Security Budget

The security budget quantifies the economic cost required to reverse a finalized transaction. It is the primary deterrent against long-range attacks and reorgs. A higher security budget means an attacker must spend more capital to attack the network, making it economically irrational.

• Example: On Bitcoin, the security budget is the cost of acquiring 51% of the network's hashrate.
• Key Metric: Often measured as a multiple of the potential reward from a successful attack (e.g., a 10x cost-to-reward ratio).

The distribution of the validating resource (e.g., stake or hashrate) directly impacts security. A highly concentrated resource makes the security budget easier to acquire for an attacker.

• Proof-of-Work: Measured by the cost of controlling >50% of the global hashrate.
• Proof-of-Stake: Measured by the cost of acquiring >33% or >51% of the total staked value.
• Risk: Centralization in mining pools or staking services can lower the effective security budget.

This breaks down the actual expenses an attacker faces. The security budget is not just the market price of the resource but the total cost to acquire and deploy it.

• Acquisition Cost: The capital needed to buy ASICs, stake, or rent hashrate.
• Sunk Cost: Expenses that cannot be recovered (e.g., specialized hardware that loses value post-attack).
• Ongoing Cost: For PoW, the continuous expenditure on electricity and maintenance during the attack.

The security budget is not static; the required cost changes with the attack duration. A longer attack requires sustaining the resource control for more time, increasing the total cost.

• Short-Range Attack: Attempting a reorg of recent blocks (e.g., 6 blocks). Lower cost, higher probability.
• Long-Range Attack: Attempting to rewrite distant history. May require controlling resources for days or weeks, dramatically increasing the budget.
• Defense: Checkpointing and weak subjectivity in PoS are designed to make long-range attacks prohibitively expensive.

The security budget must be analyzed relative to the Total Value Secured (TVS)—the economic value dependent on the chain's correctness (e.g., assets in bridges, DeFi TVL).

• Security Ratio: Security Budget / TVS. A higher ratio indicates stronger economic security.
• Critical Risk: If the TVS grows faster than the security budget, the chain becomes a more attractive target (lower cost-to-reward ratio).
• Example: A chain with a $10B TVS but a $1B security budget has a 10% security ratio.

In robust protocols, the security budget is not fixed but adjusts via built-in economic mechanisms to maintain security levels.

• Proof-of-Work: Difficulty adjustment alters the hashrate required to find a block, indirectly affecting acquisition cost.
• Proof-of-Stake: The total staked value can increase with higher rewards, raising the budget. Slashing penalizes malicious validators, increasing the attacker's sunk cost.
• Goal: These mechanisms aim to keep the cost of an attack high relative to the chain's economic activity.

The most direct source of a security budget. In Proof-of-Stake (PoS) networks, validators lock up tokens as a bond. Malicious actions (e.g., double-signing, downtime) trigger slashing, where a portion of this stake is burned or redistributed. This acts as a direct economic disincentive.

• Example: Ethereum validators risk having their 32 ETH stake slashed for consensus violations.
• The size of this budget scales with the total value staked in the network.

Many DAOs and L1/L2 networks maintain a protocol treasury—a pool of native tokens and other assets (e.g., stablecoins, ETH) held in a multisig or governed by token holders. This treasury can be deployed to fund security audits, bug bounties, or, in extreme cases, to socially coordinate reimbursements for users after a hack, acting as an insurance backstop.

• Example: Optimism's Retroactive Public Goods Funding (RPGF) can allocate tokens to projects that enhance ecosystem security.

In rollups and other L2s, the sequencer earns fees from users. A portion of this ongoing revenue stream can be designated as a security budget. This can fund things like:

• Verification and fraud proof submission incentives.
• Insurance pools to cover user losses in case of sequencer failure or malicious state transitions.
• This creates a sustainable, fee-based model for security rather than relying solely on upfront staking.

Some networks use protocol-inflation or a portion of block rewards to fund security initiatives. Newly minted tokens can be directed to:

• A security treasury or grant program for audits and tooling.
• Staking rewards, which indirectly increase the security budget by incentivizing more capital to be staked, thus increasing the total slashable amount. This method dilutes existing holders but provides a continuous, built-in funding mechanism.

For cross-chain bridges and wrapped asset systems, the security budget is often the value held in custody (minting/burning) or over-collateralization in a vault.

• Custodial: The bridge operator's reserves act as the budget (centralized risk).
• Over-collateralized (e.g., MakerDAO): Assets backing stablecoins are locked at a ratio > 1:1; the excess acts as a buffer.
• Bonded Validators: Bridge validators/stakers post bonds that can be slashed for malicious minting.

The most common allocation method, where a portion of the protocol's block rewards or transaction fees is automatically diverted to fund security providers. This creates a sustainable, protocol-native revenue stream for validators or miners who participate in defense mechanisms.

• Example: A blockchain might allocate 0.5% of its annual inflation to a security budget pool.
• Purpose: Ensures continuous funding without requiring manual treasury governance for each payment.

Protocol DAOs or foundations manage security budgets through governance, approving grants or ongoing payments to entities providing security services. This is common for newer networks or those without built-in inflation mechanisms.

• Process: Security providers submit proposals detailing their services (e.g., monitoring, attestation).
• Governance: Token holders vote to approve funding from the community treasury.

The core operational use: paying validators or specialized oracles to perform continuous consensus attestations. These entities cryptographically sign the canonical chain state at regular intervals, creating a persistent record that makes malicious reorgs economically prohibitive.

• Service: Validators run light clients or full nodes to monitor chain health.
• Output: They produce signed checkpoints or fraud proofs.

Specifically allocates funds to deter or mitigate double-spend attacks. By financially incentivizing honest validators to lock in blocks, the budget increases the cost for an attacker to attempt a reorganization, as they must outspend the entire security budget to bribe validators.

• Mechanism: Makes attacking more expensive than the potential profit from a double-spend.
• Result: Transforms a cryptographic security problem into an economic one.

Used to fund the operation of finality gadgets like Ethereum's Casper FFG or single-slot finality mechanisms. These protocols require validators to perform additional duties beyond block production to achieve faster or stronger finality guarantees.

• Use Case: Pays for the extra computational/staking resources needed for finality votes.
• Goal: Reduces time to finality from minutes to seconds or less.

A portion of the budget can act as a protocol-owned insurance fund to cover user losses in the event of a successful attack that bypasses other defenses. Alternatively, it can subsidize slashing insurance for validators participating in security schemes, mitigating their risk.

• Function: Provides a backstop, increasing user and validator confidence.
• Model: Similar to a captive insurance pool in traditional finance.

A blockchain's security budget is the total cost required to execute a 51% attack, calculated as the product of the network's hash rate and the cost of acquiring that computational power. It represents the economic barrier to rewriting transaction history or performing double-spends. The primary source of this budget is the block reward, which incentivizes honest miners to secure the network rather than attack it.

The hash rate is the total computational power dedicated to mining on a network. To launch a 51% attack, an attacker must control more than half of this rate. The attack cost is derived from:

• Acquisition Cost: Purchasing or renting sufficient ASIC miners.
• Operational Cost: The electricity expenditure to run the hardware for the attack's duration.
• Opportunity Cost: Forfeiting legitimate block rewards by acting maliciously.

The block reward is the newly minted cryptocurrency given to miners for securing the network. It is the primary component of the security budget. Halving events, which periodically reduce this reward, directly decrease the security budget unless compensated by a rise in the cryptocurrency's price. This creates a long-term security model reliant on transaction fee revenue as block subsidies diminish.

A declining security budget increases vulnerability. Key risks include:

• Profit-Driven Attacks: If the cost to attack falls below the potential profit from a double-spend, the network becomes a target.
• Hash Rate Migration: Miners may switch to more profitable chains, causing sudden hash rate drops and reducing attack costs.
• Fee Market Reliance: Post-subsidy, security depends entirely on volatile transaction fees, which may be insufficient during low-usage periods.

In Proof-of-Stake (PoS), the security budget is defined by the total value of assets staked (locked) as collateral. An attacker must acquire and risk a majority of the staked supply, making an attack financially prohibitive through slashing penalties. This contrasts with PoW's ongoing operational cost (electricity), shifting the security model from capital expenditure (CapEx) to capital at risk.

Understanding the security budget helps analyze historical attacks:

• Rentable Hash Power: Attackers can rent hash power from services like NiceHash to temporarily control a network, as seen in attacks on Ethereum Classic and Bitcoin Gold.
• 51% Attack: Allows block reorganization and double-spending.
• Selfish Mining: A miner with significant hash power can withhold blocks to gain a disproportionate reward, undermining network fairness.