Search

Search for projects by name

EigenDA logoEigenDA

  • Type
    DA Service
  • Total value secured
    $3.16 K
  • Economic security

  • Duration of storage
    Flexible
  • Used by
  • Select a bridge
    No bridge
    $3.16 K
    ServiceManager
    $0.00


    Risk summary
    EigenDA

    EigenDA is a data availability solution built on Eigen Layer.

    Risk analysis
    Economic security
    No slashing

    Node operators are required to stake a minimum of 32 ETH (first quorum) or 1 EIGEN (second quorum) to become members of the DA network. However, there is no slashing mechanism in place for misbehaving nodes. The EIGEN token social forking protocol for intersubjective attributable faults is under active development.

    Fraud detection
    None

    There is no fraud detection mechanism in place. A data withholding attack can only be detected by nodes downloading the full data from the DA layer.

    Technology

    Architecture

    EigenDA architecture EigenDA is composed by three types of off-chain entities: node operators, a disperser and a retriever.

    • EigenDA operators are node operators running the EigenDA node software and are registered to the EigenDA AVS in EigenLayer.
    • The disperser is the entity resposible for collecting the blobs from the sequencer, erasure coding them and generating the encoded blob’s KZG commitments for each chunk. Although the disperser could be rollup-operated, it is currently a centralised entity operated by Eigen Labs.
    • Lastly, the retriever client is responsible for querying the EigenDA operators to retrieve blob chunks, verifying their integrity and reconstructs the original blob.

    Operators Registration

    Operators register with the EigenDAServiceManager via the registerOperatorToAVS() function, enabling them to participate in the data availability network. They are resposible for holding and serving blobs data, and earn rewards for their participation in the network. EigenDA operator registration

    Operators Stake Update

    EigenDA operators’ stake for quorum verification is fetched from the EigenDA StakeRegistry contract. To keep the stake in sync with changes in share balances in the EigenLayer DelegationManager (e.g., due to tokens delegated/undelegated to operators), the permissionless updateOperators() function on the RegistryCoordinator contract needs to be called periodically. This function updates the operators’ quorum weight in the StakeRegistry contract based on the operators’ shares in the EigenLayer DelegationManager contract. EigenDA operator stake sync

    Operators Blob Storage and Retrieval

    The process of storing a blob on EigenDA works as follows. A sequencer submits blobs to the EigenDA Disperser, which erasure codes the blobs into chunks and generates KZG commitments and proofs for each chunk, certifying the correctness of the data. The disperser then sends the chunks, KZG commitments, and KZG proofs to the operators. Multiple operators are responsible for storing chunks of the encoded data blobs and their associated KZG commitment and proof. Once the chunks, KZG commitments, and KZG proofs are sent to the operators, each of them generates a signature certifying that they have stored the data. These signatures are then sent to the Disperser which aggregates them and submits them to Ethereum by sending a transaction to the EigenDAServiceManager (the DA bridge).

    EigenDA storing/retrieving

    L2 Data Availability

    The Disperser collects the operators’ signatures and submits them to the EigenDAServiceManager contract via the confirmBatch() function. This submission includes a call to the BLSRegistry contract to verify signatures and check whether the required quorum of operators’ stake has been achieved. Threshold BLS signatures are not used. Instead, the threshold check is performed on the signers’ total stake fetched by the StakeRegistry, and the stake threshold percentage to reach is provided in the batch header input data. The EigenDARollupUtils.sol library’s verifyBlob() function can then be used by L2s to verify that a data blob is included within a confirmed batch in the EigenDAServiceManager. This function is not used by the EigenDAServiceManager contract itself, but rather by L2 systems to prove inclusion of the blob in the EigenDAServiceManager contract, and that their trust assumptions (i.e., batch confirmation threshold) were as expected.

    • Users can be censored if the disperser does not distribute data to EigenDA operators.

    1. EigenDA - Documentation
    2. EigenDA Disperser - Source Code
    3. EigenDA Rollup Utils - Source Code
    ServiceManager

    EigenDA DA attestations are bridged to Ethereum through the EigenDAServiceManager smart contract.

    Risk analysis
    Committee security
    Permissioned

    The committee requires an honest minority (1/3 or less) of members (or the network stake) to prevent the DA bridge from accepting an unavailable data commitment. There are 219 registered operators in the committee, but entry or exit of members is partially controlled by a centralized entity.

    Upgradeability
    No delay

    There is no delay in the upgradeability of the bridge. Users have no time to exit the system before the bridge implementation update is completed.

    Relayer failure
    No mechanism

    The relayer role is permissioned, and the DA bridge does not have a Security Council or a governance mechanism to propose new relayers. In case of relayer failure, the DA bridge will halt and be unable to recover without the intervention of a centralized entity.

    Technology

    Architecture

    EigenDA architecture once stored The EigenDAServiceManager acts as a DA bridge smart contract verifying data availability claims from operators via signature verification. The checkSignatures() function checks that the signature of all signers plus non-signers is equal to the registered quorum aggregated public key from the BLS registry. The quorum aggregated public key gets updated every time an operator is registered. The bridge requires a threshold of signatures to be met before the data commitment is accepted. To verify the threshold is met, the function takes the total stake at the reference block for the quorum from the StakeRegistry, and it subtracts the stake of non signers to get the signed stake. Finally, it checks that the signed stake over the total stake is more than the required stake threshold. EigenDA bridge architecture Although thresholds are not enforced onchain by the confirmBatch method, the minimum thresholds that the disperser would need to reach before relaying the batch commitment to Ethereum are set to 55% of the registered stake for the ETH quorum and 55% for the EIGEN token quorum. Meeting these dispersal thresholds allows the system to tolerate up to 33% (quorum 1) and 33% (quorum 2) of the total stake being adversarial, achieving this with approximately 4.5 data redundancy.
    The quorum thresholds are set on the EigenDAServiceManager contract and can be changed by the contract owner. There is a maximum of 200 operators that can register for the ETH quorum and 200 for the EIGEN token quorum. Once the cap is reached, new operators must have 10% more weight than the lowest-weighted operator to join the active set. Entering the quorum is subject to the approval of the churn approver. Operators can be ejected from a quorum by the ejectors without delay should they violate the Service Legal Agreement (SLA). Ejectors can eject maximum 33.33% of the total stake in a 7d window for the ETH quorum, and the same stake percentage over a 3d window for the EIGEN quorum. An ejected operator can rejoin the quorum after 3d.

    • Funds can be lost if the relayer posts an invalid commitment and EigenDA operators do not make the data available for verification.

    • Funds can be frozen if the permissioned relayers are unable to submit DA commitments to the bridge contract.

    • Funds can be frozen if the bridge (EigenDAServiceManager) contract is paused by the pausers.

    1. EigenDA Registry Coordinator - Etherscan
    2. EigenDA Service Manager - Etherscan
    Permissions

    The system consists of the following permissions on Ethereum:

    EigenDAProxyAdmin 0x8247…2E99

    The contract authorized to upgrade the core EigenDA contracts.

    EigenDAProxyAdmin participants (1) EigenLayerExecutorMultisig

    Those are the participants of the EigenDAProxyAdmin.

    The list of addresses authorized to confirm the availability of blobs batches to the DA bridge.

    The list of addresses authorized to pause the EigenDAServiceManager contract.

    ChurnApprover 0xe055…8734

    The address authorized to approve the replacement of churned EigenDA operators from a quorum.

    Ejectors 0xD2Ee…8eA8

    The list of addresses authorized to eject EigenDA operators from a quorum.

    EigenLayerProxyAdmin 0x8b95…2444

    The contract authorized to upgrade the core EigenLayer contracts.

    EigenLayerProxyAdmin participants (1) EigenLayerExecutorMultisig

    Those are the participants of the EigenLayerProxyAdmin.

    EigenLayerExecutorMultisig Pausers

    This is a Gnosis Safe with 1 / 2 threshold. The proxy contract authorized to unpause the EigenDAServiceManager contract and upgrade core contracts through the EigenDAProxyAdmin contract.

    EigenLayerExecutorMultisig participants (2) EigenLayer TimelockEigenLayerCommunityMultisig

    Those are the participants of the EigenLayerExecutorMultisig.

    EigenLayerOperationsMultisig Pausers

    This is a Gnosis Safe with 3 / 6 threshold. This multisig is the owner of the EigenDAServiceManager contract. It holds the power to change the contract state and upgrade the bridge.

    Those are the participants of the EigenLayerOperationsMultisig.

    EigenLayerCommunityMultisig 0xFEA4…c598

    This is a Gnosis Safe with 9 / 13 threshold. This multisig is one of the owners of EigenLayerExecutorMultisig and can upgrade EigenLayer core contracts without delay.

    EigenLayer Timelock 0xA6Db…0EAF

    The timelock contract for upgrading EigenLayer core contracts via EigenLayerOperationsMultisig.

    Contracts

    The system consists of the following smart contracts on Ethereum:

    The EigenDAServiceManager contract is the bridge contract that accepts blob batches data availability attestations. Batches availability is attested by EigenDA operators signatures and relayed to the service manager contract by the EigenDA disperser.

    Can be upgraded by:

    Upgrade delay: No delay

    Contract used by operators to register with the EigenDA AVS. The coordinator has three registries: a StakeRegistry that keeps track of operators’ stakes, a BLSApkRegistry that keeps track of operators’ BLS public keys and aggregate BLS public keys for each quorum, and an IndexRegistry that keeps track of an ordered list of operators for each quorum.

    Can be upgraded by:

    Upgrade delay: No delay

    The StakeRegistry contract keeps track of the total stake of each operator.

    Can be upgraded by:

    Upgrade delay: No delay

    The BLSApkRegistry contract keeps track of the BLS public keys of each operator and the quorum aggregated keys.

    Can be upgraded by:

    Upgrade delay: No delay

    The EjectionManager contract is responsible for ejecting operators from a quorum for violating the Service Legal Agreement (SLA).

    Can be upgraded by:

    Upgrade delay: No delay

    PauserRegistry 0x0c43…7060

    Defines and stores pauser and unpauser roles for EigenLayer contracts and the EigenDAServiceManager.

    The DelegationManager contract is responsible for registering EigenLayer operators and managing the EigenLayer strategies delegations. The EigenDA StakeRegistry contract reads from the DelegationManager to track the total stake of each EigenDA operator.

    Upgrade delay: 10d delay via EigenLayerOperationsMultisig, no delay via EigenLayerCommunityMultisig.

    The StrategyManager contract is responsible for managing the EigenLayer token strategies. Each EigenDA quorum has at least one strategy that defines the operators quorum stake.

    Upgrade delay: 10d delay via EigenLayerOperationsMultisig, no delay via EigenLayerCommunityMultisig.

    The EigenStrategy contract is responsible for managing the bEIGEN token strategy, representing the stake for the second EigenDA quorum.

    Upgrade delay: 10d delay via EigenLayerOperationsMultisig, no delay via EigenLayerCommunityMultisig.

    The EIGEN token can be socially forked to slash operators for data withholding attacks (and other intersubjectively attributable faults). EIGEN is a wrapper over a second token, bEIGEN, which will be used solely for intersubjective staking. Forking EIGEN means changing the canonical implementation of the bEIGEN token in the EIGEN token contract.

    Can be upgraded by:

    Upgrade delay: 10d delay.

    The current deployment carries some associated risks:

    • Funds can be lost if the bridge (EigenDAServiceManager) contract receives a malicious code upgrade. There is no delay on code upgrades.

    • Funds can be lost if EigenLayer core contracts (DelegationManager, StrategyManager) receive a malicious code upgrade. There is no delay on code upgrades.

    • Funds can be lost if EigenLayer EIGEN token contract receives a malicious code upgrade. There is a 10d delay on code upgrades.

    • Funds can be lost if the churn approver or ejectors act maliciously and eject EigenDA operators from a quorum without cause.