Shared security is a public good that every dApp and user consumes, but few directly pay for. This creates a classic economic free rider problem where the cost of securing the base layer (e.g., Ethereum L1) is not proportionally borne by the entities that benefit most from it.
liquid-staking-and-the-restaking-revolution
Blog
The Cost of Permissionlessness in a World of Shared Security
The restaking revolution promises shared security for new protocols (AVSs). But permissionless AVS creation exports the burden of due diligence to every restaker, creating a classic tragedy of the commons in risk assessment. This is the systemic flaw in the model.
introduction
THE COST OF FREE
Introduction: The Free Rider Problem in Crypto's Security Market
Permissionless blockchains create a security commons where value extraction outpaces contributions, undermining the economic foundation of the network.
Layer 2 rollups like Arbitrum and Optimism are the primary beneficiaries and free riders. They derive final security from Ethereum's validators but capture transaction fees and MEV on their own chains, creating a value extraction imbalance. Their security contribution is a one-way fee payment, not a stake in the system's health.
The economic model is broken. Protocols like Uniswap and Aave generate billions in fees on L2s, but their economic activity does not directly reinforce the L1 security budget. This makes the security budget a liability for the base chain, not an asset shared by its ecosystem.
Evidence: Ethereum's L1 security spend (issuance + fees) is ~$10B annually. The top five L2s generate over $500M in annualized revenue but contribute less than 5% of that back to L1 security via base fees. The security subsidy is unsustainable.
thesis-statement
THE ECONOMIC DILUTION
Core Thesis: Permissionless AVS Launches Inevitably Degrade Security Quality
Permissionless AVS deployment fragments staked capital, diluting the economic security of each individual service and the underlying network.
Economic security is a zero-sum resource. The total value securing the EigenLayer ecosystem is finite. Each new permissionless AVS launched fragments this capital, reducing the slashing risk any individual operator faces for any single service.
Security is not additive, it's divided. A node operator securing 10 AVS does not have 10x the stake at risk. Their total stake is slashed across all services, creating risk-dilution that makes coordinated attacks cheaper.
This creates a tragedy of the commons. Operators are economically incentivized to opt into every AVS to maximize rewards, but this maximizes systemic fragility. The security model of EigenLayer assumes rational, profit-maximizing actors, which guarantees this outcome.
Evidence: In testnets, we observe operators joining dozens of AVS with minimal due diligence. This mirrors the early DeFi yield-farming dynamic, where capital chased the highest APY with no regard for underlying risk, leading to systemic failures.
key-trends
THE PERMISSIONLESS TRAP
The Three Trends Creating This Systemic Flaw
The foundational promise of permissionless composability is now its greatest vulnerability, creating systemic risk across the DeFi stack.
01
The Problem: Unchecked Composability
Smart contracts are designed to be open, permissionless, and composable. This creates a cascading failure risk where a single protocol exploit can drain liquidity from dozens of dependent applications. The attack surface is the entire ecosystem.
- Example: The Euler Finance hack impacted over 10 dependent protocols.
- Result: $10B+ TVL is perpetually exposed to upstream dependencies.
10B+
TVL at Risk
100+
Dependent Protocols
02
The Solution: Shared Security as a Liability
Layer 2s and app-chains inherit security from their parent chain (e.g., Ethereum via rollups). This creates a single point of consensus failure and a shared economic attack vector. A successful attack on the base layer or a major bridge compromises all child chains.
- Example: The Ronin Bridge hack ($625M) exploited a centralized validator set.
- Result: ~$50B in bridged assets are secured by often-opaque multisigs.
50B+
Bridged Assets
50+
Active L2s/Chains
03
The Catalyst: MEV as Systemic Risk
Maximal Extractable Value (MEV) is now a protocol-level threat. Generalized frontrunning and sandwich attacks are not just a tax; they enable time-bandit attacks that can reorg chains or censor transactions, undermining finality for all users.
- Example: Flashbots and PBS centralize block building power.
- Result: ~$1B+ in MEV extracted annually creates perverse incentives.
1B+
Annual MEV
>60%
Builder Market Share
COST OF PERMISSIONLESSNESS
The Due Diligence Gap: Operator vs. Restaker
A risk and responsibility matrix comparing the due diligence burden for an active operator versus a passive restaker in shared security systems like EigenLayer.
| Due Diligence Dimension | Active AVS Operator | Passive Native Restaker | Passive LST Restaker |
|---|---|---|---|
Direct Slashing Risk | Direct, uncapped liability | Indirect, capped by delegation | Indirect, capped by LST provider |
Required Technical Ops | 24/7 node ops, key management, upgrades | None | None |
Capital Efficiency | ~100% (self-stake only) | ~90% (after delegation fees) | ~85-95% (after LST fees & protocol cut) |
Upfront Capital Requirement | 32 ETH minimum + operational buffer | Any amount > 0 | Any amount > 0 |
Ongoing Monitoring Duty | Continuous AVS health, consensus, slashing conditions | Operator performance & slashing history | LST provider solvency & operator set |
Exit Flexibility / Unbonding Period | Immediate (but with operational wind-down) | 7+ days (EigenLayer queue) | 1-7 days (LST redemption) + EigenLayer queue |
Fee Revenue Capture | 100% of operator rewards | Rewards minus operator commission (5-20%) | Rewards minus LST fee (5-15%) and operator commission |
Counterparty Risk Exposure | Only to the AVS | To the chosen operator(s) | To the LST protocol AND the underlying operator(s) |
deep-dive
THE PERMISSIONLESS TAX
Deep Dive: How the Commons Gets Tragic
Shared blockchain security creates a tragedy of the commons where rational, permissionless actors degrade the network for everyone.
Permissionless access is a tax on shared resources like block space and state. Every new token launch on Ethereum or L2 like Arbitrum consumes global compute and storage, imposing costs on all other applications without direct compensation.
Maximal Extractable Value (MEV) is the purest economic expression of this tragedy. Searchers and builders like Flashbots compete for priority, raising gas fees and creating network congestion that externalizes costs onto regular users.
The counter-intuitive solution is centralization. Private mempools (e.g., Flashbots Protect, bloXroute) and off-chain order flow auctions (e.g., CowSwap) emerge to internalize externalities, creating a two-tiered system that contradicts decentralization ideals.
Evidence: Ethereum's base fee spikes 1000%+ during NFT mints or meme coin frenzies, a direct cost imposed by one application's users on all others sharing the L1 security commons.
counter-argument
THE COST OF FRICTION
Counter-Argument: Won't the Market Self-Correct?
The market's self-correction is impeded by the prohibitive cost of migrating away from a compromised shared security layer.
The exit cost is prohibitive. A protocol like Aave or Uniswap cannot simply 'choose' a new rollup. Migrating billions in TVL requires coordinated liquidity migration, smart contract redeployment, and user education, creating a collective action problem that favors the status quo.
Security is a sticky default. Users and developers default to the path of least resistance. The network effects of Ethereum L1 security and the existing tooling (like The Graph for indexing) create immense inertia, making a compromised but functional chain a 'too big to fail' entity.
The correction is not atomic. A market correction implies capital instantly flowing to superior options. In practice, exploits like those on Wormhole or Nomad demonstrate that capital flight is slow and chaotic, leaving protocols exposed on a weakened chain for months.
Evidence: The Polygon PoS chain, despite its well-documented security trade-offs versus a rollup, retains significant TVL because the migration cost to Polygon zkEVM or an L2 exceeds the perceived marginal security benefit for most deployed applications.
risk-analysis
THE COST OF PERMISSIONLESSNESS
The Bear Case: Cascading Failure Scenarios
Shared security models inherit systemic risk; a single weak link can compromise the entire network's economic security.
01
The L2 Bridge Oracle Problem
Most L2s rely on a small, permissionless committee to post state roots to L1. A 51% collusion or a critical bug in a dominant client like OP Stack can forge fraudulent withdrawals, draining the shared bridge of $10B+ TVL. The solution isn't more validators, but cryptographic proofs like validity proofs (zk-rollups) or optimistic fraud proofs with robust economic slashing.
1-7 Days
Challenge Window
$10B+
TVL at Risk
02
The Shared Sequencer Centralization Trap
Networks like Espresso or Astria promise decentralized sequencing for rollups. However, if a single shared sequencer captures >66% of rollup volume, it becomes a centralized liveness bottleneck and censorship vector. A failure or attack here halts dozens of chains simultaneously, creating a cascading liquidity freeze across Arbitrum, Optimism, and Base.
>66%
Critical Threshold
~0s
Recovery Time
03
MEV-Driven Reorg Attacks on L1 Finality
Ethereum's in-protocol proposer-builder separation (PBS) mitigates MEV centralization. However, a super-majority of builders/relays colluding could execute a deep reorg for profit, breaking finality for all L2s settled on Ethereum. This would invalidate thousands of L2 blocks instantly, forcing protocols like Aave and Uniswap to halt across all layers.
34+ ETH
Stake to Attack
Mass
Exit Liquidity
04
The Interoperability Layer Risk Concentration
Cross-chain messaging protocols like LayerZero, Axelar, and Wormhole become systemic risk hubs. A vulnerability in a widely adopted light client or multisig (e.g., Wormhole's 19/32 guardian model) doesn't just drain one chain—it enables minting infinite wrapped assets on Ethereum, Solana, and Avalanche simultaneously, collapsing the $50B+ cross-chain DeFi ecosystem.
19/32
Multisig Quorum
$50B+
Systemic TVL
05
Economic Abstraction and the Fee Death Spiral
L2s abstract gas fees, letting users pay with ERC-20s. In a crash, the liquidity for these fee tokens (e.g., $ARB, $OP) evaporates. Validators cannot pay L1 settlement costs, causing chain halts. This creates a reflexive loop: chain halts → token price drops → further inability to pay fees. Celestia's data availability does not solve this economic security requirement.
-99%
Liquidity Crash
Hours
To Halt
06
The Modular Data Availability Time Bomb
Rollups using external DA like Celestia or EigenDA trade security for cost. If the DA layer experiences data withholding or prolonged unavailability, rollups cannot reconstruct their state. With Ethereum's EIP-4844 blobs, L2s have a ~2-week recovery window. With pure modular DA, the window may be zero, instantly freezing all funds on chains like Manta or Scroll.
0s
Recovery Window
100+
Chains Affected
future-outlook
THE COST OF PERMISSIONLESSNESS
Future Outlook: The Inevitable Re-Centralization of Trust
Shared security models will concentrate trust in a few dominant, capital-intensive providers, creating a new hierarchy.
Permissionless validation is a tax that most applications cannot afford. The economic overhead of bootstrapping a decentralized validator set for every new chain is prohibitive. Projects will instead rent security from established providers like EigenLayer, Babylon, or Cosmos Hub. This creates a trust market where security is a commodity, not a principle.
Shared security centralizes power at the infrastructure layer. While applications remain permissionless, their underlying security depends on a handful of restaking or interchain security providers. This mirrors the current reliance on AWS/GCP, but for consensus. The result is a re-centralization of cryptographic trust, not compute.
The market will consolidate around a few dominant security providers. Network effects and capital efficiency create a winner-take-most dynamic. We see this already with EigenLayer's TVL dominance over smaller competitors. The future is a multi-chain world secured by a handful of monolithic trust layers.
takeaways
THE SECURITY TRILEMMA
TL;DR for Protocol Architects and VCs
Shared security models like restaking and EigenLayer create a new cost structure: capital efficiency is now a direct trade-off with systemic risk and validator performance.
01
The Problem: Shared Security is a Correlated Risk Sink
Restaking pools like EigenLayer concentrate slashing risk across hundreds of AVSs. A single catastrophic bug in a minor AVS can trigger a cascading liquidation across the entire ecosystem, turning a $10B+ TVL pool into systemic contagion.
- Correlated Failure: Non-independent faults create network-wide tail risk.
- Capital Inefficiency: Security isn't additive; it's diluted and shared.
- Opaque Pricing: Risk is subsidized by the pool, disincentivizing rigorous AVS audits.
$10B+
TVL at Risk
100+
Correlated AVSs
02
The Solution: Intent-Centric Execution & Specialized Provers
Decouple security from execution. Use intent-based architectures (UniswapX, Across) to abstract complexity away from the settlement layer. Offload compute to specialized, bonded provers (e.g., RISC Zero, Succinct) whose failure is isolated.
- Risk Containment: Prover failure only affects its specific service, not the base layer.
- Performance: Dedicated hardware enables ~500ms proof generation vs. general-purpose L1s.
- Market Pricing: Security is priced per service, creating accurate risk markets.
~500ms
Proof Time
-90%
Settlement Gas
03
The Trade-Off: Sovereign Rollups vs. Shared Sequencers
Celestia-style rollups own their sequencer for maximal sovereignty and fee capture, but bootstrap their own validator set. Shared sequencer networks (Astria, Espresso) offer instant liquidity and cross-rollup atomicity, but reintroduce a central point of liveness failure and potential MEV leakage.
- Sovereignty Cost: Higher initial capital to secure a new chain.
- Shared Benefit: Instant composability and ~1s finality from a pre-staked network.
- Architectural Lock-in: Choosing a stack (OP Stack, Arbitrum Orbit) often pre-selects your security model.
~1s
Finality
2-5s
Sovereign Latency
04
The Metric: Cost of Corruption per Dollar Secured
Move beyond TVL. The key metric is Cost of Corruption (CoC): the capital an attacker must expend to compromise the system. High TVL with low CoC (e.g., many small, delegated validators) is fragile. Optimize for CoC/TVL ratio.
- Ethereum: High CoC via ~$100B staked, but slow to evolve.
- Alt-L1s: Lower CoC, but full control over stack enables faster innovation.
- Hybrids: EigenLayer increases TVL but may not proportionally increase CoC for specific AVSs, creating weak links.
CoC/TVL
Key Ratio
~$100B
ETH Staked
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall