Abstract

We propose replacing the ambiguous term “DA bridge” with “Data Availability Verifier” (DA Verifier) to clarify the importance of verifying off-chain DA attestations for L2s using external data availability providers (Alt-DA). We examine common architectures for integrating with external data availability layers and catalog the key security vulnerabilities introduced by these systems. We then outline the mitigations and system requirements necessary for a secure DA verifier integration. Our goal is to establish clear integration standards that enable Alt-DA L2 to provide quantifiable guarantees around data availability and minimize reliance on trusted sequencers.

Background

Alternative Data Availability (Alt-DA) layers allow L2 to post transaction data off-chain to a separate data availability network. This approach can dramatically reduce costs and increase throughput, but it introduces additional trust assumptions. In an Alt-DA setup, the L2 operator (sequencer) is responsible for publishing data to an external DA chain or service instead of L1. Without safeguards, users must trust the sequencer to actually make the data available off-chain. If the sequencer withholds the data, honest nodes cannot verify state transitions, undermining the L2’s security.

To mitigate this risk, an Alt-DA L2 should integrate a dedicated Data Availability Verifier (DA verifier). A DA verifier is essentially an on-chain light client or oracle that verifies the external DA layer’s attestations bridged on the main chain (e.g. Ethereum). By having the L2’s smart contracts verify these attestations, the system can check that, per the external DA network’s consensus, transaction data was truly published off-chain. This shifts the trust assumption from a single sequencer to the broader consensus or committee of the external DA network, greatly improving security for users. In practice, a well-designed DA verifier would force an attacker to compromise a large portion of the DA network (for example, two-thirds of its validators) to successfully lie about data availability.

It’s important to note, however, that even with a DA verifier, an Alt-DA L2’s security will always be somewhat inferior to a rollup that posts all data on Ethereum L1. A rollup that publishes data on L1 inherits Ethereum’s full security for data availability. This is because full nodes fully check the availability of data by downloading blobs directly from the network, rather than relying on third-party attestations. This makes an unavailable data blob on Ethereum not possible: any blob commitment whose blob cannot be retrieved would cause the block to be invalid, and thus forked out of the canonical chain. By contrast, an Alt-DA L2 must also trust an external network or committee for data availability. The key goal of the DA verifier is to make this extra trust assumption as minimal and transparent as possible. With a robust verifier in place, the rollup can clearly define its security model (e.g., secure if >33% external validators are honest), allowing users to understand and decide if that assumption is acceptable for their use case.

What is a Data Availability Verifier?

A Data Availability Verifier is an onchain contract (or set of contracts) that connects an external DA layer to the main chain, enabling the rollup to trust-minimize its data availability. In essence, the DA verifier brings proofs or attestations from the external DA network onto Ethereum. This allows Ethereum-based contracts (such as the escrow and fraud-proof contracts) to check, under the external DA layer trust assumptions, whether L2 transaction data was actually published off-chain. Typically, the DA verifier works by relaying a commitment (for example, a Merkle root of L2 data blobs) from the external DA layer and verifying, on L1, that this commitment was truly attested to by the DA network operators.

Without a DA verifier, an L2 that posts data to an external chain becomes vulnerable to a data withholding attack. For example, a malicious sequencer could publish a commitment on Ethereum, but never release the corresponding batch data on the external DA network. In that scenario, honest nodes and challengers on L1 have no way to retrieve the missing data; they cannot reconstruct the L2 state nor prove fraud, since the actual transactions are unavailable. The sequencer could then finalize an incorrect state root on L1 by simply running out the challenge period. In other words, without a DA verifier, the L2 security devolves to trusting the sequencer’s honesty in providing data.

Integrating a DA verifier closes this security loophole. The L2 contracts on the L1 (such as the fraud-proof verifier or validity-proof verifier) are modified to check the DA verifier contract for each batch that the sequencer posts. If the DA verifier does not confirm that the batch data was available on the external layer, then that batch (and its resulting state root) is considered invalid or unfinalizable. Essentially, the DA verifier acts as an oracle or gatekeeper for data availability. The L2 security then relies on the security of that oracle mechanism: users trust that the DA verifier’s attestations, which in turn rely on the external DA network’s consensus (or a committee’s honesty). This shifts the trust assumption from a single sequencer to either a decentralized network of validators or a committee of predefined entities. In practice, it means a sequencer cannot unilaterally cheat unless a large portion of the external DA layer colludes with them to lie about data availability.

DA Verifier Types

There are two primary models for how a DA verifier brings assurances of data availability to Ethereum:

• Light-client-based verifier - The Ethereum contract runs a light client of the external DA chain (or a validity proof of that chain’s consensus). It receives block headers or commitments from the DA layer (via some relayer mechanism) and verifies them cryptographically. For example, the verifier might verify a block header’s signature aggregated from the DA network’s validators (using BLS signatures or a SNARK proving the header is valid). If a given L2 batch’s data is included in a verified DA block or batch, an inclusion proof (such as a Merkle proof or polynomial commitment proof) can be submitted to the contract to confirm that the data was indeed published in that DA batch. The L2 fraud-proof logic will only accept the batch if this proof exists. In this model, as long as the required quorum of the DA chain’s validators are honest (and the proof verifies their signatures), the DA verifier contract will only attest to data availability if it actually happened. A sequencer, therefore, cannot finalize a state root on L1 without actually having posted the data off-chain, because any fraud challenge would check the light client and find no proof of the data (invalidating the batch).

• Committee-based verifier – The Ethereum contract accepts signatures or attestations from a predefined Data Availability Committee (DAC). The committee members are typically independent entities that watch the L2 and the DA layer. For each batch, they collectively certify that they have received the data. If a threshold (say 2/3 or a simple majority) of committee members sign an attestation for a particular batch, the verifier contract will consider that batch’s data as available. This approach is easier to implement (no complex light client logic) but is typically more centralized, since it usually relies on a small committee of members. Essentially, users have to trust that this committee quorum would not lie about storing the data and their willingness to serve it.

By using a DA verifier (whether light-client or committee-based), the trust assumption for data availability shifts away from the L2 sequencer. Instead of trusting a single L2 operator, users now trust that a quorum of the external DA layer’s validators are honest and will not sign off on an unavailable data batch. In practice, this dramatically raises the bar for an attack. For instance, with a Celestia-based DA verifier, an attacker would need to corrupt at least two-thirds of Celestia’s validators to fraudulently attest that data is available when it isn’t. For EigenDA, over 55% of the stake across two quorums would need to be compromised. This is a far stronger security guarantee than just hoping one sequencer behaves, as it effectively leverages the cryptoeconomic security of the external DA network.

Security Trade-offs: Alt-DA vs. Rollups

While Alt-DA L2s benefit from off-chain data availability, it’s important to understand how their security compares to the ideal case of all data being published on Ethereum. A rollup model, anyone can always retrieve the data from Ethereum (either from L1 calldata or data blobs) and verify the rollup’s state transitions. Essentially, if Ethereum finalizes a block that contains the rollup’s data, that data is guaranteed available by the same mechanisms that guarantee any Ethereum data availability. There are no additional parties to trust beyond yourself, running a full node.

Alt-DA L2s, by contrast, trade some security for cost savings and throughput. As discussed, a DA verifier can enforce that the external layer attested to the data, but ultimately, users must trust the external layer’s integrity. The L2 inherits the security (and any weaknesses) of that external DA layer. In practice, this means the L2 safety is now capped by the security of the external network. For example, if the external DA is Celestia, the L2 must trust Celestia’s proof-of-stake consensus. If the external DA is a committee or a new project with fewer validators or stake, that might be a weaker assumption. To put it simply:

• Ethereum DA: Data availability is guaranteed by users running full nodes. No extra trust assumptions. The downside is that Ethereum block space is currently limited and at times more expensive, so L2 max throughput is typically lower.

• External DA (Alt-DA L2): Data availability is guaranteed by an external network or service (plus the DA verifier mechanism). The trust assumption is that the external network’s consensus (or committee) is honest and robust. The upside is cheaper data posting and higher throughput, since the external DA layer is optimized for data and typically can achieve significantly more bandwidth.

Potential Attack Scenarios and Mitigations

Even with a DA verifier in place, there are various attack scenarios and failure modes that an Alt-DA L2 must consider and mitigate. Below is a list of the main potential attacks and how a robust design can address them:

• Sequencer Data Withholding (DWA – Data Withholding Attack): This is the fundamental attack that DA verifiers aim to prevent. A malicious sequencer can post a batch commitment on L1 (for example, a transaction batch hash and resulting state root), but then never publish the actual batch data on the external DA layer. Without countermeasures, honest users and challengers do not have the data needed to dispute the state root, allowing the sequencer to finalize an invalid rollup state (and potentially steal funds or censor transactions).

  The DA verifier catches this by requiring an attestation of data availability. If the sequencer withholds data, the verifier will have nothing to confirm on L1. During the challenge period, an honest challenger can point out the lack of a DA attestation, causing the disputed batch to be deemed invalid. In short, the combination of a fraud-proof system plus a DA verifier ensures that a sequencer cannot get away with a data withholding attack unless the DA layer itself is compromised (see below).

• DA Network Collusion (False Attestation Attack): This is the scenario where the external DA network’s own consensus or committee colludes to lie about data availability. For instance, a supermajority of validators on the DA chain could sign an attestation saying “Batch X data is available” even though the data was never actually propagated or has been pruned. If the DA verifier contract is presented with what appears to be a valid signature or proof from the DA layer, it would accept the batch as available.

  This is the fundamental trust assumption of using an external DA - you trust that a predefined quorum of its actors is honest. The only way to mitigate collusion at this level is to choose a DA system with strong native guarantees (decentralization, high economic security, perhaps built-in data sampling to catch incomplete/unavailable data).

• Delayed Data Attestation (Timing Exploit): Because the external DA layer and the L1 bridge are asynchronous, there’s a timing aspect that can be exploited if not handled carefully. For example, a sequencer might post a batch commitment on Ethereum and immediately finalize or propose the next state, knowing that the actual data might take some time to propagate and be confirmed on the DA layer. The L2 protocol must not allow a sequencer to exploit latency between chains. Proper timing guarantees make sure that “data not yet seen” is not treated as “data available,” preventing sequencers from slipping batches through without proof.

• Recency / Timing Attack (Commitment Recency): If the verifier lacks strict recency checks or ignores DA retention, a sequencer can reference a DA block that will be (or already is) pruned by the time a dispute occurs. In an optimistic system, the sequencer can wait for the DA pruning window to elapse and then post an L1 commitment to that old block; challengers may not be able to fetch the data, so no effective fraud proof would be possible and funds would be at risk. In a ZK validium, state transitions may be valid, but exits that require batch data stall because the data is gone, freezing funds.

  Mitigations are straightforward but must be enforced on-chain: gate inbox commitment acceptance on a fresh, quorum-valid DA certificate that is final and whose retention provably exceeds the challenge window plus a safety margin. It is also valid to treat minimum data recency and challenge period as distinct parameters - under the assumption that all honest challengers are live and monitoring at the time the commitment is posted. In this model, challengers are expected to fetch the data promptly and cache it, even if they are unable to post on-chain due to censorship or delayed coordination. The assumption eliminates the need for the data to remain available throughout the entire challenge period.

• Relayer Downtime or Censorship: Most DA verifier designs involve a relayer, an off-chain agent responsible for forwarding proofs or commitments from the DA layer to Ethereum. If this relayer is a single server or a small set of operators, it becomes a point of failure. An attacker (such as a malicious sequencer) could target the relayer infrastructure: they might DDoS it, bribe it, or if the sequencer controls the relayer, simply choose not to submit the necessary proof to Ethereum. The result of a relayer failure is that the DA verifier on Ethereum never sees the attestation, even if the data was published off-chain. In a challenge scenario, this could render the challenger unable to prove the data commitment published by the sequencer is not found in the DA verifier data root (since the contract has no info), potentially letting the sequencer win by default.

  The mitigation involves making the relayer mechanism as decentralized and permissionless as possible. Ideally, anyone who observes the DA layer can act as a relayer and submit the needed proof to the contract. This way, even if one relayer is down or maliciously withholding, another honest actor can fill in. Ensuring there’s no single point of failure in relaying is key for liveness, the system must always be able to get the DA evidence on-chain in time.

• Unrestricted Verifier Contract Upgrades: The DA verifier typically involves smart contracts on Ethereum (for storing attestation, verifying signatures/proofs, etc.). If those contracts are upgradeable without restrictions, a malicious actor with upgrade privileges (or an attacker who gains control of the contract via a hack) could deploy a new version of the contract that voids the security. For example, they could upgrade the contract to one that always reports “data available” regardless of truth, or one that allows them to insert bogus attestations. If such an upgrade can happen instantaneously, it could even be executed in the middle of a challenge, flipping the outcome in favor of the attacker. The mitigation consists of enforcing strict upgrade delays and transparency. Any contract as critical as the DA verifier bridge should either be immutable (no upgrades possible) or have an upgrade mechanism that involves a time delay and community insight. A good practice is to introduce a timelock (say 7 days or more) on upgrades, which is longer than the fraud-proof challenge window. This means even if someone attempted a malicious upgrade, users would have time to see it and react (potentially withdrawing funds or vetoing the change if governance allows).

• External DA Layer Failure or Downtime: Aside from malicious attacks, there’s also the scenario of the DA layer experiencing technical failure or prolonged downtime. For instance, if the external DA chain halts or enough of its nodes go offline, even an honest sequencer and relayer cannot get their data posted or confirmed on the external layer. This could lead to the L2 being unable to process new transactions (since it can’t prove data availability for them), or worse, users being unable to withdraw because the latest state cannot be verified. While not an “attack” per se, an adversary could intentionally attack the DA network to disrupt the L2s that depend on it. One mitigation approach is a data availability fallback. Indeed, standard OP and Orbit Stack implementations include a “failover” mechanism that automatically switches to L1 calldata if the DA service returns an error or doesn’t respond in time. There may be a graceful degradation to a safer mode (at higher cost) until the external service is restored.

By anticipating and addressing all the above scenarios, an Alt-DA L2 can significantly narrow the gap in security relative to an on-chain data rollup. The next section outlines how these mitigations translate into concrete requirements for a secure integration.

Meeting Secure Integration Requirements

To formally satisfy security standards (outlined by L2BEAT), an Alt-DA L2 must implement its DA verifier in a trust-minimized and robust manner. The real-world integrations need to meet several key requirements that correspond to mitigating the attack vectors above:

• External Consensus Verification: The bridge contract should directly verify the external DA layer’s consensus or quorum signatures, rather than trusting a centralized feed or a single oracle. In other words, the Ethereum contract itself must be convinced by cryptographic means that the external network has agreed a given piece of data is available. For example, Celestia’s Blobstream bridge uses a ZK light client to confirm that ≥66% of Celestia validators signed off on a block containing the data. Similarly, EigenDA’s Hokulea uses a validity proof to confirm that the required quorum of its restaked validators produced a legitimate availability certificate for the blob. This approach ensures that any data commitment accepted by the rollup’s L1 contract has been vouched for by the external chain’s own consensus (or committee). It minimizes trust in intermediaries and fulfills the requirement that an Alt-DA L2 must verify the external DA network’s claims, not just blindly accept them.

• Relayer Liveness: The design should avoid reliance on any single relayer or gateway to deliver the DA attestations to Ethereum. By ensuring the relay process is decentralized or at least easily replaceable, the rollup guarantees that a sequencer cannot exploit a single relayer’s failure (or collude with a relayer to hide an attestation). In short, anyone who has the correct DA proof should be able to get it on-chain in time.

• Upgrade Delay Safeguards: As mentioned above, because the DA verifier bridge is a critical component of security, its smart contracts must have controlled upgrade paths. An honest challenger needs the assurance that during the entire fraud-proof dispute period, the rules of the DA verifier won’t change under their feet. For instance, upgrade delays prevent a scenario where an attacker (or malicious governance) pushes a quick upgrade to the bridge logic that could, for example, disable the DA check or alter stored commitments in the middle of a challenge. A typical safeguard is to require any contract upgrade to be scheduled and then wait (e.g., 7 days or more) before it gets executed. If the bridge contract is upgradable (as most are for flexibility), there should be a timelock or delay on upgrades that exceeds the rollup’s challenge window.

• Proof System Integration: The L2 fraud-proof or validity-proof mechanism must be tightly integrated with the DA verifier’s status. It’s not enough to have a DA bridge contract on the side; the L2 challenge contracts on L1 need to actually consult that bridge every time they validate a disputed state. In practice, this means modifying the fraud prover or validity proof verifier to include a check that a valid DA attestation was received for this batch in the DA bridge contract, and if not, the state transition is treated as invalid. Crucially, the proof system must also handle the case where a malicious batcher submits a quorum-valid DA certificate but the referenced blob cannot be deterministically decoded (e.g., malformed header, wrong length/counts, version/schema mismatch, checksum/hash mismatch). Decoding (and verifying a canonical payload hash) should be part of L1 proof system verification; if decoding fails or the derived payload hash does not match the commitment, the batch should be treated as unavailable/invalid.

By satisfying these requirements, an Alt-DA L2 can be reclassified from a risky construction to a much more secure one. L2BEAT frameworks categorize systems soundly integrating with a DA verifier as “validiums” or “optimiums”, signifying sufficient data availability guarantees.

Conclusion & Future Work

Integrating an Alt-DA layer with a robust DA verifier is essential for making off-chain data availability safe in the context of L2s. It transforms what would otherwise be a weak trust model (simply trusting the sequencer to post data somewhere) into a more concrete guarantee backed by cryptography and distributed consensus. An Alt-DA L2 will always carry more risk than one that posts data on Ethereum L1, but with proper design the extra risk can be extremely well-defined. By addressing all potential attack vectors (from sequencer misbehavior to timing issues and beyond), such systems can provide a level of security and trust that is transparent, quantifiable, and robust enough for many use cases.

L2BEAT plans to gather teams feedback and incorporate these integration requirements into its projects assessment. Projects will be given a transition period to demonstrate adherence to these standards before any reclassification occurs. The goal is to ensure a consistent and rigorous evaluation framework across the various alt-DA integrations, while supporting the ecosystem in moving toward safer and more resilient architectures.

References

1. “DA bridges verifiers and Alt-DA trust assumptions.”URL: https://medium.com/l2beat/da-bridges-and-alt-da-trust-assumptions-6a00c6f40b10

2. “The Recategorization: Methodology & Framework.” (Discussion on rollup classifications and security assumptions)URL: https://forum.l2beat.com/t/the-recategorization/377

3. Celestia Documentation – “Blobstream: Streaming modular DA to Ethereum.” (Guide on Celestia-Ethereum data availability bridge)URL: https://docs.celestia.org/how-to-guides/blobstream

4. EigenLayer Documentation – EigenDA Overview. (High-level description of EigenDA and its role as a data availability layer)URL: https://www.eigenda.xyz/

5. Layr Labs (GitHub) – Hokulea README. (Technical details on integrating EigenDA with the OP Stack using the Hokulea client)URL: https://github.com/Layr-Labs/hokulea