DACs reintroduce trusted validators. A Data Availability Committee (DAC) is a permissioned, off-chain group that signs off on data availability, replacing the cryptoeconomic security of L1s like Ethereum. This creates a centralized failure point, as seen in early Arbitrum Nova and Boba Network implementations.
security-post-mortems-hacks-and-exploits
Blog
Why Data Availability Committees Are a Security Compromise, Not a Solution
An analysis of how Data Availability Committees (DACs) reintroduce trusted third parties into rollup architectures, creating new attack vectors and undermining the cryptographic guarantees of pure validity proofs.
introduction
THE DATA
The Great Rollup Trade-Off: Trust for Throughput
Data Availability Committees sacrifice blockchain's core security guarantee for temporary scaling, creating a systemic risk vector.
The trade-off is explicit. You exchange permissionless verification for higher throughput and lower cost. This is a security compromise, not a scaling solution. It's a temporary bridge for apps that prioritize user experience over decentralization.
The security model degrades. Attack vectors shift from expensive 51% L1 attacks to cheaper collusion or coercion of committee members. This makes the system vulnerable to legal and social attacks, unlike pure rollups using Ethereum calldata or EigenDA.
Evidence: The Celestia and EigenLayer ecosystems promote DACs and validiums as scaling paths, but their security is quantifiably lower. A 4-of-6 DAC has a failure threshold of 4 entities, whereas Ethereum's security rests on billions in staked ETH.
key-insights
SECURITY TRADEOFFS
Executive Summary: The DAC Security Paradox
Data Availability Committees (DACs) are marketed as a pragmatic scaling solution, but they reintroduce the exact trust assumptions that decentralized blockchains were built to eliminate.
01
The Permissioned Core
DACs replace cryptographic guarantees with a multi-signature committee of known entities. This creates a permissioned bottleneck for data availability, directly contradicting the credibly neutral foundation of L1s like Ethereum.\n- Security Model: Shifts from cryptoeconomic to legal/social.\n- Attack Surface: A simple 51% collusion of committee members can censor or falsify data.
5-10
Typical Members
51%
Collusion Threshold
02
The Liveness vs. Censorship Dilemma
Unlike Ethereum's data sharding (Danksharding) or Celestia, which provide liveness guarantees via proof-of-stake, DACs have no slashing mechanism for withholding data. Users must trust the committee's continued goodwill.\n- Failure Mode: Committee can passively censor by going offline.\n- Recourse: None, beyond legal action against identified entities.
0
Slashing Penalty
100%
Trust Required
03
The Validator's Asymmetric Risk
Rollup validators must process blocks based on DAC signatures, not the data itself. This creates asymmetric risk: a malicious DAC can get validators to commit invalid state transitions. The security of billions in TVL rests on a handful of signatures.\n- Bridge Risk: Projects like LayerZero and Across relying on DAC-based chains inherit this weakness.\n- Audit Reliance: Security reduces to off-chain audits of committee members.
$1B+
TVL at Risk
~7 Days
Fraud Proof Window
04
Celestia & EigenDA: The Cryptographic Alternatives
True solutions use data availability sampling (DAS) and cryptoeconomic security. Celestia scales DA via light client networks, while EigenDA leverages Ethereum's restaking pool. Both eliminate trusted committees.\n- Core Innovation: Data availability proofs vs. signature lists.\n- Throughput: EigenDA targets 10 MB/s, Celestia scales with nodes.
1000s
Light Nodes
$10B+
Restaked Security
05
The Interim Illusion
Proponents frame DACs as a temporary bridge to full decentralization. In practice, they create vendor lock-in and path dependency. Migrating a live rollup's DA layer is a high-risk, complex migration that rarely happens.\n- Historical Precedent: Proof-of-Authority networks rarely evolved to Proof-of-Stake.\n- Cost Trap: Cheap, centralized DA disincentivizes investment in robust alternatives.
0
Major Migrations
-90%
Cost vs. Ethereum
06
The Regulatory Attack Vector
A known, KYC'd committee is a visible target for regulators. A single jurisdiction can compel the entire committee to censor transactions, fundamentally breaking the chain's neutrality. This is a systemic risk for the modular stack.\n- Contagion Risk: Compromised DA layer affects all connected rollups and bridges.\n- Compliance: Inherently conflicts with anti-censorship properties.
1
Jurisdiction to Break
100%
Chain Censorship
thesis-statement
THE TRUST TRAP
Core Argument: DACs Are a Systemic Security Regress
Data Availability Committees reintroduce centralized trust into scaling solutions, creating a systemic vulnerability that undermines blockchain's core value proposition.
DACs reintroduce trusted validators. A Data Availability Committee is a permissioned set of entities that sign attestations, replacing the cryptoeconomic security of a decentralized network with a multisig of known parties.
This creates a single point of failure. The security model collapses from thousands of global validators to the honest majority assumption of a small committee, which is vulnerable to legal coercion or collusion.
It is a security regression from rollups. Validiums like Immutable X and Sorare using DACs trade full Ethereum security for scalability, a compromise that Ethereum-native rollups like Arbitrum and Optimism avoid.
Evidence: The security budget of a DAC is its legal reputation, not staked capital. A 7-of-10 multisig securing billions is a more attractive target than a $50B Ethereum validator set.
DATA AVAILABILITY TRADEOFFS
Security Spectrum: Rollup vs. Validium vs. DAC
A comparison of scaling solutions based on their data availability guarantees, which directly determine security and censorship resistance.
| Feature / Metric | Rollup (ZK or Optimistic) | Validium (e.g., StarkEx) | Data Availability Committee (DAC) |
|---|---|---|---|
Data Availability Layer | On-chain (Ethereum L1) | Off-chain (Custodians) | Off-chain (Committee Signatures) |
Censorship Resistance | |||
Data Withholding Attack | Impossible (Data on L1) | Possible (Custodian collusion) | Possible (Committee collusion) |
Withdrawal Safety Guarantee | Cryptographic (ZK) or Economic (Fault Proof) | Committee Permission | Committee Permission |
Time to Data Unavailability Proof | N/A (Data is available) | ~14 days (via L1 escape hatch) | N/A (No L1 escape hatch) |
Typical Committee Size | N/A | N/A | 5-10 entities |
Trust Assumption | Only L1 security | Trust custodians not to collude | Trust committee majority to be honest |
Example Systems | Arbitrum, zkSync Era, Base | Immutable X, dYdX (v3) | Polygon Avail (early), StarkEx (optional) |
deep-dive
THE TRUST TRAP
Deconstructing the DAC Trust Model
Data Availability Committees reintroduce centralized trust into scaling solutions, creating systemic risk for the applications built on them.
DACs reintroduce trust assumptions. They replace the cryptographic security of full data availability with a multisig of known entities. This creates a permissioned bottleneck, directly contradicting the permissionless ethos of the base layer.
Security is a weakest-link game. A DAC's security collapses to the honesty of its smallest honest majority. If 4 of 7 members collude, the chain's state can be rewritten. This is a regression from L1 security, not an evolution.
The liveness-risk is systemic. If a DAC fails to sign, the entire rollup halts. This creates a single point of failure for protocols like Aave or Uniswap deployed on that chain, making their uptime dependent on committee coordination.
Evidence: The Celestia precedent. Projects like Manta Pacific and Arbitrum Nova use DACs for cost savings, accepting this trade-off. Their security model is now defined by the legal jurisdictions and operational security of the committee members, not math.
case-study
WHY DACs ARE A COMPROMISE
Case Studies in Committee Failure
Data Availability Committees (DACs) trade decentralization for speed, creating systemic risks that have already manifested.
01
The Celestia Fallacy: Decentralization Theater
Celestia popularized the DAC model, but its security is probabilistic and liveness-dependent. A small, permissioned committee signing off on data creates a single point of failure.
- Security Model: Relies on 1-of-N honesty from a known set, not cryptographic guarantees.
- Failure Mode: If the committee stops signing, the entire L2 chain halts.
- Real Risk: A 51% cartel of committee members can censor or withhold data, breaking the chain's state.
1-of-N
Honesty Assumption
~10-20
Typical Members
02
Polygon Avail: The Liveness Trap
Polygon's initial Avail design relied on a DAC, exposing the fundamental liveness-risk trade-off. The system's availability was only as good as its committee's uptime.
- Core Weakness: Data is "available" only if the designated signers are online and cooperative.
- Contrast to DAS: Unlike Data Availability Sampling (DAS) used by Celestia now or EigenDA, users cannot independently verify availability.
- Market Shift: This flaw directly motivated Polygon's pivot to a validium with PoS guardians, a tacit admission of the DAC's insufficiency.
100%
Liveness Dependent
Offline = Halt
Failure State
03
Arbitrum Nova: The Centralization Premium
Arbitrum Nova uses a DAC (the Data Availability Committee) managed by Offchain Labs to reduce fees. It's the canonical example of sacrificing security for cost, creating a two-tier ecosystem.
- Explicit Trade-off: Users opt into lower security for ~10x cheaper transactions vs. Arbitrum One.
- Committee Control: A multisig of 7-10 entities (like Consensys, Google Cloud, QuickNode) can theoretically collude.
- Systemic Risk: A $2B+ chain (Nova's TVL) depends on the honesty and coordination of a handful of corporations.
$2B+
TVL at Risk
7-10
Multisig Members
counter-argument
THE REALITY OF SCALE
Steelman: The Pragmatist's Defense of DACs
Data Availability Committees are a necessary, temporary security compromise to achieve practical scaling before full decentralization is feasible.
DACs are a pragmatic bridge. They trade absolute decentralization for immediate, high-throughput scaling that pure on-chain solutions like Ethereum cannot yet provide. This is the core trade-off for protocols like Arbitrum Nova.
The security model is quantifiable. A DAC's security is not binary; it is a function of the committee's economic stake and legal jurisdiction. This is a more transparent and auditable risk than opaque sequencer centralization.
They enable real applications now. Projects requiring sub-cent fees and instant finality, such as hyper-casual gaming or social apps, cannot wait for danksharding or Celestia's full adoption. DACs deliver a viable product today.
Evidence: Arbitrum Nova, powered by the Offchain Labs DAC, processes the majority of the network's transactions, demonstrating clear market demand for this performance tier despite its security model.
FREQUENTLY ASKED QUESTIONS
Frequently Challenged Questions
Common questions about the security trade-offs of Data Availability Committees (DACs) in blockchain scaling.
A Data Availability Committee (DAC) is a small, permissioned group of entities that signs off on data availability for a rollup. Instead of posting all transaction data to a base layer like Ethereum, the DAC cryptographically attests that the data is available. This reduces costs but introduces trust assumptions, as users must rely on the committee's honesty. Protocols like Arbitrum Nova and early versions of Polygon Avail have employed this model as a transitional scaling step.
takeaways
THE DAC DILEMMA
Architect's Checklist: Navigating the DA Landscape
Data Availability Committees trade decentralization for speed, creating systemic risks for high-value applications.
01
The Liveness-Security Tradeoff
DACs are a liveness assumption, not a cryptographic guarantee. A super-majority of signers must remain honest and online for data to be available. This fails under targeted attacks or collusion, unlike Ethereum or Celestia which use data availability sampling.
- Risk: Single point of failure for rollup state.
- Reality: Acceptable only for low-value, short-lived transactions.
1-of-N
Failure Mode
~1s
False Latency
02
The Sovereign Cartel Problem
Committee membership is permissioned and static, creating a trusted cartel. This contradicts blockchain's core value proposition. Projects like Polygon Avail and EigenDA avoid this by using cryptoeconomic security and proof-of-stake.
- Consequence: Regulatory attack surface and governance capture.
- Alternative: Decentralized networks with slashing for malicious behavior.
5-10
Typical Members
0
Open Participation
03
The Data Withholding Attack
A malicious DAC can selectively withhold data from specific users or validators, preventing fraud proof generation. This is a silent failure that can go undetected until a withdrawal is censored. Validiums using DACs (like some StarkEx instances) explicitly accept this risk for scalability.
- Vulnerability: Unprovable state transitions.
- Mitigation: Requires fallback to a full DA layer like Ethereum.
Unprovable
Fraud Proofs
High
Exit Risk
04
The Economic Misalignment
DAC security is not backed by substantial, slashable stake. The cost of corruption is low compared to the value secured. Compare to Celestia, where malicious data withholding leads to >33% stake slashing, or Ethereum where proposers lose their block reward.
- Incentive: Committee profit vs. network security.
- Result: Security budget ≠Secured Value.
Low
Slashable Stake
$10B+
Potential TVL at Risk
05
The Interoperability Fragmentation
Each DAC is a unique trust set, fracturing security assumptions across the modular stack. Bridges and oracles (like Chainlink) must now trust multiple committees, increasing systemic complexity and risk. LayerZero's Oracle/Relayer model faces similar critiques.
- Friction: No universal security layer for light clients.
- Outcome: Compounded trust assumptions weaken the entire system.
N
Trust Sets
High
Integration Risk
06
The Path Forward: Hybrid Models
The pragmatic solution is a hybrid approach. Use a DAC for high-speed, low-value batches with an Ethereum or Celestia fallback triggered by fraud proofs or time delays. This is the model explored by Arbitrum Nova and zkSync's upcoming upgrades.
- Strategy: Optimistic for speed, pessimistic for security.
- Design: Clear, enforceable escalation pathways to a secure layer.
>10x
Cost Savings
Fallback
Security Guarantee
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall