Fraud Proof

Fraud proofs are cryptographic challenge mechanisms used by optimistic rollups to enforce state correctness on Ethereum L1. In an optimistic rollup, state transitions submitted by sequencers are assumed valid by default. If a validator detects an invalid state root, they submit a fraud proof during the challenge window — typically 7 to 14 days — triggering an on-chain dispute resolution process. The fraudulent party's bond is slashed, and the correct state is restored.

The concept underpins the security model of major Layer 2 networks including Arbitrum (BoLD protocol) and Optimism (Cannon fault proof system). Unlike ZK rollups that prove every batch cryptographically, optimistic rollups rely on at least one honest validator monitoring the chain and willing to post a challenge bond. This economic game theory creates a 1-of-N security assumption — the system is secure as long as a single honest participant exists.

How fraud proofs work

The fraud proof lifecycle follows a consistent pattern across implementations:

1. State assertion — a proposer (sequencer or validator) posts a state root to the L1 rollup contract representing the L2 state after a batch of transactions
2. Challenge window — a defined waiting period (6.4 days on Arbitrum, ~3.5 days on Optimism) during which any validator can dispute the assertion
3. Dispute initiation — a challenger stakes a bond and claims the posted state root is invalid
4. Bisection protocol — the disputed computation is iteratively narrowed (via binary search on execution steps) until a single instruction is identified as the point of disagreement
5. On-chain adjudication — that single instruction executes on Ethereum L1 for deterministic resolution
6. Bond settlement — the losing party's bond is slashed and partially awarded to the winner

If no challenge is submitted within the window, the state assertion finalizes and withdrawals from L2 to L1 become available.

Arbitrum BoLD vs. Optimism Cannon

Arbitrum's BoLD (Bounded Liquidity Delay) uses multi-round interactive bisection narrowing disputes across three resolution phases: block-level, then 2²⁰ WASM instructions, then a single WASM instruction. The all-vs-all dispute model means one honest defender can simultaneously resist unlimited malicious challengers, preventing sequential delay attacks. Defender capital exposure is approximately 15% of the attacker's deployed capital, making independent validation economically accessible.

Optimism's Cannon compiles the state transition function to a MIPS virtual machine and uses a single-round bisection game with 73 levels of depth. The op-challenger service monitors the DisputeGameFactory contract for invalid output proposals. A Guardian role (held by the Security Council) can pause withdrawals or blacklist specific dispute games as a safety backstop. Defender capital exposure reaches approximately 109% of the attacker's capital at maximum game depth, creating a higher barrier for independent validation.

The capital asymmetry between these implementations directly affects who can economically participate as an honest validator — a critical factor when evaluating a rollup's real-world security guarantees.

Challenge window and withdrawal delays

The challenge window creates the characteristic withdrawal delay users experience on optimistic rollups. Because fraud proofs require time for validators to detect and challenge invalid state roots, users must wait for the window to close before their L1 withdrawals execute. This delay ranges from approximately 7 days (Optimism) to 12.8 days (Arbitrum, under BoLD's two-period model).

Third-party liquidity bridges (like Across, Hop, and Stargate) provide faster exits by fronting capital to users in exchange for a fee, accepting the finality risk during the challenge window. These bridges introduce their own trust assumptions and are a common target for cross-chain exploits.

Limitations and attack vectors

Delay attacks attempt to exhaust honest validators by submitting many fraudulent assertions simultaneously, forcing defenders to post bonds on each dispute. BoLD's all-vs-all model with fixed upper bounds mitigates this on Arbitrum. On Optimism, the Guardian role provides a centralized backstop against delay attacks but reintroduces trust assumptions.

Data withholding can prevent fraud proofs from being constructed. If a sequencer publishes a state root but withholds the underlying transaction data, validators cannot verify correctness or construct proofs. This is why data availability on Ethereum L1 (via calldata or EIP-4844 blobs) is a non-negotiable requirement for rollup security.

Censorship of challengers by a centralized sequencer could theoretically prevent fraud proof submission. Force-inclusion mechanisms on L1 (Arbitrum's DelayedInbox, Optimism's L1 submission path) provide a censorship-resistant fallback, ensuring challengers can always submit proofs through Ethereum directly.

Understanding fraud proofs is essential for evaluating optimistic rollup security. The proof system's design — bonding economics, dispute resolution speed, capital requirements for defenders — determines whether the theoretical "one honest validator" assumption holds in practice. For protocols deploying on L2, modeling these parameters is as important as auditing the smart contract code itself.