Simulating the real judicial system, can zkSync's co-founder "on-chain court" new concept govern the hidden dangers of L2 "backdoors"?

Author: flowie, ChainCatcher

Most Layer2 protocols have a "backdoor" for developers to modify contracts when necessary. For example, in the event of a major vulnerability attack, they typically need to rely on a "security committee" managed by multi-signature to freeze contracts and other "human interventions" to mitigate losses in a timely manner. However, this "backdoor" mechanism, while ensuring a response to vulnerability crises, also leaves a "centralization" risk that can be exploited, which has led to widespread criticism.

Related reading: Vitalik Reveals Every Layer2 Has a "Backdoor," Is Security or Centralization Better?

To address the centralization risks of Layer2 protocols during emergency upgrades, zkSync co-founder Alex Glochowski recently proposed a new governance model simulating a "multi-layer court system on-chain" akin to the real-world judicial system on social media. After the proposal was made public, it quickly sparked intense debate within the crypto community: Can the "multi-layer court system on-chain" resolve the centralization risks of Layer2 protocols during emergency upgrades? How feasible is it?

Entrusting the Final Judgment of On-Chain Disputes to the "Ethereum Supreme Court"

To tackle security issues, Ethereum has historically upgraded through forks, allowing any user to choose to join the fork branch they subjectively deem correct and compliant. However, for Layer2, this decentralized forking upgrade mechanism is not applicable, as it cannot transfer underlying native assets like ETH through the forking mechanism.

Thus, in responding to urgent crises such as security, Layer2 protocols have faced a dilemma where security and centralization are almost mutually exclusive. Abandoning the "backdoor" means the security threat is too high, but keeping the "backdoor" indeed poses a "centralization" risk. Alex Glochowski mentioned on Twitter that while the "security committee" managed by multi-signature can alleviate issues by freezing funds, it does not solve the problem. They require token governance approval for emergency upgrades, but most under-collateralized malicious stakers may execute hostile takeover upgrades and steal all assets. "Any government multi-signature granted emergency upgrade rights will bring different types of regulatory and security risks."

Therefore, in this dilemma of Layer2, Alex pointed out a new governance model hypothesis, which is to establish a governance adjudication system similar to the real-world judicial system, the "multi-layer court on-chain."

Alex described this governance adjudication system, stating that each protocol has its governance and defines normal and emergency upgrade mechanisms. However, the protocol also connects to various special contracts (courts) for appeals through standard ERC interfaces. For emergency upgrades, there must be an appeal period during which anyone can challenge the emergency upgrade actions to a higher court by paying a predetermined bail.

As for the higher court, it can cancel the emergency upgrade and not perform any other operations. Each court must also designate a higher-level court that can appeal any decision until it reaches the Ethereum Supreme Court. The decisions of this smart contract can only be determined by L1 technical soft forks, and different courts will have different members, prices, and reputations, forming in a completely decentralized manner.

Regarding Alex's proposed "multi-layer court" governance adjudication model, crypto analyst Haotian (@tmel0211) further compared it to county courts at the Layer2 level, while the Ethereum mainnet level adjudication contracts can be seen as city and provincial courts, with the Ethereum Supreme Court being the highest authority center of the mainnet. Thus, during the appeal period, if anyone disagrees with the county court's (Layer2 level special adjudication contract) ruling, they can apply for a second and third trial in the city and provincial courts (Ethereum mainnet level) by paying a certain bail, and even request the national supreme court for a final ruling (Ethereum being the highest authority center of the mainnet).

In other words, Alex hopes that in the face of emergency upgrades, the adjudication rights of Layer2 can be supervised by a more decentralized L1 level, allowing disputes arising from malicious takeover upgrades and theft of all assets at Layer2 to be appealed, judged, and even enforced, ultimately achieving a relatively undisputed result.

However, this governance model hypothesis is still in its infancy, and there are many aspects of feasibility and potential hazards that warrant further exploration. In Alex's view, if anyone can deploy such contracts and there is no guarantee that users will take the trouble to perform soft forks, then this idea needs to form a social consensus and deploy a "standard" court appeal instance, which would be very costly to use, and only truly special cases would be governed in this way. For example, cases like Uniswap, major Layer2 protocols, and other DeFi protocols with systemic risks that need to attract attention from the Ethereum Layer0 social consensus layer.

Alex believes that the most important function of this "multi-layer court on-chain" system is to protect protocols from external political interference. It will serve as a powerful deterrent, enhancing Ethereum's role as a strong network state.

Does the "Multi-Layer Court on-Chain" Contradict Vitalik's "Don't Overload Ethereum Consensus"?

The governance model of the "multi-layer court on-chain" proposed by Alex has sparked intense discussions as an innovative governance mechanism. Currently, some users and technicians in the crypto community are quite pessimistic about the effectiveness of this "multi-layer court" in solving problems and its ultimate feasibility.

In the comments section of Alex's Twitter, it was mentioned that there have been past proposals to restore L2 vulnerabilities through L1 forks, which were also referenced in Vitalik's article "Don't Overload Ethereum Consensus" published in May this year, but Vitalik denied such proposals.

Why should we not overload Ethereum consensus? Vitalik cited a typical case, summarizing that the final judgment may only be limited to parameters at the ETH/USD crypto token level, which seems feasible. However, over time, other indices are added: ETH/EUR, ETH/CNY, and finally the exchange rates of all G20 countries.

Suppose in 2034, Brazil experiences an unexpected severe political crisis leading to election disputes. Different countries and parties have disagreements regarding this event. At this point, Brazil already has a CBDC, which splits into two forks due to geopolitical disagreements, and during oracle voting, Ethereum stakers also have disagreements and ultimately propose a hard fork of the chain, leading to a split in the community. But Vitalik emphasized that Ethereum was originally created as a global permissionless platform to escape the influence of nations and geopolitical issues, yet it could be divided in two due to unexpected severe internal problems in any one of the G20 member countries.

Crypto community user @bitflag123 also expressed similar concerns, believing that the social consensus of blockchain is very fragile, and each fork causes significant harm. When there is a possibility of forcing ETH to fork, it allows some large projects to gain a moat, becoming too big to fail, while smaller projects cannot do so, harming fair competition.

However, regarding the concern that Ethereum may split due to consensus overload, Alex responded that he would publicly challenge this viewpoint. He stated that his "multi-layer court on-chain" governance hypothesis was inspired by Vitalik's perspective in "On Concave and Convex Worldviews." He believes that adopting a 100% remote governance method is convex, while he advocates for a concave policy of minimal necessary intervention, i.e., pre-approved soft forks as a non-intrusive veto mechanism for governance decisions; only in extreme emergencies and only applicable to protocols of systemic significance. Otherwise, one is destined to choose between two extremes: code is law, bug = death; or code does not matter, and a "backdoor" can be left to cope, but everything ultimately becomes centralized. Neither of these choices can serve as the foundation for a decentralized value internet.

In addition to contradicting Vitalik's stance of not overloading Ethereum consensus, many users in the crypto community also believe that this governance proposal faces significant obstacles in terms of feasibility. Haotian (@tmel0211) mentioned that although the adjudication process is on-chain, it is still a complex business logic that relies on time-locks to race against vulnerability crises.

ColliderVC partner @0xidanlevin pointed out that the decision-making and negotiation process for adjudication consumes time, conflicting with the need for the protocol to quickly mitigate losses. "If an error is found and the protocol is paused (assuming a circuit breaker or some pause mechanism is used), how long will the court system take to reach a consensus on the fork, especially if there are several upgrade layers? The protocol remains in a halted state with no activity until the solution is accepted, which brings a lot of uncertainty to users." Protecting upgrades is the highest priority compared to centralization risks.

Web3 security analyst @0xArhat further pointed out that if this multi-layer court system is to be executed, it must consider the likelihood of reaching consensus and the appeal costs, dispute parameters, governance tokens, and other contract detail settings across too many dimensions.

For example, to make these courts operate effectively, coordination by influential individuals/groups may be needed to determine "standard" contracts and procedures. This top-down influence conflicts with the spirit of permissionless systems. But if not, the Ethereum community needs to voluntarily unite to recognize specific supreme court contracts as "official" contracts, which is very difficult to achieve. Because there are usually disagreements about how to design it or who should control it, should it be managed by DAOs, smart contracts, trusted developers' multi-signatures, specific package holders, whales, etc.? If social consensus is not reached, there is a risk of forming factions around competing implementations. Achieving a convincing agreement around a court system without a central authority seems unlikely.

Moreover, L1 soft forks are not scalable. Given the actual coordination challenges, there are doubts about whether it is realistic to rely on recurring soft forks to resolve specific protocol disputes. And costs may also stimulate avoidance behavior, "High appeal costs mean that protocols may avoid courts whenever possible, undermining adoption." Therefore, basic functions such as filing appeals, providing evidence, and making judgments need a common standard, but the details of appeal costs, dispute parameters, governance token interactions, etc., may require customization, making practical implementation very tricky. For instance, how should appeal costs be set? If too cheap, it will lead to a large number of appeals burdening the Ethereum system, but if too expensive, many valuable appeal cases may avoid filing.

Although the current outlook on the feasibility of the new governance model of the multi-layer court on-chain is generally pessimistic, Alex stated that zkSync will provide funding for deeper research into this model and has attracted some technical developers to participate actively.

Regardless of how this new governance model develops, the security governance dilemma of Layer2 and most DeFi protocols during emergency crises remains a problem worth ongoing exploration and resolution.