The first article in this series - What is Composability? - made it sound like clear blue sky for Web3, but zooming out, in mid-2020 rising Ethereum fees threw a wrench in the Web3 Lego thesis, making it necessary for every L1 project (especially those like DAOs with complicated smart contracts) to face up to the prospect of multi-chain and cross-chain scaling.
Composability is theoretically distinct from scaling, but is only sustainable if transaction costs remain low, otherwise increasing activity on the network leads to diminishing returns as fees eat into principal value. This is what happened on Ethereum: even though it is still theoretically possible to arbitrage-using-an-Aave-flash-loan-to-short-on-Kwenta-powered-by-inverse-instruments-on-Synthetix in a single atomic transaction, the gas fee would be eye-watering. Because of this, many projects have shut down or launched on different chains: a technological Babel event that left Web3 speaking many different languages and fractured scarce security and liquidity resources.
High fees also impose significant restrictions on the growth and development of DAOs. For example, it’s notable that DAOs have not adopted dividends as a way of conferring value to members - despite it being well attested by companies - because it is too expensive to airdrop millions of transactions to token holders. Instead, DAOs have tended to use funds to burn tokens in a single transaction to elevate the price of the remaining holdings, but this is sub-optimal compared to dividends and has several significant downsides such as destabilizing a token’s monetary policy and artificially increasing interest rates.
The Ethereum ecosystem has fought back against high fees by experimenting with a modular architecture that removes expensive smart contract code execution onto parallel networks - collectively known as Layer 2 (L2) - and only posts the final results back to L1. A token swap on Arbitrum, for example, costs 1600 gwei compared to 120000 gwei on Ethereum. This kind of 75x fee reduction is typical and, understandably, luring a huge amount of activity away from L1. L2Beat shows that the Total Value Locked (TVL) in L2 rose 700x in 2021, from $9m to a peak of $7bn.
The emergence of L2 solutions has been less disruptive to the Ethereum ecosystem than it might have been because, even though they operate independently with their own consensus mechanisms, many of these networks are compatible with Ethereum's runtime engine - the Ethereum Virtual Machine (EVM) - and can operate as 'sidechains' with two-way ‘bridges’ between themselves and Ethereum Mainnet. Solidity - Ethereum's smart contract language - compiles directly into EVM bytecode, so by replicating EVM compatibility, chains like Harmony and Polygon have enabled developers to redeploy their dApps without having to refactor their code too drastically. This enables non-fungible token (NFT) drops, voting, and other mass-transaction events to happen without affecting Ethereum Mainnet and at a much lower cost. Since deploying on Polygonand Harmony, the cost of launching a DAO on Aragon has dropped 5000x and resulted in a 5x acceleration in the number of DAOs created so far.
Most major networks now have, or are developing, some kind of EVM compatibility, but as they grow and develop their own ecosystems, the definition of the term 'sidechain' is beginning to stretch. Even though projects like Harmony and Polygon still position themselves as subsidiary to Ethereum, initiatives such as bringing Uniswap v3 onto Polygon will make it easier to stay within the ecosystem indefinitely. The assumption with many others is that assets are bridging to a superior stack and won't ever be returning to Ethereum. Indeed, data from Dune Analytics confirms that the total value locked in cross-chain bridges reached $25bn in 2021 and is on an upward trajectory.
Unfortunately, all this does not mean that EVM-compatible dApps are composable cross-chain. A dApp deployed on a sidechain is an independent instance, completely unaware of its Mainnet sibling. However, this can be partly addressed by bridging.
By design, blockchains and other distributed ledgers have very rigid trust boundaries, which means that they can't recognize data or commands from other chains. To get any kind of cross-chain interaction or build dApps that could, for example, lend $ETH and receive interest in Avalanche-native $AVAX, it is necessary to employ a third party oracle network to independently verify the state of one chain and have permission to execute operations on another using its native commands. Because of this constraint, the most common way to transfer value between Ethereum and a sidechain is by bridging using a 'burn & mint' technique: assets on one chain are locked in a smart contract, verified by a third-party oracle, and then minted as a wrapped asset on the other chain. The bridging can be reversed at any time by burning the wrapped assets, which is again verified by the oracle to unlock the smart contract.
At no time are the assets from one chain transferred onto the other but because the wrapped assets are fully-backed derivatives, they should always maintain price parity with their reserve asset. However, Vitalik Buterin has highlighted the risk that if an L1 were to be 51% attacked and rolled back to a point before the bridged assets were locked, then the wrapped assets on L2 - now not backed by anything - would be worthless, or at least significantly discounted. Note that this risk only applies to wrapped assets and not to assets that are issued natively on an L2.
Most protocols have their own canonical bridges (approved and promoted by the core team), but, being permissionless, there is nothing to stop multiple contemporary bridges being built on the same protocol. Unless there is coordination between bridge developers, this could result in multiple contracts being created on L2 to represent the same L1 asset, making them, effectively, hard-forks of each other.
As mentioned, sidechains are independent of Ethereum and therefore don't inherit its security guarantees. Using a third-party network to bridge between them introduces additional security risks if its contracts have not been properly audited; or if the network is centralized; or not collateralized enough to deter attackers. In short, the more complex the system, the larger its attack surface. Given the sub-optimal situation of having multiple bridges for a single network, there is enormous pressure on canonical bridges as single points of failure (and even more incentive for dApps to deploy natively onto L2).
Malicious intent aside, venturing beyond the trust boundary of a network breaks atomic composability because it introduces an intermediate step that prevents multiple cross-chain operations from happening within a single block time.
Rather than forfeit the network effects and momentum of Ethereum by building on a new stack, 'rollups' are a method of aggregating transactions and computations to third-party ‘sequencers’, who then periodically submit an aggregation proof as evidence of valid state transitions (called a ‘merkle root’) to the bridging contract on L1 to be verified. In this architecture, L1 is little more than a data layer.
Because smart contract execution consumes gas on L1, rollups initially have higher fees than sidechains, but this decreases inversely with the number of transactions per block and is compensated by rollups’ higher security guarantees.
Rollups come in two flavors: Optimistic and Zero Knowledge (ZK).
Optimistic rollups are similar to sidechains in that they are independent networks with their own block producers and smart contract environments. The difference is that by submitting the merkle root to the L1 bridging contract, rollups leverage the main chain’s security guarantees.
The term 'Optimistic' is used because the network must wait several days for the executions to be finalized before the merkle root can be submitted to the bridging contract. During this time, optimistic rollups assume that all of the aggregated transactions were legitimate (a 'synchrony assumption'), unless a fraud proof is submitted, which forces the disputed transaction on-chain and compares the resulting state root with the one that was published by the sequencer.
Submitting fraud proofs is lucrative if successful, but monitoring the network for opportunities can be complex and expensive. The availability of verifiers is a weak assumption that has yet to be fully resolved, but a working hypothesis is that organizations and users should be funded as public services to monitor the network and submit fraud proofs when necessary.
Having to wait a week to withdraw back to Ethereum drives a stake through the heart of cross-chain atomic composability, but, just like EVM chains, Optimistic networks are increasingly thriving ecosystems in their own right. Networks like Arbitrum and Optimism are moving towards EVM-equivalence using forked versions of the Ethereum protocol, which enables flawless compatibility with the original Ethereum stack. Rollup dApps will always be separate instances - independent of Ethereum L1 - but with EVM-equivalence they can be deployed without any custom code and composed natively with any other dApp on the same rollup.
As with all EVM-based ecosystems, bridging between them costs at least one transaction's worth of gas fees either way so the incentive is to remain there once one’s funds have been bridged over. This 'walled garden' effect is especially powerful as more and more utilities are deployed on rollups, reducing the necessity of ever withdrawing back to Ethereum. A recent illustration of this phenomenon is Binance announcing that they will accept deposits directly from Arbitrum and have plans to enable direct withdrawals in the near future.
Zk-rollups are effectively blockchain compression algorithms that aggregate thousands of transactions on a parallel network, which are communicated back to L1 by a single proof that the state transitions (transactions) were valid. Until recently, ZK-rollups could not process the kind of general computation required by dApps so were only suitable for simple transactions, but new protocols like StarkNet and zkSync offer zkEVM functionality, 15x Ethereum’s capacity, very low fees, with full composability and flawless security guarantees.
“L1 smart contract blockchains are no longer competing with Ethereum directly; they are competing with rollups.” - Canti
The trade-off is that the ability to bridge back to L1 is constrained by the batch time (usually measured in hours), but is a vast improvement on Optimistic rollups. Currently, only single-app zk-rollups exist, serving platforms like DYDX and Argent, but the near prospect is multi-app rollups with decentralized operators & sequencers.
Continuing the modularity thesis, ZK-rollups can further optimize by removing computation completely off-chain using a solution called Volition, which is coming soon to StarkNet and zkSync.
Security / Liquidity
It is important to emphasize that L2 networks themselves are not cross-composable, even if they use the same technologies. Yet, even if they were, composability is not only a function of interoperability, but also of security and liquidity, which are finite resources. As the ecosystem fractures into siloed L2 alternatives, competition for these resources will only intensify. Two examples of this are the Uniswap community trying to incentivize liquidity on Arbitrum & Optimism, and StarkNet’s concept of ‘DeFi pooling’ or ‘demand aggregation’, where assets are aggregated before being pooled into DeFi protocols back on L1 to preserve liquidity concentration.
Network dynamics suggest that we are likely to see a wave of protocol consolidations and mergers as liquidity fractures and that, eventually, one L2 solution will emerge as the most utilitarian and subsequently drain liquidity from everywhere else. Arguably, the recent Gnosis Chain (Gnosis + xDAI) and TribeDAO (Fei + Rari) mergers are early signs that liquidity is generally overstretched in crypto and needs to consolidate.
If the aforementioned scaling solutions don’t produce the necessary composability for DeFi, Web3 might need to redesign its stack. In most conceptions of this, the future of scalable digital ledgers involves some degree of parallel processing across 'shards'.
Sharding is a well-established method of splitting large databases into manageable partitions across multiple servers, while preserving an accessible global state. In distributed ledgers, it is a form of merged consensus where the global network state is divided between subsets of validators who are usually assigned randomly to shards. In theory, as the number of shards increases, throughput improves and transaction costs drop.
In most implementations, shards can be thought of as mini-blockchains with their own trust boundaries. As we have seen, trust boundaries preclude atomic composability, so must be bridged or implement some kind of inter-shard messaging.
“If composability is the superpower of blockchain, sharding is its kryptonite.” - Dieter Shirley
The practical consequence of this is that just as there can be no cross-chain smart contracts, there can be no truly cross-shard smart contracts either. This is fatal for most dApps but especially those like Compound, which rely on a shared liquidity pool of other contracts, such as $DAI. In a sharded architecture without cross-shard atomic composability, all dApps would want to be on the same shard to be interoperable with each other. Unfortunately, this defeats the purpose of sharding and is one of the main reasons why Ethereum is planning to remove the dApp execution environment entirely to L2 so that all contracts could be deployed on a single rollup (within a single trust boundary).
Shards are efficient because they can process transactions in parallel, asynchronously. The issue is that composability requires synchrony within a single block time. To solve this problem, several projects like Polkadot use ‘relay’ chains that sit above the shards (called ‘Parachains’ in Polkadot) and enforce a block-time to finalize transactions. Relay chains are effectively cross-shard light clients that only contain shard headers in the same way that L1 will only hold headers from rollups. However, the entire system is then limited by the speed of the relay chain. In this way, sharding is yet to see much advantage over rollups.
Which Way DAO?
At this time in early 2022, it feels like dApps, DAOs and liquidity providers are all in a holding pattern, not quite ready to land on a single scaling solution, but burning fuel maintaining multiple implementations and / or multiple liquidity positions. At some point between now and ‘code red’, they will all have to make a decision and this is likely to trigger a swift resource and capital-flight to the most optimal and composable solution so that the Web3 Lego thesis can resume. Ultimately, composability is a subset of liquidity and, as we’ve said in a previous article, “liquidity always wins”, eventually.