DevConnect Istanbul 2023: Security panel at Hyperlane and Celestia Modular Day!
Security panel at Hyperlane and Celestia Modular Day!
Featuring Kydo of Eigen Layer, Juno Rouse of Chain Light & Rushi Manche of Movement Labs.
Another EFDevconnect panel live recap, here we go š
First question from moderator Jacob, of ETHGlobal is about layer two security and data availability security.
Kydo begins with data availability and āAltDAā which is separate from posting call data on Ethereum.
Kydo explains there are new complexities added with this model
He goes on to explain decentralization of sequencers is an interesting proposition as well.
Moderator Jacob asks about posting call data to āwhy do we have to do anything with data? Why do we have to put it somewhere?ā
Kydo answers that DA guarantee prevents a centralized party from withholding data.
Also that you inherit the base security properties of Ethereum as well, with altDA there are underlying trust assumptions for Eigen Layer and Celestia which are separate from Ethereum.
This is the trade off from using a DA layer vs Ethereum itself Rushi anche
asks:
How do these new DA layers play a part with danksharding coming up?
Kydo says heās not a DA guy šš but is at Eigenlayer and that users are here, and they want danksharding now
In between the time to EIP4844, he explains how different DA solutions are needed imminently.
Jacob guides the conversation with āwhoās checking for correctness of the data and what is a watch tower?ā
Watch tower is a key component in the stack which observes a L2 chains to detect when a fraud is happening to kick start the fraud proof window on L1.
Kydo explains that this is currently handled by centralized sequencers now which is looking to be decentralized in the near future
Juno then replies how each protocol in crypto is monitored by some other 3rd party (like ChainLight)
This is for security to prevent bad actors
Juno explains how arbitrum governance is ran by validators should have the ability to create transactions to suggest a challenge period or fraudulent tx
On arbitrum, thereās not enough validators who have enough ETH to submit TXs let alone challenge a tx and start a fraud proof.
Jacob asks how we setup validators to secure thousands of chains in the future if we struggle to do so with dozens nowā¦
Juno adds that Eigen Layer is doing well on this.
We start diving into the setup of security of sequencers right now.
Rushi said itās awful. Mentions that downtime is very problematic for rollups and that shared sequencers are great but economic incentives need to be aligned for rollups to change their current ways.
He mentions thatĀ @CeloOrg has a very unique tokenomics mechanism for securing their chain via their validator set being a part of the shared sequencer model.
Itās been very cool to see how Celo has transitioned to an L2 with this āhybridā type model.
We did a fun pod recently too. You can listen to it here.
Kydo steps in to ādefendā L2s and suggests new terminology of distributed systems as rollups as they are now, but he agrees that in future from a liveness + regulatory POV, a set of decentralized nodes is very important.
Jacob asks if thereās any thoughts how these chains develop over time with smaller revenue and more decentralization?
Rushie suggests that the decline in sequencer profits will not make sense in the long term, as DA layers will be utilized and tx fees will be much cheaper.
He mentions at this point in time, when fees are significantly cheaper, using a decentralized sequencer makes a ton more sense
Now moving into modular blockchain discussionā¦
Jacob asks how smart contract security will change in a world of modular chains with 1000s of different layers/chains/tools?
Juno replies that he thinks smart contract security will not change dramatically from where we are now to a certain extent
He then explains optionality
And how optionality, given a set of solid contracts from different parts of the stack so to speak, will enable easier creation of modular chains
Jacob mentions that āitāll be good for businessā ššš¤
Yes moar chains pls auditors are rejoicing!!
Next topic: solidity.
Rushi is so ready to tackle this. First, he touches on MoveVM and how itās interesting that modular has different use cases for the thesis of each project.
Rushi states that security is the biggest issue right now - he uses an example that āBank of Americaā wonāt use solidity as its potential for hacks is an issue.
He mentions that they are very focused on building secure, reliable tech.
The thesis of alt-VMs is exciting.
Rushi mentions further that these VMs can empower ābulletproof rollupsā using Ethereum as settlement, an altVM for execution, and a separate DA layer gets you a modular rollup with tons of use cases.
Also, he added that Rust based VMs are extremely exciting (rust is a coding language which is popular amongst devs in āweb2ā)
He thinks the moveVM is great because of formal verification embedded natively.
Juno asks a question ab formal verification, and Rushi explains that technicals behind MoveVM and how the bytecode works with its smart contract execution when compared to solidity and EVM
Rushi taking shots at EVM, whatās new?š
The panel concludes āmove is very coolā hahaha
Jacob pushes forward with a short recap of the panel thus far and another question: āwhatās missing from the current convo?ā
Rushi asks about slashing with eigenlayer
Kydo answers that slashing is not live yet, but will be on eigenlayer and explains how PoS chains incentivize actors to not act against the rules of the network
He then explains how Eigenlayer abstracts this into its smart contracts for devs to build atop with it embedded
Jacob asks a question about security and fragmentation vs shared security
Kydo replies about the differences in these models & how the economic relationship is unique
He explains in this new world of shared security, you must spend much more $$$ to compromise a rollup.
Jacob says weāve used every buzzword possible in this talkšš so true
So whatās next? Of course āzkā
Kydo says zk is a great add on and zk is a great future usecase but is also focused on security now
He explains how zksync proof mechanisms do a great job at both, currently.
Rushi says basically zk is cool, but prover costs are quite high.
He mentions polygon cdk is interesting because you can share proving costs amongst tons of rollups and effectively socialize the costs (and liquidity, if Iām not mistaken)
Oh boy, Juno says they found a circuit bug in zksync ā¦ā¦.Chain Light?
He says the focus should be on a safe, secure environment.
zk coding is very difficult and is still very novel, tread carefully frens
Jacob recaps the panel with the security-based mindset going forward and hopes for safe, secure programming and thatās all folks!
Thanks for reading - hope you enjoyed this Devconnect panel recap.