A few thoughts inspired by Jon Charb’s latest rollup article follow.
- If an Ethereum rollup’s “validating bridge” contract gets hacked, the ETH and bridged assets become un-backed on the associated rollup.
- Without a bailout or Social coordination (base layer fork), market forces likely send the rollup governance tokens to 0, eviscerating their asset composition (TVL).
- In the blowup scenario the “validating bridge” matters, and will define the rollup for better or worse even though it doesn’t technically or socially have to be this way.
Rollups were created specifically for Ethereum to allow users to port ETH and ERC-20s to an off-chain database, transact cheaply while there, and retain censorship guarantees of Ethereum should the rollup run into any censorship issues. Implementations include proposing blocks, sequencer forced inclusion transactions, and mass exit games. There exist 2019/2020 era discussions on Ethresear.ch mentioning rollup migrations as an exit game should censorship happen. Indeed, there was the whole progression of the idea for many years, going from State Channels to Plasma to rollups (post all data on chain).
Technically, all the rollup issued assets are safe. Great! Even if we hand-wave away the fact that Ethereum based assets are really the only meaningful assets on rollups today and probably will always play a dominant role in any future rollup’s asset composition, we still have a problem. The problem is that this line of thinking excludes the consideration of market forces; ie. sell pressure on the rollup assets, in particular the rollups governance tokens.
By my rough back of the envelope calculations ~95% of Arbitrum’s $5.8B asset composition is from bridged assets and ARB tokens. These tokens comprise 25% of the total $5.8B and bridged assets comprise ~70%, or $4B of Arbitrum’s assets.
In this real life scenario, If the “validating bridge” contract gets hacked your rollup likely dies. Today, the majority of liquidity flows into rollups through Ethereum, as designed. Ethereum rollups to date have shown little willingness to launch tokens until they reach some thresholds. If this pattern continues then there are 2 sources of dominant assets on the rollup; ERC-20s/ETH and native rollup governance tokens [ARB, OP, STARK, etc.]. Together, it appears likely that these sources of liquidity will continue to comprise > 80% of rollup asset compositions in the medium term and perhaps persist at a ratio > 50% in the long term.
In practice, any rollup team with a token that has aspirations of token distribution and price discovery, facilitates the listing of their tokens on Centralized Exchanges, who often have much deeper liquidity (provided by non-altruistic market makers like Jane Street) than rollups do on their own DEXs. I don’t know if this assertion is exclusively true for ARB & OP token liquidity. However, my Tradefi sources say this intuition is directionally correct.
During the chaos following a hack event , regular rollup users and large holders will rush to dump the rollup governance token just like when equities are sold aggressively following disruptive events. In our hack scenario, market makers will likely pull their bids as well while OTC order-books shutter. Concretely we have a recent example of what a death spiral looks like with the collapse of Terra. Many of the described externalities happened. Ergo, this isn’t a theoretical semantic argument based on the opinion of a few rollup enthusiasts. If a rollup’s “validating bridge” is hacked, there is a sufficiently high probability that the rollup’s governance token goes to 0.
Note: The significance of a project’s governance token “going to 0” implies a social loss of credibility from the broader community of stakeholders.
There are two forgiving scenarios. The first would be the emergence of a bailout to make the impacted users whole by topping up the bridge (new bridge), providing full backing to their ERC-20 & ETH assets; see Wormhole hack as an example. The announcement of a bailout would likely pause the downside price movement of the rollup’s governance token as opportunists would step in seeing a distressed asset. A bailout would enable a subsequent “fork” or “new deployment” of the rollup contracts.
The other alternative is relying on Ethereum governance to agree to fork the base layer similarly to the contentious DAO hard fork. This assumption creates a moral hazard which Vitalik has recently written about. While a base layer hard fork is possible due to community overlap and alignment, its hard to see this playing out, especially if the attacker decides to “burn” the stolen Ether in the construction of a dialectical social experiment carried out between the rollup community and Ethereum governance. It’s more likely the rollup dies in this case.
It should then be clear, in the event of a hack, without a swift bailout, there will be panic selling of rollup governance tokens on centralized exchanges. The overall asset composition of the rollup will quickly trend towards zero. Relaunching the rollup from some arbitrary point in time won’t work, you’ll need to issue a new token as well. Hence, you cannot say Ethereum rollups as constructed, bounded by smart contracts, defined by their validating bridge due to their economic weight, can arbitrarily fork. Therefore, it’s not reasonable to say Ethereum rollups can easily “just fork” out the bridge and persist, even if this is technically and socially possible. In my view, It’s unlikely in any gray swan scenario we can think of that this would be the case. There is simply too much financial value locked in the validating bridges. In the future this will likely remain true even if USDC can be natively minted on Optimism or Arbitrum or any Ethereum rollup. Looking forward to revisiting this prediction in the future.