency Inefficiency: Cannot leverage specialized hardware (ASICs, GPUs) to their full potential.
• Bottleneck for Apps: Limits TPS for dApps on Scroll, Polygon zkEVM, and other ZK L2s.

Replace staking with a real-time, auction-based market for proof generation. Provers post small, short-duration bonds (not massive stakes) and compete on price and latency for each proof job. This is the model pioneered by Espresso Systems with their HotShot sequencer.

• Capital Efficiency: Bonds are 100-1000x smaller than traditional stakes.
• Performance-Based: Fastest, cheapest provers win work, driving optimization.
• Dynamic Security: Bond size adjusts based on proof value and prover reputation.

Select provers based on a continuously updated reputation score derived from proof correctness and latency, not capital at risk. Faults lead to reputation loss and reduced work allocation, not immediate slashing. This mirrors the security model of The Graph's indexers.

• Aligns Incentives: Rewards consistent, reliable performance.
• Graceful Degradation: Isolates faulty provers without network-wide penalties.
• Low-Barrier Entry: New provers can build reputation with minimal upfront capital.

Decouple security from individual prover capital. A decentralized insurance pool (e.g., via Sherlock, Nexus Mutual) covers the cost of any faulty proof. Provers pay premiums proportional to their risk profile. Users are made whole instantly, and the market prices risk efficiently.

• User Protection: Guaranteed payout for verification failures.
• Professional Risk Pricing: Premiums reflect technical competence and reliability.
• Removes Single Point of Failure: No one operator holds catastrophic slashing risk.