navbg

DevConnect Istanbul 2023: Security panel at Hyperlane and Celestia Modular Day!

The RollupJuly 25, 2024, 5:46 PM

Security panel at Hyperlane and Celestia Modular Day!

Featuring Kydo of Eigen Layer, Juno Rouse of Chain Light & Rushi Manche of Movement Labs.

Another EFDevconnect panel live recap, here we go šŸ‘‡

First question from moderator Jacob, of ETHGlobal is about layer two security and data availability security.

Kydo begins with data availability and ā€˜AltDAā€™ which is separate from posting call data on Ethereum.

Kydo explains there are new complexities added with this model

He goes on to explain decentralization of sequencers is an interesting proposition as well.

Moderator Jacob asks about posting call data to ā€œwhy do we have to do anything with data? Why do we have to put it somewhere?ā€

Kydo answers that DA guarantee prevents a centralized party from withholding data.

Also that you inherit the base security properties of Ethereum as well, with altDA there are underlying trust assumptions for Eigen Layer and Celestia which are separate from Ethereum.

This is the trade off from using a DA layer vs Ethereum itself Rushi anche
asks:

How do these new DA layers play a part with danksharding coming up?

Kydo says heā€™s not a DA guy šŸ˜‚šŸ˜‚ but is at Eigenlayer and that users are here, and they want danksharding now

In between the time to EIP4844, he explains how different DA solutions are needed imminently.

Jacob guides the conversation with ā€œwhoā€™s checking for correctness of the data and what is a watch tower?ā€

Watch tower is a key component in the stack which observes a L2 chains to detect when a fraud is happening to kick start the fraud proof window on L1.

Kydo explains that this is currently handled by centralized sequencers now which is looking to be decentralized in the near future

Juno then replies how each protocol in crypto is monitored by some other 3rd party (like ChainLight)

This is for security to prevent bad actors

Juno explains how arbitrum governance is ran by validators should have the ability to create transactions to suggest a challenge period or fraudulent tx

On arbitrum, thereā€™s not enough validators who have enough ETH to submit TXs let alone challenge a tx and start a fraud proof.

Jacob asks how we setup validators to secure thousands of chains in the future if we struggle to do so with dozens nowā€¦

Juno adds that Eigen Layer is doing well on this.

We start diving into the setup of security of sequencers right now.

Rushi said itā€™s awful. Mentions that downtime is very problematic for rollups and that shared sequencers are great but economic incentives need to be aligned for rollups to change their current ways.

He mentions thatĀ @CeloOrg has a very unique tokenomics mechanism for securing their chain via their validator set being a part of the shared sequencer model.

Itā€™s been very cool to see how Celo has transitioned to an L2 with this ā€œhybridā€ type model.

We did a fun pod recently too. You can listen to it here.

Kydo steps in to ā€œdefendā€ L2s and suggests new terminology of distributed systems as rollups as they are now, but he agrees that in future from a liveness + regulatory POV, a set of decentralized nodes is very important.

Jacob asks if thereā€™s any thoughts how these chains develop over time with smaller revenue and more decentralization?

Rushie suggests that the decline in sequencer profits will not make sense in the long term, as DA layers will be utilized and tx fees will be much cheaper.

He mentions at this point in time, when fees are significantly cheaper, using a decentralized sequencer makes a ton more sense

Now moving into modular blockchain discussionā€¦

Jacob asks how smart contract security will change in a world of modular chains with 1000s of different layers/chains/tools?

Juno replies that he thinks smart contract security will not change dramatically from where we are now to a certain extent

He then explains optionality

And how optionality, given a set of solid contracts from different parts of the stack so to speak, will enable easier creation of modular chains

Jacob mentions that ā€œitā€™ll be good for businessā€ šŸ˜‚šŸ˜‚šŸ¤“

Yes moar chains pls auditors are rejoicing!!

Next topic: solidity.

Rushi is so ready to tackle this. First, he touches on MoveVM and how itā€™s interesting that modular has different use cases for the thesis of each project.

Rushi states that security is the biggest issue right now - he uses an example that ā€œBank of Americaā€ wonā€™t use solidity as its potential for hacks is an issue.

He mentions that they are very focused on building secure, reliable tech.

The thesis of alt-VMs is exciting.

Rushi mentions further that these VMs can empower ā€œbulletproof rollupsā€ using Ethereum as settlement, an altVM for execution, and a separate DA layer gets you a modular rollup with tons of use cases.

Also, he added that Rust based VMs are extremely exciting (rust is a coding language which is popular amongst devs in ā€˜web2ā€™)

He thinks the moveVM is great because of formal verification embedded natively.

Juno asks a question ab formal verification, and Rushi explains that technicals behind MoveVM and how the bytecode works with its smart contract execution when compared to solidity and EVM

Rushi taking shots at EVM, whatā€™s new?šŸ˜‚

The panel concludes ā€œmove is very coolā€ hahaha

Jacob pushes forward with a short recap of the panel thus far and another question: ā€œwhatā€™s missing from the current convo?ā€

Rushi asks about slashing with eigenlayer

Kydo answers that slashing is not live yet, but will be on eigenlayer and explains how PoS chains incentivize actors to not act against the rules of the network

He then explains how Eigenlayer abstracts this into its smart contracts for devs to build atop with it embedded

Jacob asks a question about security and fragmentation vs shared security

Kydo replies about the differences in these models & how the economic relationship is unique

He explains in this new world of shared security, you must spend much more $$$ to compromise a rollup.

Jacob says weā€™ve used every buzzword possible in this talkšŸ˜‚šŸ˜‚ so true

So whatā€™s next? Of course ā€˜zkā€™

Kydo says zk is a great add on and zk is a great future usecase but is also focused on security now

He explains how zksync proof mechanisms do a great job at both, currently.

Rushi says basically zk is cool, but prover costs are quite high.

He mentions polygon cdk is interesting because you can share proving costs amongst tons of rollups and effectively socialize the costs (and liquidity, if Iā€™m not mistaken)

Oh boy, Juno says they found a circuit bug in zksync ā€¦ā€¦.Chain Light?

He says the focus should be on a safe, secure environment.

zk coding is very difficult and is still very novel, tread carefully frens

Jacob recaps the panel with the security-based mindset going forward and hopes for safe, secure programming and thatā€™s all folks!

Thanks for reading - hope you enjoyed this Devconnect panel recap.