This research piece by Argo and Tokensight has been written to provide a high-level overview of EigenDA and its operator network. In this piece, we will explore potential corruption scenarios in which an operator disrupts the network. This research is meant to serve as our second joint piece to share our learnings and educate the community on AVS cryptoeconomic security as operator networks begin to launch in the next few months.

EigenDA is a data availability solution, designed to enable Ethereum rollups to store and scale transaction data in a secure manner, to achieve high-throughput, highly-scalable, and lower gas-costing transactions than current alternatives. EigenDA establishes a new precedent for secure data availability by deriving its cryptoeconomic security via restaked Ether from EigenLayer.

Data availability is a crucial concept in blockchain technology, particularly for Ethereum rollups, which are systems designed to handle transactions outside the Ethereum main chain to increase throughput and reduce costs. Essentially, data availability ensures that all transaction data is readily accessible and verifiable by all participants in the network, a vital requirement. 

The main service providers in the data availability space are Ethereum (post-blobs), Celestia, Avail, and the recently introduced EigenDA. We are also excited about Optimum, a new solution that was announced at Harvard Blockchain Conference on April 13th, which the team attended!

The EigenDA system incorporates three primary roles critical to its operation: rollup, disperser, and operator. Each plays a unique part in enhancing data availability for Ethereum rollups.

Rollup: This is the initiator in the EigenDA process. Rollups are Layer 2 solutions on Ethereum that bundle multiple transactions into a single transaction to reduce the load on the main Ethereum chain, thereby increasing transaction throughput and reducing costs. In the context of EigenDA, rollups post their transaction data to the system to take advantage of lower transaction costs and higher throughput, as an alternative to posting their data on Ethereum.

Disperser: The disperser’s role involves handling the data received from rollups. This entity takes the data blobs, breaks them into smaller chunks for the operators, and aggregates the chunks when needed. To get a better understanding of how dispersers work and the mechanisms and tech utilised (e.g erasure coding, KZG commitments, and multi-reveal proofs), please read this article. Rollups can operate their own disperser or utilize a third-party service provided by entities like EigenLabs.

Operator: Operators are node runners in the EigenDA network who receive the encoded chunks from the disperser. Their primary task is to verify the chunks, store the data, and maintain its availability. This verification and storage process is vital for ensuring the integrity and availability of the data within the network. The operators return a signature back to the disperser after storing the data, which is then aggregated to finalise the data’s entry into the system.

EigenDA relies on EigenLayer primarily because it offers a robust and flexible infrastructure to implement Proof of Stake (PoS) mechanism, which EigenDA requires for the healthy operation of its operator network. Here's a detailed look at why this dependency is crucial:

• Ease of Development: Setting up a PoS system from scratch is complex and resource-intensive. EigenLayer simplifies the process of building a PoS system from scratch by providing a framework that projects can use and deploy. For example, one of the key challenges in any decentralised system is ensuring that all participants act in the best interests of the network. Misbehaviour, such as failing to store data properly or attempting to manipulate the system, needs to be detected and penalised. EigenLayer's PoS system provides the mechanisms for slashing (i.e., penalising) operators' stakes if they fail to meet their obligations, thereby aligning their incentives with the health and security of the network.

• Shared Security Model: EigenLayer's shared security model allows the same staked capital to be used across multiple applications, creating an economy of scale that reduces capital costs for individual projects like EigenDA. By leveraging restaked Ether (ETH) instead of requiring its own tokens for staking, EigenDA can tap into a larger pool of secured capital without needing to build and maintain its own staking and security infrastructure.

• Pre-existing Node Network: EigenLayer offers a marketplace coordination model where projects can readily access a network of nodes whose operators have already staked ETH. This means EigenDA can utilize a ready-made infrastructure of validators without the need to recruit and vet its own set of node operators.

As mentioned previously, Operators are node runners in the EigenDA network responsible for receiving encoded data chunks from the disperser, verifying their integrity using KZG commitments and proofs, and storing and maintaining the data's availability. They must stake collateral and follow slashing conditions, risking punishment if they misbehave, to ensure the network's security and the data's integrity.

Disruptions in the EigenDA service can occur through increased latency, limited access to data, or compromised data integrity, facilitated by a series of targeted attacks:

• Data Relaying Censorship: Attackers could manipulate the visibility and processing of data. By selectively blocking or ignoring specific transactions or their attestations, these attackers could distort the network's perception of data availability. This manipulation allows them to potentially benefit themselves or harm competitors by controlling which transactions are acknowledged and visible.

• Data Relaying Stalling: These same attackers could further undermine the network by slowing down the consensus process or opting out of it entirely. Such tactics introduce delays in data attestation and dissemination, increasing transaction confirmation times. This not only affects the network's speed and dependability but may also lead users to question its effectiveness and reliability.

• Data Attestation Corruption: In another form of attack, adversaries might manipulate the verification process to falsely certify incorrect or malicious data as accurate. This deceit leads the network to accept and rely on false information, enabling attackers to execute fraudulent transactions, manipulate market conditions, or even extract ransoms through threats to data integrity. The cascading effects of such corruption could severely compromise the associated rollups at multiple levels, particularly affecting their trustworthiness.

Determining whether it is economically feasible for an operator to corrupt the EigenDA network is uncertain, for now. This uncertainty primarily stems from the fact that EigenDA is a relatively new service. As such, it lacks a substantial amount of empirical data and has not undergone extensive real-world testing. Below, we identify some of the main variables that determine the economics, which should highlight the variability of the situation.

The profitability of corrupting the network can be calculated as follows:

Profit = Earnings from Corruption - Cost of Corruption

Factors to consider when measuring the profitability of a corruption scenario:

• Erasure Encoding Rate: Set between 10% and 50%, this rate affects data redundancy and the storage capacity required across the node network. A higher rate reduces the cost for an attacker, potentially increasing their incentive to corrupt.

• Monetary value of corrupting data attestations received and ability to successfully extract those funds

• Market value of the attacker's stake after the attack is discovered.

Factors to consider when measuring cost of corruption:

• Cost of acquiring the necessary stake

• Principal-agent problem: Validators may act in their own self-interest rather than in the best interest of the restakers who delegate capital. In theory, if a validator is only staking delegated capital, their financial cost is $0.

• Social capital and legal consequences: Existing validators that are public entities must not only expend significant financial resources but also risk their social reputation and face potential legal consequences for engaging in malicious activities.

Over the next few months, we will be researching the following questions:

1. Will EigenDA initial operator set be whitelisted?

2. How centralized and entrenched on other AVSs will EigenDA’s operator set be? 

3. How many operators will there be and how concentrated will stake be among top operators? How reputable will they be?

4. How much TVL will the EigenDA network have and how does that attest to its security?

5. Are there more profitable attack approaches than attestation corruption for EigenDA?

6. How complex will their code be as an AVS? High code complexity may lead to an increased likelihood of bugs.

We will be conducting economic audits for more AVSs as they roll out. If you are interested in following along our research, please follow the Argo Twitter and Tokensight Twitter.