TLDR: after thorough research and discussions, we find that when strong censorship (i.e. 51%) attacks are excluded, a 5d challenge period is a comfortable lower bound in the presence of soft censorship attacks and network delays for Stage 1: one day to resolve economic attacks, and 4 days to resolve network delays originated from unknown attacks. The 7d lower bound for Stage 2 remains unaffected.
Why are challenge periods 7 days long today?
In case of an invalid state root being proposed, optimistic rollups need to ensure that anyone can submit a “fraud proof” on L1, otherwise funds can be lost. A major concern is therefore having fraud proof transactions censored on L1. In the presence of a malicious majority of Ethereum validators, transaction inclusion cannot be guaranteed as such a majority can always build a “heavier” chain that reorgs out selected transactions. This is what we refer to as a “strong censorship attack”, and the only solution to restore censorship resistance is a fork of the network that excludes such a majority.
It’s important to note that strong censorship attacks, and more broadly 51% attacks, cannot be used to steal funds sitting idle in an account on Ethereum, as funds cannot be moved without a valid signature. This doesn’t hold by default on optimistic rollups, where censoring a fraud proof can cause funds in the canonical bridge to be stolen. Therefore, to guarantee the same property on L2, optimistic rollups need to have a challenge period that is long enough to allow for forks that restore censorship resistance in the case of a strong censorship attack. It is today generally accepted that the time needed to detect a 51% attack, coordinate a fork, implement it and activate it is around 6 days. Leaving 1 day for honest challengers to submit a fraud proof and play the dispute game in the absence of censorship, the minimum challenge period needed to guarantee safety of funds in the presence of 51% attacks is 7 days.
For more details, read here: Optimistic rollups, the challenge period and strong censorship attacks
Challenge periods in the absence of 51% attacks
Today, the 7d challenge period lower bound is required for both Stage 1 and Stage 2 optimistic rollups. After extensive discussions with L2 teams, EF, and other L2 stakeholders, it is generally agreed that requiring safety from strong censorship attacks for Stage 1 rollups doesn’t follow the progression of decentralization that Stages are supposed to represent, given the already accepted presence of “more likely” threats like Security Council with instant upgrade powers.
To calculate an acceptable lower bound in the absence of strong censorship, two attacks need to be evaluated next: soft censorship and network delays.
Soft censorship attacks in the absence of network delays have been studied by Offchain Labs in the Economic Censorship Games in Fraud Proofs paper. The intuition is as follows: for an attacker to censor a transaction in the mempool, they need to bribe block proposers with at least the amount of fees that the transaction would have paid if included, for every block the attacker wishes to exclude the transaction. In the pessimistic model, to protect against an attacker willing to spend $100B in bribes, a defender needs to submit a transaction in the mempool with a ~$14M tip to guarantee inclusion within one day. After more extensive discussions, this is generally considered an acceptable scenario, and we therefore set a 1d lower bound to play the economic game.
For more details, read here: Cont: Stage 1 challenge period reduction discussion
Network delays refer to any form of attack that affects transaction inclusion times at the network layer. This includes attacks such as eclipse attacks, DoS attacks, mempool manipulation, supply chain attacks and general bugs in clients.
Vitalik, in I think it’s ok to allow stage 1 rollups shorter withdrawal windows (1-2 days), but we should be more conservative on stage 2, discusses a 12h upper bound for such failures citing the 2016 consensus failure incident and the Shanghai DoS wars as the worst attack Ethereum has historically experienced. We propose a 8x more conservative bound of 4d to be able to recover from more severe attacks. We believe this bound provides a comfortable time frame for a transaction to reach a block proposer, even if it requires out of protocol channels. With the 1d discussed before, this would result in a challenge period lower bound of 5d.
Effect on existing rollups
The following existing Stage 1 rollups can now reduce the challenge period from 7 days to a minimum of 5 days and retain their designation: Arbitrum One, Base Chain, OP Mainnet, Ink and Unichain. Notably, Arbitrum One already makes use of a challenge period of 6d 8h, which has been below the previous 7d threshold, due to a misconfiguration that assumed a 13s block time that got reduced to 12s with the transition to PoS. The fix had been planned for the BoLD upgrade but ended up not being included. The chain remained at Stage 1 due to the reduction being discussed, and the new 5d minimum now closes this gap.
We remind that 5d, in the same way 7d was before, is a lower bound, and any rollup team is obviously free to be more cautious and choose a higher value. Finally, we invite all optimistic rollups to consider a transition to validity proofs to further reduce withdrawal times and reduce the reliance on third-party bridges.