Shared security exports MEV. Rollups inherit L1's finality and censorship resistance, but their transaction ordering is a black box. This creates a MEV risk subsidy where L1 validators bear the systemic risk of malicious sequencing without capturing the value.
the-appchain-thesis-cosmos-and-polkadot
Blog
Why Shared Security Models Export MEV Risk
Polkadot's shared security and Cosmos Interchain Security promise cheaper appchain security. In reality, they centralize MEV extraction power, creating systemic risk and cross-chain validator cartels. This is the slippery slope of outsourced validation.
introduction
THE MEV EXTERNALITY
The Security Subsidy's Hidden Cost
Shared security models like optimistic and ZK rollups inadvertently export their MEV risk to the underlying settlement layer.
Sequencers are centralized MEV extractors. The dominant rollup model grants a single sequencer the right to order transactions. This creates a centralized MEV faucet, as seen with Arbitrum and Optimism's early sequencers, which internalizes profits while externalizing the L1 reorg risk of its actions.
The L1 bears the tail risk. If a rollup sequencer exploits a cross-domain MEV opportunity—like a flash loan attack bridging via Hop or Across—the resulting failed L1 settlement transactions and chain reorg pressure are absorbed by Ethereum validators, not the rollup.
Evidence: Over 90% of rollup blockspace is ordered by a single entity. This centralization creates a systemic risk vector where a compromised or malicious sequencer can force L1 into a state of transaction spam or attempted reorgs, degrading network performance for all.
key-insights
WHY SHARED SECURITY EXPORTS MEV RISK
Executive Summary: The Core Contradiction
Shared security models like restaking and interchain security solve capital efficiency but create a systemic risk vector by exporting MEV.
01
The MEV Recycling Pump
Shared security pools like EigenLayer and Babylon treat validator capital as a fungible commodity. This creates a cross-chain arbitrage surface where a single validator's misbehavior can extract value from multiple chains simultaneously.\n- Risk Export: MEV attacks are no longer siloed; a profitable attack on a small consumer chain can be funded by slashing a stake secured across dozens of chains.\n- Correlated Slashing: An exploit on one chain can trigger a mass slashing event, draining the shared security pool and cascading failure.
$18B+
TVL at Risk
50+
AVS Exposure
02
The Oracle Manipulation Gateway
Consumer chains rely on shared sequencers (e.g., Espresso, Astria) or oracles (e.g., EigenDA, Omni) secured by the same validator set. This creates a single point of failure for cross-domain MEV.\n- Data Delay Attacks: A malicious validator can delay finality on a data availability layer to front-run trades on a connected rollup.\n- Sovereignty Illusion: Chains trade independent security for capital efficiency, inheriting the MEV attack profile of the entire shared security ecosystem.
~2s
Attack Latency
10x
Profit Multiplier
03
The Interchain Scheduler Dilemma
Projects like Skip Protocol and Astria aim to capture and redistribute cross-chain MEV. When integrated with a shared security layer, they create a meta-sequencer that centralizes transaction ordering power.\n- Centralization Pressure: The most profitable validators in the shared pool become de facto rulers of cross-chain flow.\n- Regulatory Attack Vector: Concentrated control over multi-chain transaction ordering presents a clear target for external intervention, undermining crypto's censorship-resistant ethos.
>60%
Stake Concentration
All Chains
Single Point of Control
thesis-statement
THE ARCHITECTURAL IMPERATIVE
Central Thesis: MEV Consolidation is Inevitable
Shared security models inherently centralize MEV extraction, creating systemic risk for dependent chains.
Shared sequencers export risk. Chains like Arbitrum and Optimism using a shared sequencer (e.g., Espresso, Astria) do not eliminate MEV; they outsource its management. This creates a single point of failure where MEV extraction is concentrated in the sequencer's mempool, making censorship and value capture trivial for the controlling entity.
Economic gravity favors consolidation. The capital efficiency of centralized MEV extraction via a shared sequencer is superior to fragmented, chain-specific searcher markets. This mirrors the consolidation seen in L1s, where block builders like Flashbots dominate, and will repeat across the L2 landscape.
Intent-based architectures accelerate this. Protocols like UniswapX and Across abstract execution to specialized solvers, who must interact with the dominant sequencer for finality. This solver-sequencer nexus becomes the unavoidable choke point, further entrenching the consolidator's power.
Evidence: The proposed shared sequencer for Arbitrum, Optimism, and other L2s would instantly control ordering for a majority of Ethereum's rollup transaction volume, creating the largest MEV marketplace in crypto by forced aggregation.
SHARED SECURITY MODELS
MEV Power Concentration: Polkadot vs. Cosmos ICS
Compares how the shared security architectures of Polkadot and Cosmos IBC/ICS concentrate or distribute the power to extract MEV, a key systemic risk.
| MEV Governance & Power Metric | Polkadot (Parachains) | Cosmos (IBC/ICS) | Ethereum L1 (Baseline) |
|---|---|---|---|
Security Provider | Polkadot Relay Chain Validators | Consumer Chain Validators (Sovereign) | Ethereum Validators |
Validator Set Control | Unified set (~1,000) for all parachains | Sovereign sets per chain (varies) | Unified set (~1M) |
MEV Extraction Point | Centralized at Relay Chain block production | Distributed across each consumer chain | Centralized at L1 block production |
Cross-Chain MEV Arbitrage | Native within shared state (e.g., XCMP) | Via IBC packets (asynchronous, trust-minimized) | Via bridges (varying trust assumptions) |
Validator Cartel Formation Risk for MEV | High (control over all parachain blocks) | Low (fragmented per-chain sovereignty) | Medium (large, decentralized set) |
Protocol-Level MEV Mitigation | Yes (e.g., BABE/GRANDPA, staking slashing) | Chain-dependent (e.g., Skip Protocol, Mekatek) | Yes (e.g., PBS, MEV-Boost, CowSwap) |
Top 3 Validators' Share of Stake | ~30% (concentrated in top nominees) | Varies per chain (e.g., Osmosis ~25%) | ~20% (Lido, Coinbase, etc.) |
MEV Revenue Redistribution | To Relay Chain treasury & nominators | To consumer chain validators/stakers | To proposers, builders, stakers via PBS |
deep-dive
THE RISK EXPORT
The Mechanics of Cross-Chain MEV Cartels
Shared security models for cross-chain communication create systemic risk by enabling MEV cartels to operate across ecosystems.
Shared sequencers export risk. A single sequencer serving multiple rollups, like Astria or Espresso, creates a unified MEV extraction surface. This allows a cartel to front-run and sandwich trades across chains, turning a local L2 exploit into a multi-chain event.
Validators become cross-chain arbitrageurs. In proof-of-stake bridges like Cosmos IBC or Polkadot XCM, the same validator set secures multiple chains. This validator cartel internalizes cross-chain arbitrage, extracting value that should accrue to users or dApps like Osmosis or Moonbeam.
Intent-based systems centralize power. Solvers for protocols like UniswapX or Across must now compete across chains. The solver with the best cross-chain liquidity and messaging access, often via LayerZero or CCIP, becomes a mandatory gateway, replicating CEX order flow problems.
Evidence: The Wormhole attack demonstrated that a single bridge vulnerability drained $325M across Solana, Ethereum, and Terra. A cross-chain MEV cartel exploits the same trust model but for value extraction, not theft.
case-study
SHARED SECURITY MEV EXPORT
Case Studies: The Risk in Practice
Shared security models like restaking and interchain security don't eliminate MEV; they transform and export it to new, often less visible, attack surfaces.
01
The EigenLayer Reorg: Latency as a Weapon
EigenLayer's design exports MEV risk from L1 to its network of operators. A malicious operator can exploit sub-second latency advantages to propose alternative blocks, forcing honest operators into costly reorgs or censorship. This creates systemic risk for $18B+ in restaked assets dependent on operator integrity.
- Risk Vector: Latency-based consensus attacks
- Exported To: Operator selection and attestation layer
- Real Consequence: Protocol slashing and chain instability
~500ms
Attack Window
$18B+
TVL at Risk
02
Cosmos Hub: The Cross-Chain MEV Siphon
The Cosmos Hub's Interchain Security (ICS) allows consumer chains to lease its validator set's security. This creates a cross-chain MEV pipeline where validators can front-run or sandwich transactions across multiple sovereign chains simultaneously. The hub's security is compromised if validators are economically incentivized to attack a consumer chain for profit.
- Risk Vector: Cross-chain transaction reordering
- Exported To: All ICS consumer chains (e.g., Neutron)
- Real Consequence: Dilution of hub security for marginal chain profit
50+
Chains Exposed
1->Many
Attack Scaling
03
The Bridge Dilemma: Shared Sequencers & Extractable Value
Shared sequencer networks (like Astria, Espresso) for rollups promise decentralization but create a new MEV cartel. A sequencer controlling order flow across multiple rollups can perform cross-rollup arbitrage and extract value that should belong to individual L2 users. This turns a layer-2 scaling solution into an MEV export vehicle.
- Risk Vector: Cross-rollup arbitrage & censorship
- Exported To: All connected rollup states
- Real Consequence: Centralized value extraction masquerading as shared security
Multi-Rollup
Order Flow
Cartel Risk
New Centralization
counter-argument
THE MITIGATION FALLACY
Counterpoint: Can't We Just Mitigate This?
Existing MEV mitigations fail to contain risk within shared security systems, merely exporting it to the weakest link.
Mitigations export, not eliminate, risk. Sequencer-level solutions like private mempools (e.g., Flashbots Protect) or pre-confirmation services (e.g., EigenLayer's EigenDA) only hide MEV from the local chain. This concentrates risk at the final settlement layer, where cross-domain arbitrage bots execute the same value extraction on a larger, more liquid stage.
Shared security is a risk aggregator. Protocols like Celestia or EigenLayer's restaking pool validator security. This creates a single point of failure for MEV attacks; a sophisticated actor compromising one validator set can potentially attack all connected rollups or AVSs, turning a local exploit into a systemic event.
Cross-chain MEV is the real threat. The primary risk vector is not internal chain MEV but inter-domain arbitrage between L2s and L1. Bridges like Across and Stargate are natural targets. Mitigations on one chain simply push the profitable opportunity to the unmitigated bridge or destination chain, creating a risk asymmetry that attackers exploit.
Evidence: The Ethereum PBS (Proposer-Builder Separation) framework demonstrates this. While it democratizes block building on L1, it centralizes MEV extraction power in a few professional builder entities. Applying this model to L2s via shared sequencing (e.g., Espresso Systems) does not reduce the total extracted value; it centralizes its capture and links the economic security of multiple chains to the integrity of a single builder marketplace.
FREQUENTLY ASKED QUESTIONS
FAQ: For Architects & Builders
Common questions about relying on shared security models and their relationship to MEV risk.
Shared security exports MEV risk by concentrating it in the validating layer, like a rollup's sequencer or an L1. The security provider (e.g., Ethereum via restaking) guarantees state correctness, but the economic ordering of transactions creates extractable value. This risk is offloaded to the application layer, where builders must design systems like MEV auctions or fair ordering to manage it.
takeaways
SHARED SECURITY RISK EXPORT
Architectural Takeaways
Shared security models like restaking and interchain security don't eliminate MEV; they centralize and export its systemic risk to the underlying consensus layer.
01
The EigenLayer Rehypothecation Trap
Restaking re-uses the same ETH stake to secure dozens of Actively Validated Services (AVSs), creating a web of correlated slashing conditions. A single AVS exploit can cascade into a mass-slashing event on Ethereum, turning a sidechain's MEV crisis into a mainnet liquidity crisis.\n- Risk Correlation: AVS failure triggers L1 stake loss.\n- Capital Efficiency: Creates $15B+ in systemic leverage from a single collateral base.
$15B+
TVL at Risk
50+
AVS Correlations
02
Cosmos Interchain Security: The Replica Attack Vector
Consumer chains lease security from the Cosmos Hub's validator set, inheriting its economic weight but also its governance and operational flaws. A malicious proposer on the Hub can perform cross-chain MEV extraction across all consumer chains simultaneously, exploiting identical validator ordering. The security is shared, but so is the attack surface.\n- Amplified Impact: One bad actor can attack multiple chains.\n- Governance Capture: Hub validator cartel controls all consumer chain blockspace.
1→N
Attack Scaling
~2s
Finality Window
03
Solution: Isolated Execution with Sovereign Settlement
The antidote is architectural separation: execute transactions in isolated environments (rollups, appchains) but settle proofs on a robust, MEV-aware base layer like Ethereum. Layers like Celestia provide data availability without imposing execution risks. This contains chain-specific MEV explosions and prevents risk contagion.\n- Risk Containment: Appchain MEV stays on the appchain.\n- Base Layer Focus: L1 consensus optimizes for censorship resistance, not app logic.
0
Risk Transfer
100%
Sovereignty
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall