Pomegra Wiki

Fraud Proof Mechanism

A fraud proof mechanism is an on-chain game that allows watchers to challenge and dispute invalid state transitions in an optimistic-rollup. Rather than proving every transaction valid upfront, the rollup assumes transactions are legitimate unless proven otherwise — and if someone disagrees, they post a cryptographic challenge to force re-execution and expose the lie.

Optimistic rollups stake their entire security model on fraud proofs. A sequencer bundles thousands of transactions, commits a new state root to the chain, and collects transaction fees. If that state root is wrong — whether by accident or malice — an independent watcher must be able to cry foul and trigger a dispute resolution process that catches the fraud and penalises the wrongdoer.

Without fraud proofs, an optimistic rollup is just a sidechain run on hope. With them, you get economic security: bad behaviour becomes expensive and detectable.

How the challenge game works

When a watcher spots a disputed state transition, they don’t re-execute the entire rollup to prove the sequencer wrong. Instead, they initiate a binary-search dispute game. The two parties — watcher and sequencer — take turns narrowing down exactly which instruction caused the state mismatch. Each round, they claim the correct state at the midpoint of the disputed range. Eventually, the game reduces to a single transaction or opcode, and the on-chain system re-executes it deterministically to see who was right.

The loser loses their bond. The winner keeps their stake and pockets part of the loser’s collateral as a reward. This structure aligns incentives: watchers are paid to catch fraud, sequencers are punished for cheating, and the protocol stays honest.

Finality and withdrawal lag

Because fraud proofs require time for challengers to respond, optimistic rollups always impose a delay before withdrawals from the rollup to the layer-1 chain are final. Typically 7 days, sometimes longer. During this window, watchers scan the commitment for fraud and raise disputes if needed.

Once the dispute window closes without challenge, the state root is considered final. The user can then withdraw their assets. Validity-proof systems, by contrast, produce cryptographic certainty immediately — they trade proof size and verification gas for instant finality.

Variants and efficiency

Early fraud proof designs were simple but slow. Recent proposals like Optimism’s Cannon and Arbitrum’s approach use interactive game mechanics compressed into fewer on-chain rounds. Some rollups introduce “honest minority” assumptions: if even one watchers stays online and monitors, fraud will be caught.

The proof itself must be computable on-chain but in a gas-efficient way. Rollups often use merkle-proof tricks or special-purpose circuits to reduce the cost of re-executing a single instruction to something the chain can verify in a few hundred thousand gas. Without this compression, posting even a small fraud proof would bankrupt the challenger.

Centralisation risk

Fraud proofs only work if watchers exist and are incentivised to monitor. If sequencers are trusted entities or if proof-raising is too expensive, watchers become centralised or disappear entirely. Some rollups bootstrap proof infrastructure through foundation grants or whitelist trusted verifiers initially, then gradually open it up.

The security is also only as good as the watchers’ ability to re-execute transactions faithfully. If the rollup’s execution layer has non-determinism — say, reliance on off-chain data — the fraud proof system becomes fragile.

See also

  • Optimistic Rollup — Layer 2 using fraud proofs to defer proof computation off-chain
  • Validity Proof — Cryptographic alternative proving correctness upfront instead
  • Merkle Proof — Tree-based structure used to compress rollup state verification
  • State Root — The committed summary of rollup balances and contract state
  • Modular Blockchain Design — Architecture separating execution, settlement, and data layers

Wider context