Incentivizing honesty and participation in the OP Stack’s Fault Proof System

In the OP Stack's Fault Proof System, dispute games are a pivotal mechanism for decentralized fault detection, leveraging the system's modular architecture to enhance composability and enable parallel upgrades. These games, fundamental to the dispute protocol, offer a structured approach to validating information through incentive compatibility and resolution mechanisms, promoting fairness and accuracy.

There are two incentives that dispute games should provide:

1. Make it worthwhile to act honestly
2. Make it worthwhile to participate

Honest behavior is necessary to prevent invalid results, which in the case of the OP Stack, means preventing invalid withdrawals from the bridge. However, this incentive isn't sufficient. We still need to encourage honest players to actually participate. This is where bonds come in.

Bond Incentives

Bonds serve to encapsulate the cost associated with making claims, an essential aspect of dispute games. The costliness of claims stems from several factors. First, dishonest claims necessitate additional time and effort from honest players in the game. Since it's not immediately evident which claims are honest, all claims must be bonded, deterring frivolous claims. Next, there's a need for a reward system to incentivize honest players to challenge a claim. The value of this reward pool is borne by the claim-making process.

While the intrinsic cost of these components remains constant, the value of a bond is subject to fluctuation due to changing gas fees. Therefore, it's critical to promote fairness, ensuring that participation costs are consistent for all players. If dishonest players can outspend honest ones, the system becomes skewed, allowing dishonest claims to go uncontested. This is particularly problematic in a scenario where the cost for honest players is significantly higher than it is for dishonest ones, creating a major disincentive for honest participation. This issue is what we refer to as the collateralization problem.

Moreover, it's in the best interest of the game to minimize the bonding requirement. By doing so, we widen the pool of potential honest players possessing the necessary capital to participate.

Bond Design Considerations

There are a couple things we keep in mind when exploring bond designs. Doing this limits our search space to designs that are compatible with the fault dispute game (FDG) mechanics.

Isolation of Under-Collateralization Impact

Under-collateralization must remain confined to the individual claim it pertains to and should not cascade into other subgames. To be explicit, bond collateralization should be an isolated act, separate from any team-based considerations.

Rationale: In the revised resolution protocol and challenger ruleset for the OP Stack Fault Dispute Game (FDG), there exists an incentive to support an "invalid path" with the objective of penalizing freeloading participants. This incentive should persist irrespective of whether the parent or grandparent claims are adequately collateralized. Consequently, any bond design must preclude the collective or team-wise nature of collateralization. In essence, bond collateralization should be localized to the specific subgame it is associated with.

Separating Subgame Outcomes from Collateralization

As a follow up to the above constraint, claims that are under-collateralized should not alter the results of a resolved subgame. The penalty for under-collateralization should be restricted to bond incentives (including bond payout forfeiture).

Rationale: By confining the consequences of under-collateralization to bond payouts, we ensure that the fundamental dynamics of the Fault Dispute Game remain unaffected. This maintains the incentive structures that encourage honest behavior while still penalizing dishonest or under-capitalized players. This also retains the simplicity of resolution - ensuring that the protocol remains sound with the addition of bonds.

The above considerations help ensure that our bond design doesn't break the mechanics of the dispute game. By keeping these design goals in mind, we simplify the analysis of the dispute game. This also lets us make changes to the bond design without re-auditing the entire dispute game. Effectively, bonds becomes a "mod" added to the dispute game that creates financial incentives to participate.

Integrating Bonds into the Fault Dispute Game

There are two areas bonds come into play in the FDG:

• Moves
• Subgame resolution

Participation in the FDG requires a bond. Specifically, moves now require bonded claims. There is a minimum bond requirement to make a move. However, the exact amount required can be abstracted away from the core FDG.

During subgame resolution, if a subgame root resolves incorrectly, then its bond is distributed to the leftmost claimant that countered it. At maximum game depth, where a claimant counters a bonded claim by calling step(), the bond is instead distributed to the account that successfully called step().

As such, the only problem the OP Stack’s bond design needs to solve is figuring out the minimum bond requirement to move in the FDG:

function getRequiredBond(Position _gamePosition) public pure 
    returns (uint256 requiredBond_)

Big Bonds ™

The initial bond design we’ll be adding to the FDG is Big Bonds ™. This is essentially a large ETH-denominated bond requirement for all moves in the dispute game. The bond pricing depends on two factors; the gas needed to counter the claim it’s attached to, and the claim’s depth.

The bond is priced according to gas to guarantee that an honest player's rewards cover the cost of gas used in the game. The gas pricing incorporates a fixed base fee, typically significantly larger than the average base fee, to account for potential increases. This base fee multiplier serves as a deterrent against spam claims.

Moves at the maximum game depth are the most costly, as they may require interaction with the VM and potentially the PreimageOracle. Therefore, gas-priced bonds at MAX_DEPTH - 1 are significantly cheaper than their counterparts at MAX_DEPTH. An attacker could exploit this disparity to outspend honest players by creating false claims at MAX_DEPTH-1. To counteract this, bonds are scaled by a factor based on the claim's depth to smoothen the substantial increase in the gas-priced bond at MAX_DEPTH. This approach helps to minimize the financial gain for players making claims at MAX_DEPTH-1.

The scaling factor x can be calculated using the following formula:

By applying this scaling factor to a gas-priced bond at depth d, the gas-pricing is computed as i * x^d.

Considering these factors, if g equals 200M gas, i is 400K, and the game depth is 73, then the bond required for a root claim is 0.08 ETH at a 200gwei base fee.

Big Bonds™ is a straightforward design that isn't highly capital efficient. Nonetheless, its goal is to generate incentives that guarantee accurate game resolution. The modularity of the Fault Dispute Game allows for a later, safe upgrade to an improved bond design.