Arbitrum Fraud Proofs

The key to the security of any rollup chain is the ability to provide fraud proofs if someone tries to cheat. Every public version of Arbitrum, going back to our first public alpha in early 2020, has had a fully functioning fraud proof system.

Validators are the parties who participate in the rollup protocol to advance the state of the Arbitrum chain securely, using fraud proofs when necessary.

You don’t need to be a validator, and most people won’t validate. The correctness of Arbitrum requires only that one honest party is validating — the protocol guarantees that a single honest validator can force the correct outcome no matter how many malicious validators there are or what they do.

Every validator can choose their own approach, but we expect validators to follow three common strategies.

• The active validator strategy tries to advance the state of the chain by proposing new rollup blocks. An active validator is always staked, because creating a rollup block requires being staked. A chain really only needs one honest active validator; any more is an inefficient use of resources. For the Arbitrum One chain, Offchain Labs is running an active validator.

• The defensive validator strategy watches the rollup protocol operate. If only correct rollup blocks are proposed, this strategy does nothing. But if an incorrect block is proposed, this strategy intervenes by posting a correct block or staking on a correct block that another party has posted. This strategy avoids staking when things are going well, but if someone is trying to cheat, it stakes in order to defend the correct outcome.

• The watchtower validator strategy never stakes. It simply watches the rollup protocol and if an incorrect block is proposed, it raises the alarm (by whatever means it chooses) so that others can intervene. This strategy assumes that other parties who are willing to stake will be willing to intervene in order to take some of the dishonest proposer’s stake, and that that can happen before the dishonest block’s deadline expires. (In practice this will allow several days for a response.)

Typically there will be one active validator at a time. There is nothing to prevent multiple active validators, and the protocol will work fine in that case. But if there is one active validator who is well-behaved, others who are willing to be active can avoid the need to stake by taking a defensive strategy. As long as the active validator keeps posting correct blocks, everyone else can minimize their staking costs safely by remaining defensive. If the active validator tries to cheat, the defensive validators will prove fraud and the active validator will lose their stake. Then anyone else can step forward and start actively validating.

Under normal conditions, validators using the defensive and watchtower strategies won’t do anything except watch the chain and privately check that each proposed rollup block is valid. A malicious actor who is considering whether to try cheating won’t be able to tell how many defensive and watchtower validators are operating incognito. Perhaps some defensive validators will announce themselves, but others probably won’t, so a would-be attacker will always have to worry that defenders are waiting to emerge.

Who will be validators? Most people will choose not to. In practice we expect people to validate a chain for several reasons.

• Some validators will be paid, by the party that created the chain or someone else. The Arbitrum team will be announcing an initial set of paid validators for Arbitrum One.

• Parties who have significant assets at stake on a chain, such as dapp developers, exchanges, power-users, and liquidity providers, may choose to validate in order to protect their investment.

• Anyone who chooses to validate can do so. Some users will probably choose to validate to protect their own interests or just to be good citizens. But ordinary users don’t need to validate, and we expect that the vast majority of users won’t.