ZK Rollups Move Compute, Not Responsibility

ZK validity is useless if input data is unavailable for reconstruction. The L2 must guarantee its own data availability layer or pay for expensive L1 calldata, creating a ~$0.10-$1.00 per transaction floor cost.\n- Security Depends on Data: No data, no state updates, no withdrawals.\n- Cost vs. Sovereignty Trade-off: Relying on Ethereum for DA maximizes security but cedes economic control.

Sovereign chains like Celestia and EigenDA provide modular data availability, slashing costs by ~90%. Separating the prover network (e.g., RiscZero, Succinct) from settlement creates a competitive market for proof generation.\n- Modular Cost Reduction: Decouples security spending from execution fees.\n- Prover Competition: Drives down proof generation latency and cost, enabling ~10-minute finality.

The L1 (e.g., Ethereum) becomes a pure verification and dispute resolution layer. Sovereign L2s like Fuel and Arbitrum Orbit chains post state roots and proofs for optional fraud or validity challenges. This inverts the model: the L2 is primary, the L1 is a security backstop.\n- L1 as Supreme Court: Only intervenes in case of verifiable fraud or invalid proofs.\n- Full Stack Control: L2 governs its own bridge, sequencer, and upgrade keys.

Users must trust a single, centralized sequencer for transaction ordering and inclusion. This creates a single point of censorship and creates a liability vacuum for L1s like Ethereum.

• Censorship Risk: A malicious or compliant sequencer can block transactions.
• L1 Liability: Ethereum inherits the rollup's security but not its liveness, creating a fragmented security model.
• Centralization Pressure: High-performance sequencing is capital-intensive, favoring incumbents like StarkWare and zkSync.

ZK validity proofs are meaningless without guaranteed access to the transaction data. Relying on a centralized Data Availability Committee (DAC) or a costly L1 calldata posting reintroduces the trust assumptions ZK promised to eliminate.

• DAC Trust: Models used by zkSync and StarkEx require trusting a multisig.
• Cost Anchor: ~80% of rollup cost is L1 data posting, limiting scalability.
• Fragmented Security: Solutions like EigenDA and Celestia create new modular trust layers.

Generating ZK proofs requires specialized, expensive hardware (GPUs, ASICs). This creates a high barrier to entry, leading to prover centralization and new attack vectors.

• Oligopoly Risk: Proof generation dominated by a few entities (e.g., Ulvetanna).
• Hardware Trust: Must trust the integrity of proprietary proving stacks.
• Liveness Risk: If major provers fail, the chain halts, violating decentralization promises of Polygon zkEVM or Scroll.

Most ZK-rollups use upgradable contracts controlled by a multisig. This creates a persistent backdoor, making the system's security equal to the multisig's, not the ZK-proof's.

• Security Ceiling: The 4/6 multisig is the weakest link, not the cryptographic proof.
• Governance Illusion: "Decentralization later" is a systemic risk for Arbitrum and Optimism too.
• Time-Lock Theater: Long delay upgrades offer limited protection against determined multisig signers.

ZK-rollups create isolated liquidity silos. Bridging between them via trusted bridges like LayerZero or Wormhole reintroduces the very custodial risk L1 was meant to solve.

• Bridge Risk: ~$2B+ in bridge hacks since 2021.
• Capital Inefficiency: Locked liquidity reduces capital efficiency across Arbitrum, zkSync Era, and Base.
• User Experience: Moving assets requires navigating multiple, risky bridge interfaces.

While L1 verifies a tiny proof, it must still re-execute transactions if fraud is suspected (e.g., during a censorship challenge). This failsafe mechanism can suddenly dump massive computational load onto Ethereum.

• Worst-Case Load: A dispute forces L1 to replay a batch, spiking gas costs.
• Economic Attack: An attacker can force this scenario to destabilize the rollup and L1.
• Complexity Risk: Adds a complex, rarely-tested security fallback path to otherwise "simple" validity proofs.

ZK validity proofs are useless if the input data is unavailable for reconstruction. This creates a critical dependency on the underlying L1's data layer.\n- Ethereum charges ~$0.10-$1.00 per KB for calldata, a primary cost driver.\n- Solutions like EigenDA, Celestia, and Avail compete to reduce this cost by >90%.\n- The security model degrades to a multi-sig if the DA layer is not sufficiently decentralized.

Most ZK rollups (zkSync Era, Starknet, Polygon zkEVM) rely on a single, permissioned sequencer. This creates a massive liveness and censorship vulnerability.\n- Users cannot force transaction inclusion without the sequencer's cooperation.\n- Shared sequencer projects like Espresso Systems and Astria aim to decentralize this role.\n- The endgame is a proof-of-stake validator set for sequencing, mirroring L1 security.

Early ZK rollups use centralized provers, creating a single point of failure and potential for maximal extractable value (MEV). The architectural imperative is a competitive proving market.\n- zkSync's Boojum and Starknet's Stone Prover are steps toward client diversity.\n- Risc Zero and SP1 enable general-purpose ZK-VMs for anyone to build provers.\n- A healthy market reduces costs and aligns with crypto's credibly neutral ethos.

Despite 'verification' being on-chain, the rollup's smart contract logic can be changed by a multi-sig. This places ultimate trust in a handful of entities, not cryptography.\n- Most major rollups have 3-8 of N multi-sigs with timelocks.\n- The path to irrevocable verification requires either a long timelock (e.g., Optimism's 1-year delay) or on-chain governance.\n- This is the final, non-technical bridge to true decentralization.

Every new ZK rollup creates a new liquidity silo. Native bridging is slow and capital-inefficient, forcing reliance on third-party bridges with their own trust assumptions.\n- LayerZero, Axelar, and Wormhole act as connective tissue but introduce new external dependencies.\n- Shared liquidity layers like Chainlink CCIP and intent-based architectures (UniswapX, Across) abstract this away.\n- The winning stack will make liquidity omnipresent, not bridged.

The L1's final role is as the arbiter of last resort. It does not execute, but it verifies proofs and settles disputes. This makes L1 data bandwidth and verification cost the ultimate bottlenecks.\n- EIP-4844 (Proto-Danksharding) is a ~10-100x scalability increase for rollup data.\n- Verkle Trees and SNARKed L1 consensus (e.g., Succinct's SP1) are next.\n- The L1 evolves into a high-security settlement and data availability hub.