Submitted by: The Arbitrum Foundation
Category: Constitutional, Software Upgrade
Abstract
This Constitutional AIP proposes upgrading both Arbitrum One and Arbitrum Nova’s Rollup Contracts to use Arbitrum BOLD: a new dispute resolution protocol that is designed to replace the existing and currently deployed Arbitrum protocol. BOLD delivers two critical improvements:
- Unlocks permissionless validation for Arbitrum chains,
- Enhances the security of Arbitrum chains by mitigating the risk of delay attacks.
BOLD accomplishes this feat by ensuring that any single honest party can always successfully defend against malicious claims to an Arbitrum chain’s state. BOLD represents the next step on the journey to having the Arbitrum technology stack being recognized as a Stage 2 Ethereum rollup. The implementation of BOLD will be thoroughly tested to ensure both its effectiveness and safety. The testing plan includes:
- A comprehensive audit by Trail of Bits,
- Deployment of the protocol to public testnets for at least 8 weeks,
- A public audit program,
- Publication of mathematical safety proofs and formal specifications.
This proposal requests the ArbitrumDAO to approve an upgrade to the onchain smart contracts and to support the deployment of a new challenger manager contract on Ethereum. If the upgrade is approved, then validators on Arbitrum One and Arbitrum Nova can use the Nitro software to participate in BOLD.
Additionally, all Arbitrum Orbit chains may choose to adopt BOLD to reap the security benefits of this new dispute resolution protocol as soon as the upgrade is generally available. BOLD, like the current Arbitrum dispute resolution protocol, makes use of WebAssembly (WASM) technology and can seamlessly support Arbitrum Stylus, should the ArbitrumDAO adopt Stylus.
Motivation
The ArbitrumDAO should consider approving this AIP as BOLD delivers critical security and decentralization improvements for Arbitrum One and Arbitrum Nova that benefit all Arbitrum users, Arbitrum node operators, dApps on Arbitrum, and Arbitrum bridges. These benefits can be extended to any Orbit chain that wishes to adopt BOLD.
More specifically, this new dispute resolution protocol brings the following benefits to Arbitrum chains:
-
Permissionless validation - Today, the critical role of being a validator for Arbitrum One and Nova is currently restricted to a permissioned set of validators in order to prevent delay attacks on the current rollup protocol - a class of attacks where actors can delay confirmations if they are willing to sacrifice their stakes. However, since BOLD mitigates the risks of delay attacks using a different mechanism (enforcing a fixed upper time bound on dispute resolution), reliance on a permissioned set of validators is no longer necessary. Therefore, passing this AIP and implementing BOLD to secure Arbitrum One and Nova effectively enables permissionless validation, marking a key milestone for Arbitrum chains to be recognized as Stage 2 Rollups, as part of Arbitrum’s journey to full decentralization.
-
Fixed delay time for assertion confirmation - The current rollup protocol for Arbitrum chains has a ~6.4 day challenge period during which validators can dispute claims about the chain’s state. These claims about the chain’s state are called “assertions”. While assertions are confirmable after 1 challenge period, malicious actors can open many challenges to delay confirming these assertions in a type of attack known as a delay attack. BOLD guarantees that all assertions, if there is a dispute using the validating bridge contract, will be confirmed within a fixed time window of 2 challenge periods (~6.4 days each), 2 day grace period for the security council to intervene, and a small delta for computing challenges.
- Security Council Safety-First Approach - There is a set of contracts on Ethereum known as the OneStepProver contracts. These contracts are used to declare a winner in a challenge by producing the correct L2 state given the single step of WASM execution being disputed. As mentioned above, a 2 day “grace period” (also called the “challenge grace period”) exists at the end of a dispute for the Security Council to intervene if there are any severe bugs in the OneStepProver contracts. The grace period is configurable by the ArbitrumDAO and initially set to 2 days.
Rationale
Enabling permissionless validation has been a long term goal of Arbitrum on the progressive journey towards decentralization.
BOLD mitigates the risk of delay attacks on Optimistic Rollups by ensuring challenges can be resolved within a fixed time period so long as there is an honest party involved. This particular change unlocks permissionless validation, enabling any well-resourced honest party or parties to defend and protect Arbitrum from malicious actors. All Arbitrum nodes are like watchtowers - honest validators by default and are able to catch fraudulent claims, and act if so desired.
More specifically, this AIP for bringing BOLD to Arbitrum chains is:
-
Ethereum-aligned: Arbitrum, with BOLD validation, will continue to rely on Ethereum for transaction data and the arbitration of disputes. Additionally, in line with Ethereum’s commitment to being open to everyone, Arbitrum will become more decentralized and trustless since participation to secure the network (i.e. validation) will be entirely permissionless and open to everyone who wishes to participate.
-
Sustainable: The BOLD protocol is a long-term dispute resolution protocol to secure Arbitrum chains. Additionally, there are already future investments and research expected following the initial launch, to ensure BOLD and its security guarantees evolve alongside the Arbitrum protocol, technology, and community.
-
Secure: The BOLD protocol is an intentional and strict improvement to the security model of Arbitrum chains. Arbitrum rollup chains, with BOLD validation, will continue to rely on Ethereum for data availability of transaction data and the arbitration of disputes.
-
Socially inclusive: Should this AIP be adopted, permissionless validation using BOLD will allow any entity, individual, or team in the community to participate constructively in securing Arbitrum. Validation is not restricted to a single address, as BOLD considers all entities that are proposing honest claims to be part of the same team. Where one honest validator may fall off, another one can take up its same responsibility.
-
Technically inclusive: The BOLD protocol specification is publicly available on Github here. The technology is permitted for use by anyone (i.e. permissionless) for the sole purpose of operating and developing an Arbitrum Nitro Instantiation.
-
User-focused: If this AIP is adopted, both users and dApp project developers on Arbitrum One and Nova alike will not need to take any additional action to reap the benefits of BOLD. BOLD will be working silently “under the hood” to ensure safe withdrawals and secure, permissionless validation.
- Neutral and open: BOLD has been and will continue to be “built in the public”, in line with how Orbit and Stylus are being developed. This AIP is made in good faith to be neutral, transparent, factual, and open for anyone in the community to critique and inspect.
Implementation, Formal Specification, and Safety Proofs
The following link, BOLD Implementation Deep Dive, explains how BOLD is implemented and how it works at a high level. To read about the formal specification and mathematical safety proofs for the protocol, check out the official BOLD whitepaper.
Overview of BOLD’s Economics and Spam Prevention
This section describes the bonding mechanism behind Arbitrum BOLD at a high level. The following link, Economics of Disputes in Arbitrum BOLD, offers greater details on the rationale behind the proposed bond sizes, why bonds are important, and how to think about their magnitude in the context of designing a dispute resolution protocol.
Based on feedback, we wanted to clarify the various roles and expectations for those participating in bold validation -
By default, all Arbitrum nodes are validators that will track the progress of the chain to verify assertions being posted to the parent chain to flag if an invalid assertion is observed. Running this type of validator is permissionless today and does not require any bond. Running a validator in this mode is also known as a “watchtower” node.
BOLD lets validators permissionlessly become proposers and challengers if they want to. The role of a proposer is required to help progress the chain which requires bonding ETH, proposing and then posting state assertions to the parent chain. This bond is known as an “assertion bond”. The chain only needs 1 proposer to make progress. Therefore, most validators can watch the chain and independently verify assertions without being a proposer.
In the unhappy case where there is a dispute about a proposed state assertion, BOLD lets anyone permissionlessly put up a bond of ETH to open challenges in the defense of Arbitrum (in their capacity as a challenger to invalid state assertions). This bond is known as a “challenge bond”.
Given that participation in BOLD is permissionless, we recommend that the size of bonds required to participate be high enough to disincentivize malicious actors from attacking Arbitrum One and Nova and to mitigate against spam (that would otherwise delay confirmations up to approximately 1 challenge period). High bonding values do not harm decentralization because (1) trustless bonding (or staking) pools can be deployed permissionlessly to open challenges and post assertions, and (2) any number of honest parties of unknown identities can emerge to bond their funds to the correct assertion and participate in the defense of Arbitrum at any time within a challenge. As with the current dispute resolution protocol, there are no protocol level incentives for parties who opt in to participate in validating Arbitrum One and Nova with BOLD.
While both of these bonds can be any ERC20 token and be set to any size, this proposal recommends the use of the WETH ERC20 token & the following bond sizes:
-
Assertion bonds: 3600 ETH - required from validators to bond their funds to an assertion in the eventual hopes of having that assertion be confirmed by the rollup protocol. This is a one-time bond required to be able to start posting assertions. This bond can be withdrawn once a validator’s assertion is confirmed and can alternatively be put together via a trustless bonding pool.
-
Challenge-bonds, per level: 555/79 ETH (UPDATED) - required from validators to open challenges against an assertion observed on Ethereum, for each level. Note that “level” corresponds to the level of granularity at which the interactive dissection game gets played over, starting at the block level, moving on to a range of WASM execution steps, and then finally to the level of a single step of execution. These values were carefully calculated to optimize for the resource ratio and gas costs in the event of an attack, as explained in Economics of Disputes in Arbitrum BOLD and the BoLD whitepaper. This effectively means that an entity that has already put up a bond to propose an assertion does not need to put up a separate assertion bond to challenge an invalid state assertion that they observe. To be explicitly clear, the validator would still require 555 ETH and 79 ETH for ongoing challenges. These additional challenge bond amounts are needed to participate in the interactive dispute game (back and forth) and narrows down the disagreement to a single step of execution that is then proven on Ethereum. The 555 ETH and 79 ETH challenge bonds can be put together via a trustless bonding pool, and does not all have to be put up by the validator that opened the challenge. These bonds can be refunded at the end of a challenge and can also alternatively be put together by the community using a trustless bonding pool.
The following link, Economics of Disputes in Arbitrum BOLD, covers the rationale behind the design and recommended values above in greater detail. Note that the ArbitrumDAO can change these values and the type of asset used for the bonds via a governance proposal.
BOLD makes permissionless validation possible for Arbitrum rollup chains and marks a major step towards full decentralization. This significant milestone also lays the groundwork for productive discussions about future economic incentives for those participating in the protocol since anyone can participate.
Rewards, Reimbursements, and penalties in BoLD
Once all of a validator’s proposed assertions are confirmed, a validator can withdraw their bond in full. Other costs spent by the honest parties to defend Arbitrum, such as the L1 gas costs and the challenge bonds, are fully refundable following confirmation of all sub-challenges. Challenge bonds will be automatically refundable in-protocol while L1 gas costs will be reimbursed by the Arbitrum Foundation using a procedure that will be published at a later date. All costs spent by malicious actors, including the assertion bond, are confiscated and sent to an ArbitrumDAO controlled address.
All eligible entities who wish to be paid a reward or be reimbursed by the ArbitrumDAO or the Arbitrum Foundation must undergo the Arbitrum Foundation’s KYC process.
Service fee for “Active” proposers
We propose that the ArbitrumDAO pay a service fee to active top-level proposers as a way of removing the disincentive for participation by honest parties who bond their own capital and propose assertions for Arbitrum One. The fee should be denominated in ETH and should correlate to the annualized income that Ethereum mainnet validators receive, over the same time period. At the time of writing, the estimated annual income for Ethereum mainnet validators is approximately 3% to 4% of their stake (based on CoinDesk Indices Composite Ether Staking Rate (CESR) 2 benchmark and Rated.Network 1). This fee is not a “reward” for the same reasons why the protocol does not reward honest parties with the funds confiscated from a malicious actor 2.
This service fee can be paid out upon an active proposer’s top-level assertion being confirmed on Ethereum and will be calculated using the duration of time that the proposer was considered active by the protocol. The procedure that calculates this will be handled off-chain, using a procedure that will be published at a later date. BOLD makes it permissionless for any validator to become a proposer and also introduces a way to pay a service fee to honest parties for locking up capital to do so. Validators are not considered active proposers until they successfully propose an assertion with a bond.
In order to become an active proposer for Arbitrum One, post-BOLD, a validator has to propose an L2 state assertion to Ethereum. If they do not have an active bond on L1, they then need to attach a bond to their assertion in order to successfully post the assertion. Subsequent assertions posted by the same address will simply move the already-supplied bond to their latest proposed assertion. Meanwhile, if an entity, say Bob, has posted a successor assertion to one previously made by another entity, Alice, then Bob would be considered by the protocol to be the current active proposer. Alice would no longer be considered by the protocol as the active proposer and once Alice’s assertion is confirmed, then Alice gets her assertion bond refunded. There can only be 1 “active” proposer at any point in time.
Rewards and Reimbursements for Defenders
The service fee described above is meant to incentivize or reimburse an honest, active proposer for locking up their capital to propose assertions and advance the chain. Similarly, in the event of an attack, a reward is proposed to be paid out to honest defenders using confiscated funds from malicious actors.
Specifically, 1% (the “defender’s bounty”) of the confiscated funds from a malicious actor is proposed to be rewarded to honest parties who deposit a challenge bond and post assertions as part of a sub-challenge, proportional to the amount that a defender has put up to defend a correct state assertion during the challenge. 1% of all confiscated funds from the challenge bonds of malicious actors will be forfeited to honest parties. This is true for all challenges (block challenges, sub challenges and one step challenges). Note that any gas costs spent by honest parties to defend Arbitrum One during a challenge is 100% refundable by the Arbitrum Foundation. In this model, honest defenders and proposers of Arbitrum One stand are incentivized to participate while malicious actors stand to lose everything they spent attacking Arbitrum One.
Defenders are only eligible for this reward if they deposit a challenge bond (555 or 79 ETH, depending on the level), posted an on-chain assertion as part of a sub-challenge (i.e. not the top-level assertion), and have had their on-chain sub-challenge assertion get confirmed by the protocol. The calculation for this reward is conducted off-chain by the Arbitrum Foundation and payment will be made via a DAO vote (since confiscated funds go to a DAO-controlled address).
Note: The Arbitrum Foundation will NOT be entitled to receive this “defender’s bounty”.
The topic of further improvements and new economic and incentive models for BOLD are valuable and we believe it deserves the full focus and attention of the community via a separate proposal/discussion - decoupled from this proposal to bring BOLD to mainnet. Details around additional or new proposed economic or incentive models for BOLD will need continued research and development work, but the deployment of BOLD as-is represents a substantial improvement to the security of Arbitrum even without economic-related concerns resolved.
This proposed service fee would not apply to entities that use the DAO’s funds to become a proposer, if the proposal passes. The DAO may choose, via governance, to fund other parties or change this reward or service fee model at any time.
Technical risks
Some of the technical risks of the BOLD upgrade include:
- Issues preventing liveness of challenges due to smart contract bugs in the new contracts. For instance, no honest validator able to make a move when it should be able to;
- Safety issues where a malicious party is able to game the system and win due to logic errors in smart contracts;
- Logic bugs in the assertion smart contracts that could affect assertion confirmation and posting, which could delay withdrawals until it is fixed; and
- Bugs in bonding logic in the smart contracts that could lead to loss of funds due to logic errors in the Arbitrum Rollup and challenge manager smart contracts.
Risks that remain the same between the current Arbitrum Rollup protocol and BOLD
- Bugs in the one step proof logic: BOLD does not change how one step proofs work for Arbitrum chains.
Timeline and steps to implement BOLD for Arbitrum One and Nova
Below is a list of initiatives to ensure the new BOLD dispute resolution protocol is ready to be reviewed and ready to be voted on by the ArbitrumDAO for adoption in Arbitrum One and Arbitrum Nova. Feedback from the community and any findings from testing will be collected and used to inform decisions and evolve BOLD along the way.
-
Deployment of a public testnet with BOLD validators for a minimum of 4 weeks, meant to ensure BOLD gets tested against conditions closer to what would be seen on mainnet (e.g. complexity of txns, traffic volume, larger and diverse validator sets, L1 testnet with real usage, etc).
-
Please check out this guide on how to deploy a BOLD validator on the testnet to begin testing out permissionless validation using Arbitrum technology!
-
The submission of the AIP in the format of a forum post. [This post]
-
Hosting of a governance call to talk about BOLD to answer questions from the community about BOLD and this AIP.
-
A formal temperature check proposal to activate BOLD on Arbitrum’s Sepolia for a minimum of 4 weeks. be made via a snapshot vote, as per Phase 1 in the The Lifecycle of an Arbitrum Improvement Proposal 2.
-
Kick-start a public audit program 1 (running between May 10 - 27, 2024).
-
Finalize pre-mainnet requirements, including:
- a. Publication of BOLD migration documentation for existing validators;
- b. Deployment of a monitoring stack to view on-going challenges on an Arbitrum chain; and
- c. Publication of a formal procedure for The Arbitrum Foundation to handle L1 gas costs reimbursements for honest parties.
-
Formal AIP gets submitted to Tally. A call-for-voting will be made, as per Phase 2 in The Lifecycle of an Arbitrum Improvement Proposal 2.
-
Should the formal on-chain proposal pass, BOLD will activate on Arbitrum One and Nova following Phase 7 of the Lifecycle of an Arbitrum Improvement Proposal 2 flow.
BOLD is now deployed on a permissionless public testnet as of April 15, 2024 that settles to Ethereum Sepolia. Should the corresponding governance proposals pass, the target timelines for BOLD to get activated on Arbitrum Sepolia is late Spring 2024 and then eventually Arbitrum One and Nova sometime in Summer 2024. These dates are tentative targets that will depend on a number of factors, including the governance vote outcomes, audit findings, and feedback from the ArbitrumDAO community.
Recommendation for Arbitrum Nova
Although this AIP proposes that both Arbitrum One and Nova upgrade to use BOLD, we recommend for the removal of the allowlist of validators for Arbitrum One while keeping Nova permissioned with a DAO-controlled allowlist of entities - unchanged from today. This update was made for two reasons.
First, Arbitrum Nova’s TVL is much lower than Arbitrum One’s TVL, (~$17B vs. ~$46M at the time of writing, from L2Beat). This means that the high bond sizes necessary for preventing spam and delay attacks would make up a significant proportion of Nova’s TVL - which we believe introduces a centralization risk as very few parties would be incentivized to secure Nova. A solution here would be to lower the bond sizes, which brings us to the second reason: lower bond sizes reduce the costs of delay grieving attacks (where malicious actors delay the chain’s progress) and therefore hurt the security of the chain. We believe enabling permissionless validation for Nova is not worth the capital requirement tradeoffs, given the unique security model of AnyTrust chains. .
Notably, since Arbitrum Nova’s security already depends on at least one DAC member providing honest data availability, trusting the same committee to have at least one member provide honest validation does not add a major trust assumption. This requires all DAC members also to run validators. If the DAC is also validating the chain, a feature the Offchain Labs team has been working on, Fast Withdrawals, would allow users to withdraw assets from Nova in ~15 minutes, or the time it takes to reach L1 finality. This is made possible by the DAC attesting to and instantly confirming an assertion. Fast Withdrawals will be the subject of a separate AIP.
Overall Cost
There is no cost for this proposal to the ArbitrumDAO as Offchain Labs, Inc. will incur all engineering and audit costs to complete the implementation of BOLD and get this new dispute resolution protocol into a mainnet-ready state. Engineering efforts to prepare BOLD for mainnet, as documented in the Steps to Implement section above will be owned by Offchain Labs, Inc. Currently, future development work for BOLD is expected to also be undertaken by Offchain Labs, Inc.
References
- BOLD whitepaper, containing both the formal specification and mathematical safety proofs.
- BOLD Implementation Deep Dive
- BOLD Economics Deep Dive
- Implementation on Github: GitHub - OffchainLabs/bold: Efficient, all-vs-all dispute protocol for Optimistic Rollups
- Guide on how to run a BOLD validator on testnet: GitHub - OffchainLabs/bold-validator-starter-kit: Starter kit repo for running Arbitrum BOLD validators
- BOLD Gentle Introduction documentation
- Announcement blog for BOLD
- Solutions to delay attacks on Optimistic Rollups, a blog that highlights a core motivation behind BOLD’s development: Solutions to Delay Attacks on Rollups | by Offchain Labs | Offchain Labs | Medium
- Audit by Trail of Bits
Where to Learn More about BOLD?
-
There have been two governance calls on this proposal to date. You can see the meeting recordings here: governance call #1 and governance call #2
-
Listen to the AMA recording on ‘Uncovering BOLD & Permissionless Validation’ that took place on April 18, here: x.com
FAQ document
Upon having conversations with stakeholders in the DAO and wider ecosystem, we’ve consolidated together of frequently asked questions (FAQ) and answers here. This FAQ document will be iteratively updated as and when more common questions are raised.
Disclaimer
The confirmation timing on any withdrawal that is in-flight when the proposed BOLD upgrade is activated will be delayed until the first BOLD assertion is confirmed. This means that for any Arbitrum chain that upgrades to use BOLD, including Arbitrum One and Arbitrum Nova, all pending withdrawals to L1 Ethereum that were initiated before the upgrade will be delayed by 1 challenge period, plus the time between the withdrawal was initiated and the time that the BOLD upgrade takes place. This is because the upgrade effectively “resets” the challenge period for that are not yet finalized.
For example, if the upgrade happened at time t, then a withdrawal initiated at a time t-2 days will need to wait an additional 6.4 days for their withdrawal to be finalized, totaling 8.4 days of maximum delay. Withdrawals that finalize before the upgrade takes place at time t will be unaffected. In other words, the maximum delay a withdrawal will experience leading up to the upgrade is 12.8 days (two challenge periods).
