0/ Here's what you should ask yourself (or the community) before putting millions of $$$ into an Ethereum Rollup: 👇.

When chains stop posting data, the risk of reorg dramatically increases. Some L2s have already experienced really long reorgs. When chains stop posting state roots, withdrawals are frozen. Could be for a few days, could be permanent . Liveness of chains is as important as safety.

I have a very different take. * many projects managed to brainwash everyone that posting data to AWS or 1/1 DAC is "good enough". End users don't care but we (pro community) should make them care by strongly discouraging such architectures. Instead they are actually encouraged by.

All we ask projects is to not make false and misleading claims. I personally wish all the best @hibachi_xyz and I do hope that eventually their claims become true, as we need more self-sovereign systems in Web3. Just please, be honest about the current state of your project 🙏.

Why you should check @cartesiproject . * Having a honeypot to incentivise hackers to break the system is much better than having EOA with upgrade powers for beta launch .* If working as designed, you have an SDK at your disposal to quickly and cheaply build custom AppChains that.

Study @cartesiproject , IMO this is how projects should be launched. Honeypot to test their proof system, immutable contracts. Such a different way to launch a product. I hope bounty will increase and there will be enough hackers/researchers to look at their proof system👇.

Where's @hibachi_xyz source code ? What exactly is being proven with Zk proof ? How settlement layer knows what's being posted to Celestia ? Why all deposits can be easily rugged by a single EOA ? . If "CLOBs on BLOBs" are such a breakthrough (and they might be, who knows), can.

Study L2 trust assumptions. Always assume the worst. Act accordingly. Security and decentralisation doesn't matter until it does.

Are alt-DA L2s a failed experiment at scaling Ethereum ? . Few months ago @l2beat announced that having an abysmal DA setup where one or two addresses can rug all users' funds, a practice that became prevalent in the space, will result in change of the classification of these

While 7702 introduced a lot of exciting new use cases we need to make sure that the transparency of Ethereum blockchain is not lost in the proces. Tracers (@BlockSecTeam , @TenderlyApp , etc. ) - please show clearly the address of the delegated address code that is being.

Top three blob posters are @base @worldcoin and @arbitrum

For some time now @l2beat is tracking DA usage for various DA layers and projects. If you are interested how the recent Pectra upgrade affected Ethereum blob space, check out

Ethereum's scaling roadmap promised to deliver scaling and interop w/out compromising on security and decentralisation. That clearly comes with the huge price tag (it's slow, it's expensive, it's difficult). Competing projects seem to be trying to go a very different route /11.

So it's supposedly cheaper and faster now. What about security and trust assumptions ? Clearly there are very different. They talk about "A decentralised network of nodes that jointly sign transactions" - who are these nodes ? How can I independently verify that ? /10.

It is somewhat surprising then that @NEARProtocol decided to scrape the whole design and replace it with . MPC. This is what they say about this in the docs: /9

Many (including me) considered Rainbow Bridge to NEAR a gold standard for building a bridge - only bridges proving the state (as Rollups do) can be considered safer while remaining fully decentralised /8.

One way to make a bridge trust-minimized is to deploy a light client - a smart contract that verifies the other blockchain's consensus. One of the most known project that had a light-client bridge was @NEARProtocol /7.

We (at @l2beat) have asked several teams using MPC to prove to us that EOA that is seen by Ethereum is actually signed by a network of nodes and not a single account. None of them managed to do that. Is it because it's hard to do or actually impossible ? /6.

MultiSigs based on MPC so far has been very opaque. Anyone that remembers MultiChain, one of the most prominent bridge claiming to be "super-secure" (because it was MPC-based) which turned out to be a total fake, is understandably a skeptic /5

The tradeoff is transparency. While it's possible to verify socially who are the MultiSig signers (see e.g. Gnosis Bridge validators as an gold standard example) I am yet to see any project able (or even trying) to prove who are the MPC signers /4

Why not use a simple MultiSig ? I guess it's because of the gas cost - verifying a single signature on Ethereum is obviously cheaper than verifying couple of signatures and checking if a threshold is met. And it sounds cooler /3.