Security is not transitive. A rollup's security depends on its own fraud or validity proofs, not the L1's hash power. Ethereum secures the data, not the execution. This is the fundamental flaw in the 'shared security' narrative.
security-post-mortems-hacks-and-exploits
Blog
Why Rollup Security Cannot Be Outsourced to the Base Layer
Ethereum provides data availability and settlement finality, but a rollup's liveness, censorship resistance, and execution integrity are its own sovereign responsibility. This is the fundamental, non-delegable security model.
introduction
THE SECURITY AXIOM
The Dangerous Delegation Fallacy
Rollup security is a sovereign property that cannot be inherited from the underlying L1, creating a critical dependency on centralized sequencers.
Sequencer centralization is the failure mode. Most rollups like Arbitrum and Optimism use a single, centralized sequencer. This creates a single point of censorship and liveness failure, directly contradicting decentralization promises.
The L1 is a passive bulletin board. Protocols like EigenLayer attempt to retrofit security, but they secure the consensus of the DA layer, not the correct execution of the rollup's state transitions.
Evidence: Over 95% of Arbitrum and Optimism transactions are ordered by a single sequencer. The L1 cannot intervene if this sequencer censors or halts, proving security was never truly delegated.
key-insights
WHY L1 SECURITY IS NOT A SILVER BULLET
Executive Summary: The Three Sovereign Pillars
Rollups that outsource core security functions to their base layer trade sovereignty for convenience, creating systemic fragility and capping innovation.
01
The Problem: Shared Sequencer Centralization
Using a base layer's shared sequencer (e.g., Ethereum L1) creates a single point of failure and censorship. The rollup's economic activity is hostage to the base layer's transaction ordering, which is often politically influenced and latency-bound.
- Censorship Risk: Validators can exclude or reorder transactions.
- Performance Ceiling: Throughput is gated by L1 block time (~12s).
- MEV Extraction: Value leaks to the base layer's validator set.
~12s
Latency Floor
1
Chokepoint
02
The Solution: Sovereign Execution & Settlement
A rollup must control its own execution environment and have a cryptoeconomically secure bridge to settle disputes. This is the model pioneered by Celestia-based rollups and EigenLayer AVS operators.
- Uncapped Innovation: New VMs and pre-confirmations are possible.
- Local MEV Capture: Value accrues to the rollup's own validators.
- Fork Choice Autonomy: The rollup community decides canonical chain state, not an external committee.
100%
Sovereignty
0ms
Pre-confirms
03
The Reality: Data Availability is the True Base Layer
Security is not about executing transactions on a "secure" L1; it's about data availability and fraud-proof verifiability. Modular stacks like Celestia, EigenDA, and Avail provide this without imposing execution constraints.
- Scalable Security: DA scales independently of execution (~100 KB/s vs. ~80 KB/s on Ethereum).
- Cost Efficiency: ~$0.10 per MB vs. ~$1000 per MB on Ethereum calldata.
- Verifiable Trust: Light clients can verify data availability with minimal trust assumptions.
1000x
Cheaper DA
~100KB/s
DA Throughput
thesis-statement
THE ARCHITECTURAL IMPERATIVE
The Core Argument: Ethereum is a Court, Not a Police Force
Ethereum's security model is finality and dispute resolution, not transaction execution, which is why rollups must enforce their own rules.
Ethereum's role is arbitration. It provides a cryptographically secure court for settling disputes, not a police force to prevent them. The base layer verifies state transitions, not the validity of every operation.
Rollups are sovereign execution environments. A rollup like Arbitrum or Optimism must enforce its own logic and data availability. Outsourcing this to L1 reintroduces the scalability bottleneck the rollup was built to solve.
The security guarantee is fraud-proof finality. Validators on Ethereum do not execute rollup transactions. They only verify a cryptographic proof (ZK) or challenge a claim (Optimistic) if a dispute is raised.
Evidence: The DA layer is the boundary. The success of EigenDA, Celestia, and Avail proves the market separates execution from data consensus. A rollup using an external DA layer already outsources 'policing' but relies on Ethereum for ultimate settlement.
WHY ROLLUP SECURITY CANNOT BE OUTSOURCED
The Security Responsibility Matrix: L1 vs. L2
A first-principles breakdown of where security guarantees originate in a modular stack, contrasting monolithic L1s, optimistic rollups, and ZK rollups.
| Security Guarantee | Monolithic L1 (e.g., Ethereum, Solana) | Optimistic Rollup (e.g., Arbitrum, Optimism) | ZK Rollup (e.g., zkSync Era, Starknet) |
|---|---|---|---|
State Validity (Correct Execution) | Enforced by full node consensus | Assumed correct; challenged via fraud proofs (7-day window) | Cryptographically proven via validity proofs (SNARKs/STARKs) |
Data Availability | On-chain. Security = L1 consensus. | On L1 via calldata or blobs. Security depends on L1 DA. | On L1 via calldata or blobs. Security depends on L1 DA. |
Liveness / Censorship Resistance | Governed by validator set decentralization | Derived from L1 if forced inclusion is enabled | Derived from L1 if forced inclusion is enabled |
Sequencer Failure Risk | N/A (Block production is consensus) | High. User falls back to L1 in ~1-2 weeks. | High. User falls back to L1 in minutes to hours. |
Upgrade Control / Admin Keys | Immutable or governed by on-chain DAO | Typically held by a multi-sig (e.g., 5/8) for weeks/months | Typically held by a multi-sig (e.g., 4/7) for weeks/months |
Escape Hatch (User Withdrawal) | N/A | Yes, via fraud proof window (~7 days) | Yes, via proof verification (immediate) |
Trusted Setup Requirement | Yes for SNARKs (e.g., Groth16), No for STARKs |
deep-dive
THE EXECUTION LAYER
Anatomy of a Sovereign Failure: Beyond Data Availability
Rollup security is a function of execution, not just data availability, and outsourcing it to the base layer creates systemic risk.
Rollup security is execution security. A rollup's state is defined by its sequencer's execution of transactions. If the base layer (e.g., Ethereum) only verifies data availability via blob transactions, it cannot detect invalid state transitions, creating a silent failure.
Sovereignty requires a verifier. A truly sovereign rollup, like a Celestia rollup, must run its own fraud or validity proof system. Relying on the L1 for execution verification, as Optimism does, makes it a stage-1 rollup that can be forcibly upgraded by the L1.
The failure mode is censorship. The critical risk is not invalid state, but a sequencer halt. If the L1 cannot force execution, users are stuck. This is why EigenLayer's restaking for shared security focuses on active validation, not passive data storage.
Evidence: The Danksharding roadmap explicitly separates data availability from execution. Ethereum's role is to provide cheap, secure blobs, not to act as a universal verifier for all execution environments.
case-study
WHY ROLLUP SECURITY CANNOT BE OUTSOURCED
Case Studies in Sovereign Risk
Examining real-world failures where rollups incorrectly assumed the base layer would handle their security, resulting in catastrophic loss of funds and liveness.
01
The Problem: The L1 Finality Fallacy
Rollups often assume L1 finality (e.g., Ethereum's 12-15 minute checkpoint) protects their state. This is wrong. A malicious sequencer can censor or reorder transactions before they hit L1, creating a ~15-minute window of liveness risk. Users cannot force a transaction without a permissionless escape hatch.
- Key Risk: L1 finality secures data, not execution liveness.
- Real Consequence: A sequencer can extract MEV or freeze withdrawals for the duration of a challenge period.
15min
Attack Window
0
User Recourse
02
The Solution: Sovereign Fraud Proofs & Escape Hatches
Security must be enforced by the rollup's own protocol, not delegated. This requires a permissionless fraud proof system (Optimistic) or a ZK verifier contract (ZK-Rollup) on L1. Crucially, users need a direct, trust-minimized escape hatch (like Arbitrum's forceInclusion) to bypass a malicious sequencer.
- Key Benefit: Users can unilaterally exit or challenge invalid state.
- Architecture: Security = Data Availability + Verifiable Execution + Permissionless Force.
7 Days
Standard Challenge
1 of N
Honest Actor Needed
03
Case Study: The Shared Sequencer Trap
Projects using shared sequencers (e.g., based on Espresso, Astria) trade sovereignty for cross-rollup composability. This centralizes liveness risk: if the shared sequencer fails or is malicious, dozens of rollups fail simultaneously. The base layer cannot save you from this systemic risk.
- Key Risk: Correlated failure mode across an ecosystem.
- Mitigation: Requires a robust, decentralized sequencer set with slashing, not just a single service.
1
Single Point of Failure
N Chains
Correlated Risk
04
The Problem: Data Availability is Not Enough
Posting transaction data to a secure DA layer (e.g., Ethereum, Celestia) only solves data withholding attacks. It does nothing to prevent an invalid state transition. A rollup must have its own mechanism to prove state correctness. Relying solely on the base layer for DA creates a false sense of security.
- Key Risk: Valid DA + Faulty Prover = Permanently Corrupted State.
- Example: A buggy sequencer can post valid data but compute an invalid outcome.
100% DA
Data Secure
0%
State Security
05
The Solution: Enshrined ZK Verification
The strongest model: a rollup's core verification rule (e.g., a ZK validity proof) is enshrined in the base layer's consensus. Ethereum's roadmap with EIP-4844 and eventual verkle trees moves in this direction. The L1 becomes a universal verification hub, but each rollup retains sovereignty over its state transition function.
- Key Benefit: Base layer enforces correctness, not just data.
- Trade-off: Requires rigorous, audited circuit logic; upgrades are harder.
~10ms
Proof Verify Time
L1 Native
Security Guarantee
06
Case Study: Alt-L1 "Rollup" Security Models
Many alt-L1s market "sovereign rollups" but outsource security to a smaller, less decentralized base chain (e.g., a Cosmos app-chain). This compounds risk: you inherit the base chain's lesser security and the rollup's liveness risks. The failure of a $1B Cosmos chain would cascade to all rollups atop it, unlike Ethereum's >$500B security budget.
- Key Risk: Weak base layer security multiplies rollup vulnerability.
- Metric: Compare economic security (stake) and decentralization (validator count).
10-100x
Less Economic Security
Cascade
Failure Mode
counter-argument
THE L2 ESCAPE HATCH FALLACY
Steelman: "But Withdrawals Guarantee Safety!"
The withdrawal mechanism is a safety net of last resort, not a substitute for a rollup's own operational security and data availability.
Withdrawals are a last-resort safety valve, not a primary security guarantee. They activate only after a proven failure, forcing users into a costly, slow, and complex exit process that breaks application composability.
The security guarantee is asynchronous and probabilistic. A malicious sequencer can censor or reorder transactions for days or weeks before a fraud proof is submitted and a withdrawal is forced, creating a window for systemic risk.
This outsources liveness to a social layer. Successful mass withdrawals require coordinated user action, functional bridges like Across or Stargate, and reliance on the Ethereum social consensus to correctly adjudicate disputes, which is not guaranteed.
Evidence: During the Optimism Bedrock upgrade, a 7-day withdrawal delay was enforced. This demonstrates that withdrawal latency is a configurable risk, not a fixed property, and can be manipulated by rollup operators.
FREQUENTLY ASKED QUESTIONS
FAQ: The Builder's Practical Guide
Common questions about why rollup security cannot be outsourced to the base layer.
The biggest risk is liveness failure, where a centralized sequencer can censor or halt transactions. This creates a single point of failure, making the rollup's availability dependent on a trusted entity rather than the base layer's decentralized security.
takeaways
ROLLUP SECURITY
TL;DR: The Non-Outsourceable Checklist
Base layer security is a foundation, not a complete safety net. These are the critical functions a rollup must own.
01
The Sequencer is a Single Point of Failure
L1 finality doesn't prevent a malicious or offline sequencer from censoring or reordering your transactions. This is a liveness failure the base chain cannot solve.
- Key Risk: Transaction censorship and MEV extraction.
- Solution Path: Decentralized sequencer sets (Espresso, Astria) or based sequencing with forced inclusion.
~12s
Block Time Risk
100%
L1 Can't Fix
02
Data Availability is a Binary Choice
Using the L1 for data (e.g., Ethereum calldata) provides strong security but high cost. Opting for an external DA layer (Celestia, EigenDA, Avail) trades off sovereign security for scalability.
- Key Trade-off: $0.01 vs $1.00 per transaction in DA cost.
- Non-Outsourceable Duty: The rollup must enforce the DA rule set; users must verify data is published.
100-1000x
Cost Differential
7 Days
Fraud Proof Window
03
The Upgrade Key is Ultimate Control
A rollup with a centralized upgrade multisig can be rug-pulled or forced to adopt changes against user will, regardless of L1 security. This is a social and governance failure.
- Key Risk: $10B+ TVL controlled by 5/9 multisigs.
- Solution Path: Timelocks, security councils, and ultimately, immutable "Stage 2" rollups.
24H-10D
Timelock Min
1
Keyholder Failure
04
Prover Centralization Breaks All Guarantees
Even with data on Ethereum, if only one entity runs the prover (e.g., for a ZK-Rollup), they can stop producing proofs or produce invalid ones. L1 validity checks are meaningless without an honest prover.
- Key Risk: Network halt and inability to withdraw.
- Solution Path: Multiple provers, proof markets, and permissionless proving (e.g., RiscZero).
1
Active Prover
0 TPS
If Offline
05
Bridge Security is Your Security
The canonical bridge holding user funds is a smart contract on L1. Its security is defined by the rollup's fraud/validity proof system and upgrade keys, not by L1 itself. Exploits here are catastrophic (see Wormhole, Nomad).
- Key Entity: This is the $B vault.
- Non-Outsourceable Duty: Rigorous bridge contract audits and minimized trust assumptions.
$100M+
Typical Bridge TVL
1 Bug
To Drain It
06
Fast Finality vs. Soft Confirmation
Users and dApps on the rollup need fast, firm assurances. L1 finality can take ~12 minutes (Ethereum). Rollups must provide their own fast finality layer for intra-rollup transactions, which L1 cannot offer.
- Key Metric: ~2s vs ~12min latency.
- Solution Path: Optimistic instant confirmation with fraud-proof-backed reversibility, or ZK-proof finality.
2s
Rollup Finality
12min
L1 Finality
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall