A custody game is a security mechanism implemented via a smart contract that protects user assets by enforcing a mandatory delay and a multi-party approval process for any withdrawal attempt. This design, often associated with Ethereum rollups and cross-chain bridges, forces a "challenge period" where any suspicious transaction can be flagged and contested by a decentralized set of validators or guardians. The core principle is to shift the security assumption from instantaneous, trust-based finality to a verifiable, time-based dispute resolution system.
LABS
Glossary
Custody Game
A custody game is a cryptographic challenge-response mechanism where verifiers probabilistically check that a prover is storing the data they have committed to publishing.
Chainscore © 2026
definition
BLOCKCHAIN SECURITY
What is a Custody Game?
A custody game is a cryptographic security model where a user's assets are protected by a smart contract that requires a time-locked, multi-signature process for withdrawal, creating a strong defense against theft.
The process typically involves two key phases: an initiation phase, where a withdrawal request is proposed and enters a waiting period (e.g., 7 days), and a challenge phase, where network participants can submit cryptographic fraud proofs if they detect malicious activity. If a valid challenge is presented, the withdrawal is frozen and the funds remain secure. This model is a direct application of optimistic cryptography, which assumes transactions are valid by default but provides a window for the network to prove otherwise.
Prominent implementations include the security models for Optimism and Arbitrum rollups, where withdrawals to Ethereum's Layer 1 are secured by a custody game. Its primary advantage is dramatically reducing the trust surface; users need only trust that at least one honest participant is monitoring the network during the challenge window. This makes it superior to simple multi-signature wallets, which require trust in a fixed set of key holders at the exact moment of transaction signing.
However, custody games introduce a significant trade-off: withdrawal latency. Users must wait for the entire challenge period to elapse before accessing their funds, which is unsuitable for time-sensitive transactions. Furthermore, the security guarantee depends on the liveness and vigilance of the watchers. If no honest party is actively monitoring or capable of submitting a fraud proof during the delay, a malicious withdrawal could succeed.
The custody game represents a foundational pattern in decentralized system design, balancing security and decentralization with user experience constraints. It is a critical component in the security stack for bridges, sidechains, and Layer 2 solutions, providing a robust, cryptoeconomic deterrent against large-scale theft that would be economically unfeasible to challenge in a purely proof-of-work or proof-of-stake system.
how-it-works
MECHANISM
How a Custody Game Works
A custody game is a cryptographic protocol that enables a user to prove they have securely stored a secret, such as a private key, without revealing the secret itself, by responding to periodic challenges from a verifier.
At its core, a custody game is a challenge-response protocol designed to provide continuous, verifiable proof of secure key storage. A prover (e.g., a custodian or wallet user) commits to a secret, often by generating a cryptographic commitment. A verifier (e.g., a smart contract or monitoring service) then issues unpredictable challenges at regular intervals. The prover must generate a valid response to each challenge using the secret, proving they still possess it. Failure to respond correctly within a set timeframe results in a slashing penalty, where a staked bond is forfeited. This mechanism transforms passive key storage into an active, provable duty.
The protocol's security relies on the infeasibility of precomputing responses. A common implementation uses a verifiable delay function (VDF) or a sequential computation that requires the secret as input. The challenge dictates a specific computation path, making it impossible to generate a valid response without the secret in the allotted time. This prevents lazy validation attacks where a prover could outsource the secret or lose it but attempt to fake possession. The game's parameters—challenge frequency, response window, and penalty size—are critical to its economic security and are typically encoded in a smart contract that automates the entire process.
A primary use case is in restaking and actively validated services (AVS), where operators must prove secure management of validation keys. For example, an EigenLayer operator might run a custody game to demonstrate they have not exported their Ethereum validator signing key to an insecure cloud server. The game provides cryptographic assurance to delegators that the operator's setup meets a defined security standard. This creates a cryptoeconomic security layer, as the financial penalty for non-compliance (slashing) disincentivizes negligence or malicious key sharing, enhancing the overall trustlessness of the delegated service.
Implementing a custody game involves several technical components: a commitment scheme (like a hash of the public key), a random beacon (e.g., a blockchain's block hash) for generating unbiased challenges, and a verification algorithm executable on-chain. The prover typically runs a lightweight client that monitors for new challenges, computes the response locally with the secret, and submits a proof of correct computation. The on-chain verifier checks this proof's validity and the submission timestamp. This design minimizes on-chain computation and gas costs while maximizing the security guarantees derived from the underlying blockchain's consensus.
While powerful, custody games have limitations. They prove possession at discrete points in time, not continuous custody, creating windows of risk. The security model also assumes the prover's response-generating machine is not compromised, as malware could steal and use the secret to answer challenges. Furthermore, the economic penalties must be carefully calibrated to outweigh potential gains from cheating. Despite these considerations, custody games represent a significant innovation in decentralized trust, providing a programmable, automated way to audit and enforce cryptographic custody standards without relying on traditional, fallible legal or institutional audits.
key-features
MECHANICAL CORE
Key Features of Custody Games
Custody Games are a novel DeFi primitive that enforce financial commitments by locking collateral in a competitive, time-bound structure. This section details their core operational components.
01
Time-Locked Collateral
The foundational mechanism where participants deposit and lock cryptographic assets (e.g., ETH, stablecoins) into a smart contract for a predetermined commitment period. This creates a sunk cost that incentivizes adherence to the game's rules. The locked value is the 'stake' in the game and is only released according to the contract's outcome logic.
02
Forfeit & Redistribution
Defines the penalty for early withdrawal or rule violation. A forfeit penalty (a percentage of the locked collateral) is automatically slashed from a participant's stake. This forfeited value is not burned; it is redistributed to the remaining, compliant participants, directly aligning incentives with the game's duration and objectives.
03
Progressive Unlocking
A release schedule that mitigates post-game sell pressure and coordinates exits. Instead of a single bulk unlock, collateral is released in tranches over time (e.g., 25% per week). This prevents market disruption and allows for orderly capital recycling, a feature critical for games involving large total value locked (TVL).
04
Smart Contract Enforcement
All rules—deposit amounts, lock-up duration, forfeit conditions, and payout logic—are codified in immutable, autonomous smart contracts (typically on Ethereum L1 or L2s). This eliminates reliance on trusted intermediaries, ensuring tamper-proof execution and verifiable fairness. The code is the sole arbiter.
05
Competitive & Cooperative Dynamics
Games structure interactions between participants. In competitive models (e.g., prediction markets), players vie for a shared prize pool. In cooperative models (e.g., savings challenges), success is collective, with penalties funding rewards for those who complete the term. The design dictates the incentive alignment.
06
Protocol Composability
Custody Game contracts are designed as DeFi Lego bricks. Locked collateral can often be restaked or used as collateral within other protocols (e.g., lending markets, liquidity pools) to generate additional yield, a concept known as "DeFi nesting." This maximizes capital efficiency for participants.
etymology
TERM ORIGIN
Etymology and Origin
The term 'Custody Game' is a concept from blockchain protocol design, specifically within the context of decentralized staking and validator security.
The Custody Game is a cryptoeconomic security mechanism, first formally described in the Ethereum 2.0 (now Ethereum consensus layer) research and specifications, designed to penalize validators who act maliciously by signing two conflicting blocks or attestations—a fault known as a slashable offense. The 'game' refers to a challenge-response protocol where any network participant can submit cryptographic proof of a validator's misbehavior to the chain, initiating a slashing penalty and earning a reward. This mechanism externalizes the cost of surveillance and enforcement, making the network's security a collaborative effort rather than a centralized function.
The term's etymology combines 'custody', implying the safekeeping of the network's consensus rules and the staked assets (ETH) held as collateral, with 'game', reflecting its structure as a strategic interaction with defined players, moves, and payoffs—a concept from game theory. In this game-theoretic model, the validator is incentivized to be honest, while whistleblowers (other validators or users) are incentivized to monitor and report. The protocol's design makes malicious coordination economically irrational, as any conspirator could betray the others to claim the slashing reward, a principle akin to the Prisoner's Dilemma.
The Custody Game's intellectual origins are deeply rooted in earlier blockchain security research, particularly the concept of Proof of Custody introduced to ensure data availability in scalable blockchain designs. Vitalik Buterin and other Ethereum researchers adapted and formalized these ideas to address long-range attacks and validator equivocation in a proof-of-stake context. Its implementation is a cornerstone of Ethereum's shift from Proof-of-Work (PoW) to Proof-of-Stake (PoS), moving security from computational work to economic stakes enforced by cryptographic games.
examples
IMPLEMENTATIONS
Protocols Using Custody Games
Custody games are a cryptographic security mechanism used by several major blockchain protocols to secure off-chain data or assets. This section details the primary implementations and their specific applications.
06
Core Mechanism: Slashing Conditions
The enforceability of all custody games hinges on precisely defined slashing conditions programmed into a smart contract or protocol. These are the unambiguous rules that, if violated, trigger the loss of staked capital.
Common conditions include:
- Data withholding: Failing to provide committed data.
- Equivocation: Signing conflicting messages or blocks.
- Liveliness failure: Going offline during a required duty period.
- Verifiable fraud: Submitting an invalid state transition proof.
security-considerations
CUSTODY GAME
Security Considerations and Attack Vectors
The Custody Game is a core security mechanism in optimistic rollups, defining the process for challenging invalid state transitions. This section details its components and associated risks.
01
Core Mechanism & Purpose
The Custody Game is a challenge-response protocol where a single honest verifier can dispute an invalid state root published by a sequencer during a predefined challenge window (typically 7 days). It enforces correctness through cryptographic fraud proofs, ensuring the L2 state can be trustlessly derived from L1 data. The sequencer posts a bond that is slashed if a challenge is successful.
02
Primary Attack Vectors
Key security threats include:
- Data Unavailability Attacks: A malicious sequencer withholds transaction data, preventing verifiers from constructing fraud proofs.
- Challenge Suppression: Attempts to censor or delay a verifier's challenge transaction on the L1.
- Bond Insufficiency: If the sequencer's bond is less than the potential profit from fraud, the economic security fails.
- Timing Attacks: Exploiting the precise timing of the challenge window's opening and closing.
03
Verifier's Dilemma
A coordination problem where the cost of verifying state (gas fees, effort) is borne by individual verifiers, while the benefit (security for all users) is a public good. This can lead to free-riding, where users assume others will verify, creating a risk that no one challenges fraud. Solutions often involve watchtower services or protocol-level incentives for verifiers.
04
Economic Security & Bonding
Security is ultimately backed by economic incentives. The sequencer's bond must be valued higher than the maximum potential gain from publishing a fraudulent state root. If a fraud proof succeeds, the bond is slashed, with a portion often awarded to the challenger. The size and liquidity of this bond are critical security parameters.
05
Comparison to Validity Proofs
Contrasts with ZK-Rollup security models:
- Custody Game (Optimistic): Assumes correctness, with security via punishment for provable fraud. Has a long withdrawal delay.
- Validity Proofs (ZK): Assumes nothing; each batch includes a cryptographic proof (SNARK/STARK) verified on L1. Offers immediate finality. The trade-off is between proving cost (high for ZK) and challenge cost/latency (high for Optimistic).
COMPARATIVE ANALYSIS
Custody Game vs. Related Concepts
A technical comparison of the Custody Game mechanism with related security and dispute resolution concepts in blockchain systems.
| Feature / Mechanism | Custody Game (Optimistic Rollup) | Fraud Proof (Optimistic Rollup) | Validity Proof (ZK-Rollup) | Proof-of-Stake Slashing |
|---|---|---|---|---|
Primary Security Guarantee | Economic disincentive via stake forfeiture | Cryptographic proof of invalid state transition | Cryptographic proof of valid state transition (SNARK/STARK) | Economic disincentive for protocol violations |
Dispute Resolution Trigger | Challenge period (e.g., 7 days) | Fraud proof submission | Proof verification on-chain | Slashing proposal by validator |
Finality for Users | Delayed (after challenge period) | Delayed (pending fraud proof) | Instant (upon proof verification) | Instant (upon block inclusion) |
On-Chain Data Requirement | Full transaction data published | Full transaction data published | Only validity proof and state delta published | Block headers and attestations |
Computational Overhead (Prover) | Low (only in dispute) | High (only in dispute) | Consistently High (per batch) | Low (consensus operations) |
Trust Assumption | 1-of-N honest verifier | 1-of-N honest verifier | Cryptographic (no trust required) | Economic (honest majority of stake) |
Primary Use Case | Securing state transitions in Optimistic Rollups | Disputing invalid state in Optimistic Rollups | Proving correct execution in ZK-Rollups | Securing consensus in Proof-of-Stake blockchains |
DEBUNKED
Common Misconceptions About Custody Games
Custody games are a critical security primitive in blockchain, but their nuanced mechanics are often misunderstood. This section clarifies the most frequent points of confusion.
A custody game is a cryptographic challenge-response protocol where a verifier challenges a custodian to prove they still possess and can access a specific piece of data, like a private key or a data shard. It works by the verifier sending a random nonce; the custodian must sign this nonce with the private key in question within a predefined time window (the challenge period). A valid signature proves continuous custody, while failure or delay can trigger automated slashing of staked collateral or initiate a recovery process. This mechanism is foundational for restaking, bridges, and decentralized storage networks.
CUSTODY GAME
Frequently Asked Questions (FAQ)
The Custody Game is a core security mechanism in optimistic rollups, designed to ensure data availability and enable trust-minimized withdrawals. These questions address its function, participants, and implications for users and developers.
The Custody Game is a cryptographic challenge-response mechanism in optimistic rollups that ensures data availability for the rollup's state transitions. It works by having a designated custodian (or sequencer) commit to having the data needed to reconstruct the rollup state. If a verifier suspects the data is unavailable, they can initiate a challenge by requesting a specific piece of data. The custodian must respond with a valid Merkle proof within a challenge period; failure to do so proves data withholding, allowing the verifier to slash the custodian's bond and trigger a fallback mode where users can exit the rollup based on the last verified state.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall