Why Off-Chain Data Availability Relies on Broken Incentives

A permissioned set of known entities pledges to store data. This is security through reputation, not cryptography. The incentive to cheat is high if the cost of slashing is less than the profit from a malicious state transition.

• Trust Assumption: Honest majority of a small, known committee.
• Failure Mode: Collusion is economically rational if the attack profit > committee stake.
• Representative Entity: Polygon Avail in its initial enterprise-focused iteration.

Relies on a large, decentralized set of staked operators. While more decentralized, the cryptoeconomic security is not isomorphic to the consensus layer. Operators are slashed for not attesting to data they did receive, not for withholding data.

• Trust Assumption: Honest majority of staked operators acting as watchtowers.
• Failure Mode: Data can be withheld if a malicious operator subset never receives it, creating a liveness fault without a clear slashing condition.
• Incentive Flaw: Staking secures attestation, not data publication.

Shifts the security model from staking to cryptographic verification. Light clients download random data samples to probabilistically guarantee availability. The incentive to cheat is removed because fraud is mathematically detectable.

• Trust Assumption: The honesty of a single light client running Data Availability Sampling (DAS).
• Core Innovation: Security scales with the number of light samplers, not the size of a committee.
• Economic Alignment: Operators are paid for service, not trusted with security; the protocol enforces correctness.

Repurposes an existing L1's consensus and storage for DA. This creates a security subsidy but introduces a critical dependency. The economic security is that of the host chain, but the data is a second-class citizen competing for block space.

• Trust Assumption: Full security of the underlying L1 (e.g., NEAR, Ethereum).
• Failure Mode: Congestion and fee spikes on the host chain directly compromise the DA layer's liveness and cost.
• Incentive Tension: DA users are not first-priority stakeholders of the securing chain's validators.

Uses a hybrid model where data is posted to a scalable blob space on Ethereum. Security comes from the core protocol's consensus, while scalability is achieved via separate data channels. A short challenge period with fraud proofs allows for slashing of builders who withhold data.

• Trust Assumption: Ethereum's validator set is honest for the duration of the challenge window (~2 weeks).
• Incentive Design: Builders post a bond that can be slashed if fraud is proven, aligning short-term profit with long-term protocol health.
• Key Metric: The cost of corrupting Ethereum vs. the value secured by all rollups.

The endgame is intent-based data availability, where users express a willingness-to-pay for a specific security level. Solvers (like in CowSwap or UniswapX) compete to source the data from the cheapest provider that meets the threshold, creating a dynamic market for trust.

• Core Shift: Moves from monolithic, one-size-fits-all DA to a composable marketplace.
• Entities: Envision Across-style bridges or LayerZero V2 selecting DA based on cost/security intents.
• Incentive Perfection: Aligns user demand, solver profit, and provider service quality through pure market mechanics.

DACs centralize trust in a small, permissioned set of signers. Their incentive to remain honest is purely reputational and financial, which fails when the cost of collusion is less than the value they can steal.\n- Incentive Failure: No slashing for withholding data.\n- Risk: A 51% coalition can permanently censor a rollup's state.\n- Example: Early iterations of Arbitrum Nova and other Optimium-style chains.

EigenDA's security is a derivative of Ethereum's, but its cryptoeconomic security is circular and untested. Operators are slashed via EigenLayer, but the penalty is capped and may be insufficient to deter data withholding for a high-value attack.\n- Incentive Failure: Slashing caps create a maximum extractable value (MEV) ceiling for attacks.\n- Risk: A profitable attack vector emerges if the value secured exceeds the slashable amount.\n- Dependency: Security is a function of restaked ETH, not a primary property.

While data availability sampling (DAS) is cryptographically sound, its light client security depends on an honest majority of full nodes. The incentive to run a full node is minimal, creating a tragedy of the commons.\n- Incentive Failure: No direct rewards for full nodes providing data to light clients.\n- Risk: A decline in full nodes makes DAS and fraud proofs ineffective.\n- Contrast: Ethereum's DA security is backed by block proposer rewards and consensus-layer slashing.

Bridges like LayerZero, Wormhole, and Axelar rely on external DA. If the source chain's DA fails, the bridge's attestation is meaningless, leading to stolen funds. This creates a dependency cascade.\n- Incentive Failure: Bridge security is only as strong as the weakest DA layer it trusts.\n- Risk: A $100M+ bridge hack triggered by a $1M DA bribe.\n- Example: A malicious Celestia sequencer could fool a LayerZero Oracle.

Relies on a small, permissioned set of signers (e.g., 7-20 entities) with slashing based on legal agreements, not crypto-economics. This creates a single point of failure and regulatory risk, not Byzantine fault tolerance.

• Security Model: Legal threats, not cryptographic guarantees.
• Failure Mode: Collusion or coercion of the committee.
• Example: Early Celestia rollups, Polygon Avail's optional DAC layer.

Systems like Polygon PoS or Arbitrum Nova use a committee of validators to attest to data availability. Security is gated by the chain's own ~$1B stake, not the value of the data, creating a massive economic asymmetry.

• Incentive Flaw: Cost to attack DA <<< value of fraudulent state transition.
• Dependency: Inherits all liveness and consensus risks of the parent chain.
• Throughput Illusion: High TPS achieved by moving security off the Ethereum settlement layer.

Optimistic rollups with off-chain DA (e.g., early Arbitrum Nova) have a 7-day challenge period where data must be available. This creates a prolonged systemic risk window where a single data withholding event can freeze billions in TVL.

• Liveness Assumption: Requires at least one honest, always-online watcher.
• Capital Lockup: User funds are inaccessible during disputes.
• Scalability Trade-off: Throughput gains are directly purchased with increased custodial risk.

EigenDA leverages Ethereum restaking via EigenLayer, pooling security from the same validator set securing multiple AVSs. This creates hyper-correlated failure modes and punishes small stakers disproportionately for DA faults.

• Security Pooling: A single slashing event can cascade across hundreds of protocols.
• Validator Overload: Operators are incentivized to join every AVS, degrading performance.
• Economic Abstraction: Stakers secure $10B+ in restaked ETH but have no direct stake in the correctness of rollup data.

Letting users choose between on-chain and off-chain DA (e.g., zkSync, StarkEx) merely transfers the risk assessment to the application layer. It fragments liquidity and security, creating a two-tier system where cheap transactions are inherently less secure.

• User-Imposed Risk: Shifts burden to non-expert end-users.
• Liquidity Fragmentation: Assets in off-chain DA pools cannot seamlessly interact with on-chain DeFi.
• Market Reality: Cost sensitivity will drive >90% of volume to the risky option.

True data availability requires the data to be published to a robust, decentralized consensus layer (e.g., Ethereum Danksharding, Celestia). Validity proofs (ZK) must verify state transitions against this available data. This aligns incentives: security scales with the chain's own economic weight.

• First-Principle Security: Data availability is a consensus problem, not a storage problem.
• Incentive Alignment: Cost to attack DA >= cost to attack the underlying chain.
• Future State: Ethereum with EIP-4844 blobs and zk-rollups is the canonical blueprint.