Rollups: Centralised front-end, decentralised back-end
Rollups as a new technology stack for financial applications
Off-chain scalability has helped us scale for the past ~12 years. In fact, for many users, it is the representative experience of crypto as they have only transacted on a trusted platform like cryptocurrency exchanges. Unfortunately, due to the design for almost all off-chain systems, it remains a fully trusted and custodial experience fraught with dangers:
No proof of reserves. Liabilities recorded in the off-chain database are private and impossible to audit,
Funds are freezable. Centralised platform can decide to ignore the user’s withdrawal request and prevent/revert all off-chain transfers,
Human processes. It is up to a set of human processes, and not the technology stack, to protect the funds.
Closed-source. No public audits or community approach for attesting to the quality of a technology stack that protects billions of dollars.
Lack of oversight. There is no guarantee the exchange is holding your assets at reserves and may be lending them out in waves of credit bubbles.
In fact, as I was writing this article, the community witnessed a squabble between SBF and CZ which within a couple of days led to the downfall of FTX.
Due to the squabble between the billionaires and the leak of a balance sheet, rumours circulated that FTX lacked the assets to cover its liabilities to customers. This led SBF to claim that FTX has enough assets to cover all client holdings and that “FTX is fine, Assets are fine”.
Do we trust the operator? Or put them to the test?
As a customer, this raises the following dilemma:
Do you blindly trust the word of an exchange operator and keep your funds on the exchange?
Do you withdraw your funds, remove counter-party risk, and simply wait to see if it is fud?
To the credit of the crypto community, they opted for the second option in mass and it led to a run on the exchange as customers withdrew their funds and put the rumours to the test. Due to the inherit design flaws of a trusted off-chain system, the mass withdrawal approach is the only true way to verify whether the assets are available to cover the liabilities. Several outlets, most notably The Block, reported in real-time FTX’s attempts to replenish assets on the exchange to facilitate customer withdrawals until it eventually paused all withdrawals.
We do not know the long-term impact of FTX’s fall, the depth of its black hole, or whether it has lost customer funds. The details should eventually become public in the coming weeks as Binance completes its takeover and provides sufficient liquidity for customers to withdraw their assets. However, to point of this article, it highlights that we are all crazy to trust a single operator, who is running an opaque and blindly trusted off-chain system, to protect billions of dollars.
FTX is not the first exchange and it will not be the last to be insolvent. It has happened over and over again in the history of cryptocurrencies. The truth is always discovered, even if it takes awhile.
Interestingly, there are four ways for an exchange to recover from insolvency:
Takeover. A bigger player takes over the off-chain system and pays off the debt. FTX example.
Haircut. All customers take a haircut that is proportional to the loss. OKEx example.
IOU token. All customers are issued a token to represent their loss and the exchange will eventually pay them back. Bitfinex example.
Bankruptcy proceedings. Customers sue the exchange and hope to recover remaining funds via the courts. MtGox example.
To date, the largest and most significant insolvency was the Fall of MtGox. The exchange failed to protect customer funds and continued to operate for years. I recommend watching Kim Nilsson - Cracking MtGox as he walks through the various tragedies of MtGox. It is still remarkable how the company lacked any internal detection or accounting system and it was continuously hacked until they eventually lost over 800k BTC (6% of Bitcoin’s total supply).
Replacing human enforcement with software
Satoshi Nakamoto’s goal was to remove all the trust that’s required to make it work for an e-currency. Yet, as a community, we have replicated and re-introduced the same trusted intermediary model for most off-chain systems. It is essential we return to the initial vision of cryptocurrency and consider how we can replace the human trust placed in off-chain systems with publicly verifiable cryptographic proofs.
It should be viable for any startup to download, compile and deploy software that sets up their off-chain system while automatically protecting all deposited assets. It is not a new idea and there is evidence of product-market fit as several projects have adopted SDKs with software enforcement in mind. Examples include the deployment of a new layer-1 blockchain like Binance Smart Chain, dYdX’s ambition to kick-start an app-chain using the Cosmos SDK, and the several companies (Immutable, Arbitrum, Optimism, etc) that rely on rollup infrastructure.
For this article, I’ll focus on rollup infrastructure as I consider it the end-game solution for replacing human enforcement with software. The fundamental pursuit of rollups is to replicate the experience of a trusted off-chain system with publicly verifiable and trust-minimized infrastructure.
There are many benefits to consider:
Proof of reserves. Anyone can check the system is fully collateralised,
Real-time audits. Anyone can check that all transactions are executed as expected and the database is updated correctly,
Forced transactions. Anyone can forcefully include their transaction to be processed and it’ll be eventually executed.
Open-participation. Anyone, who is willing to put some skin-in-the-game, can contribute towards the off-chain system’s operation.
Most importantly, at the heart of a rollup is removing the need for venture-funded startups to deal with the operational security overhead of protecting millions (or billions) of dollars. They can place their energy and focus on building a good user experience and the service they want to offer their customers.
Long term, it should emerge is that custody of user assets is an undesirable liability.
Rollup’s have a centralised front-end and a decentralised back-end
To keep it simple, there are two components for most off-chain systems:
On-chain bridge. Holds all assets for the off-chain system.
Off-chain database. Records the liabilities for the off-chain system.
In almost all systems, the bridge wants to be convinced the off-chain system accurately reflects all liabilities and that the assets can cover the liabilities before a user can withdraw their funds. For the past 12 years, the process of convincing the bridge is to trust a single operator to attest to the off-chain database’s integrity and ultimately this implies the operator is responsible for protecting the funds.
In a rollup, the process of convincing the bridge is very different. There are three actors to consider:
On-chain bridge. The on-chain bridge is an autonomous smart contract that is capable of verifying the integrity of all updates to the database.
Sequencer. An operator that takes a list of pending transactions, orders them for execution, and passes the transactions on.
Executors. An open-membership set of operators who take the ordered transactions, executes them, and attests to their execution with the bridge mart contract.
The core difference between a trusted off-chain system and a rollup is that the bridge is a smart contract. With the assistance of an open-membership group of executors, the bridge can check the integrity of all attested updates to the off-chain database before a customer withdrawal is processed. Put another way, it forms a decentralised backend to the off-chain system and it enables a swarm of cyber hornets to process and defend all valid updates to the off-chain database.
As a startup, the only responsibility is to write your smart contract suite and to deploy it onto your rollup/off-chain system. You can take full control of the user experience by performing the Sequencer role. Thankfully, the Sequencer has little to do with security of the off-chain system. It can be fully centralised or distributed amongst a set of Sequencers. Put another way, a startup can run a centralised front-end to the off-chain system with little risk to users and the emphasis for protecting the assets is placed on the magical swarm of cyber hornets that is running the back-end.
Most importantly, all bystanders can check the integrity of the off-chain system in real-time and there is no risk of funds being frozen. If the Sequencers refuse to process a user’s transaction, for whatever reason, then a user can simply bypass the Sequencers and send their transaction directly to the on-chain bridge. It’ll eventually be picked up and executed by the swarm of cyber hornets. Put another way, the system architecture of rollups replaces the the ethos of wont be evil with cant be evil.
Rollup as an SDK (“the L3 dream”)
There is a growing desire by Goliath crypto firms, venture-funded startups and users to rely on systems that bolster the ability for bystanders to audit their integrity in real-time. The cross-over of DeFi for autonomous financial applications and rollups for scalable off-chain systems is key to beating the existing systems and critically it is superior in all forms to any regulatory approach for protecting users.
This is why I believe in the Rollup as an SDK movement and that it is the winning play for all rollup teams. Remarkably, I have privately spoken to most rollup teams and I normally hear the following reluctance:
We want to perfect the code and not release rubbish.
Sure, but then you miss the market!
Our engineers have spent a year or so working on it, we need to be careful to give it away
It is a bigger waste of their time when the community adopts the open-source variant from another team
If everyone is forking our code, then it fragments our market share?
Oh man, the fact that billions of dollars are locked up across various instantiations of your SDK and it is the dominant player in the market… what a problem… -.-
Competitors are just going to steal the code and work against us
Have you looked at the companies who support the go-ethereum API? Or the various Uniswap forks? Your brand and ethos will win out.
I am under the belief that most rollup teams don’t understand the go-to-market play and it is decremental to the entire eco-system, especially in light of FTX’s liquidity issues. The “business model” that a rollup team can build a moat around closed-source software and make a profit by serving others as the only provider is a loser strategy (and a loser business model).
The rollup play and go-to-market is easy:
Developer moat. Open-source everything and an army of developers will build for your system. No one wants to build for Goliath the rent seeker. Focus on Developers, Developers, Developers!
Fork moat. Encourage teams to fork and re-instantiate your rollup, ideally on your own L2 platform.
TVL and user moat. The more coins locked in your rollup network and the forked instances, the greater liquidity moat for your eco-system and a snowball effect of more people building with it.
Essentially, if your rollup becomes the SDK of choice for deploying off-chain systems and billions of dollars get locked in across the various deployments, then it demonstrates significant user traction and the entire eco-system will follow for free to support your SDK. Yes, all node providers, wallets, DeFi applications and everyone else who is chasing a slice of the user pie. If there is a token, it’ll reflect the popularity of all deployed rollup instances, and not just the single network run by the team.
Most rollup teams need to fight the Legacy Web2 world mindset. You are supposed to be a company that is building the software stack for a Web3 network and the goal is to give it away in its entirety for the betterment of the community. With that ethos, we will see the rise and flourishing world of rollups as they eventually replace the trusted and insolvency-ridden off-chain systems that dominate today.
To conclude
I hope we can live out the dream of Satoshi Nakamoto by replacing trusted systems with verifiable cryptographic proofs.
Rollups enable teams to focus on the centralised front-end and product offering for their customers while a swarm of cyber hornets form a decentralised backend to protect all assets held by the off-chain system. It is empowering as teams can focus on building a good user experience as opposed to the operational security that has plagued our space for so long.
Again, this is why I believe only winning play for layer-2 projects is Rollup as an SDK and I do hope the rollup teams wake up to it for the betterment of all.