If you've ever flown on a small plane, you know that a pilot is one person between you and the bump -free ride. What if this pilot suddenly went from cheater? You would like a parachute, right?
Most ethereum blockchain (L1) network users have their own assets on a layer-2 (L2), such as arbitrum or base network. These are min-blockchains built on the main chain of Ethereum. They offer the faster and cheaper ways of ethereum chip circuits. But what happens when L2 breaks something?
What is the fleeing hatch?
Mostly your L2 works great. Transactions take place quickly and everything seems great. But in the world of chain chain, we need to be prepared for the worst scenarios-even if they are unlikely. The “worst case” here is usually a L2 system that cannot process transactions if it should, whether operators are non-networking or actively selecting which transactions to cover (called censorship or “living failure”).
For these emergencies, a fleeing hatch has been created. Its main task is to allow you to prove that you have certain assets and then back to L1 without the need for potentially misbehaving of the L2 operator. We mainly talk about money here from L2 L1.
When would you need a hatch to escape?
You should use a fleeing hatch when L2 experiences what experts call “vitality failure”. This happens in two main scenarios:
-
If the sequence goes without a network connection or censors transactions: The sequencer is responsible for the processing and ordering of the transactions at L2. If it stops working or consciously blocks certain transactions, you need a way out.
-
If validators do not do their job: Validers propose the requirements for Ethereum for the L2 state. If they go without a network connection or exclude specific transactions, L2 will stop working properly.
How do the escape hatches work?
There are several approaches to designing the Escape hatch:
Exports based on Merkel's proof
Imagine L2 throughout the country – everyone's balances that own what NFT etc – is organized like a giant, highly organized data tree (Merkle tree). Your specific balance is a “page” of one branch. To prove that you have something, you just have to show a small piece of data (Merkle's proof), which cryptographically connects your page to the main “root” of the tree, which is usually recorded on the L1. The idea is that when L2 goes wrong, you grab the necessary data, generate these evidence and screens for L1 for a special contract that deals with exit. If your proof is valid, the L1 contract will release your money.
The problem is, to generate this proof, access to the entire L2 – all Merkle tree – access to access. Getting this data reliably means running a “full node” for a particular L2, which is resource -intensive and requires technical know -how, as well as operating the ethereum. You cannot trust a potentially bad L2 operator (sequentizer or validators) to provide you with data and you cannot necessarily trust third-party data providers (such as RPCs) as they may also be endangered or simply do not want to help. In addition, L2 data posted to L1 can be removed after some time (thanks to recent ethereum upgrades such as EIP-4844), making the country's zero recovery even more difficult.
Involvement of a forced transaction
Sometimes the problem is not just about obtaining data; This is the processing of your transaction (such as a payout application) if the sequencer is selectively ignoring you. This method allows you to pass the sequenter's censorship.
You will send your transaction directly to L1 to a specific contract that the L2 sequencer monitors (called the “mailbox” contract). Because you pay L1 gas fees, it is more expensive than a regular L2 transaction.
Here is the process:
- You send your deal to L1 “Delayed Inbox”. This simply prevents someone from spam in the headbox.
- If the L2 sequencer does not cover your deal in a batch for a certain period of time (like 24 hours on Arbit.
- Now the sequer must add your transaction to the next batch they forward to L1. If they do not, some honest participant (validator) may point out that the batch is invalid because it left the inbox between the necessary transaction.
- Validers should check these lots and calculate the correct new state of L2, which includes your deal. If they post a state that does not contain your forced transaction, the other validator may challenge them and the Dishenest Valator will lose the money you have invested. This system stimulates validators for proper processing of transactions.
But what if all the validators are also non -networking or sequenteer? If no one is going to process the L2 Status updates based on the mailbox transactions and post them on L1, your forced transaction simply sits there, processed in the mailbox, but is not reflected in the L2 state completed on the L1. You're stuck again.
Proposal of the State root without permissions
This method is often used by the involvement of transactions and solves “What if the validators disappear?” the problem. Instead of allowing only some of the specified validators to be updated with L2, everyone can step up and come up with what they believe that the right L2 status should be (based on processed transactions, including forced transactions).
How it works:
- If ordinary validators are missing or censor, you can enter (or someone else who works for the software).
- You process L2 transactions yourself, including all forced inboxes in your inbox.
- You calculate the root of the new L2 state (“fingerprint”) and recommend it to the L1 (“Outbox” contract) special contract.
Security Check:
In order for no one to offer a fake country (for example, giving yourself all the money), you usually need to consider some collateral (when you put the bond up). If the root of your planned country is wrong, someone else can challenge it, prove that you are wrong and you lose your bond. This ensures that at least one honest person is sufficient to keep the system safe.
For optimistic rolls (such as optimism, arbitrum), it is relatively easier because you just have to calculate the onset of onset and contribute to the bond. Anyone with resources can potentially do it.
However, it is much harder to expire in rolls (like zksync, scrolling). The root of each proposed country must be accompanied by a complex mathematical evidence (ZK-nark). The generation of these evidence requires significant computing power, often from a conventional consumer hardware. Although there is a job to do “
Does Escape hatch Magic Bullet? Not quite.
Escape hatches are not perfect solutions. Here are some problems:
Management risks
Contracts related to L1, which manage Escape Hatch (mailboxes, extracts, withdrawal bridges) are incredibly powerful. If the leading team of the L2 can change or deactivate these contracts if they wish, the fleeing hatch is useless. Ideally, these contracts should be unchanged (unchanged) or governed by the decentralized community (DAO) with built -in delays (term) upgrades, giving everyone time to react when a malicious change is offered.
Complex property ownership
The Escape Hatch methods described are best working by the addresses of the financial wallet (externally belonging to EOA). It is easy to prove that “my address x is y -money”. But what about the sophisticated clever contract with locked funds, such as the Uniswap trading pool? Many different people (liquidity providers) may have a requirement for this pool fund based on their stock, not just in a simple balance. L2 Smart's contract of the contract defines who owns.
In order for people to escape such contracts, you must theoretically take this complex contract to the state of the country L1 and figure out how to distribute the funds there. It is incredibly complicated, can exceed L1 during a mass exit (”
Some fleeing branches include mechanisms (such as an “idle” idea), which validatizers without a network connection, allow someone to temporarily step into the chain. It buys time for community and application developers to understand how to deal with complex migration and distribution, instead of immediately losing users.
Problems related to usability
Even if the mechanism exists, can the average user actually use it? The operation of complete nodes, generating evidence or communicating directly with L1 contracts may be technical obstacles. User -friendly front plans and tools are essential to make these escape hatches truly accessible in an emergency. Projects like L2Beats have been developed
Future: Reducing the dependence of escape shells
The main reason why escape hatches are so critical today is that most L2 has one centralized sequenter. If this sequenter falls or behaves incorrectly, L2 grinds or starts censor. The best solution can be less necessary for escape hatches:
- Decentralized sequencers – When the sequencers decentralize (leading several independent parties), the need for an escape hatch will first decrease significantly as there is no point in viability failure. It is an area of active development.
- “Washlipped with a proposal to escape hatches” – They allow someone to fulfill the responsibilities of the validator if no validator offers blocks, keeping the L2 working.
Why is it all important
Ethereum's security model is built to prepare the worst scenarios. If L2S claims that it is “guaranteed Ethereum”, they should ensure specific escape hatches that allow users to restore their property in emergencies. The discussion of the fleeing hatches is criminally underestimated in the chip community. As more users and property move to L2, understanding these safety mechanisms is becoming increasingly important – even if we hope to use them.
Remember: the chip system is only as secure as the exit mechanism. Before connecting important assets to any L2, it is worth understanding how you can get them back when things go wrong.
This article was inspired by a
