Researchers from zkSecurity, Prooflab, and Imperial College London have released a new study shedding light on the potential pitfalls of fee models used in Ethereum’s rollup networks. The report, titled “Unaligned Incentives: Pricing Attacks Against Blockchain Rollups,” highlights how these models can lead to mispricing of small transactions, presenting risks such as inflated user costs and increased vulnerability to denial-of-service attacks.
Rollups, which are layer-2 solutions that batch transactions to enhance efficiency and reduce costs on layer-1 blockchains like Ethereum, form a critical part of the Ethereum scaling strategy. They help manage the high volume of transactions while the base layer faces throughput limitations. However, operating rollups requires accounting for three distinct costs: computation for executing transactions, data availability to ensure that transaction data is verifiable, and the gas fees related to batch settlement and proof verification. The researchers found that many rollup models do not adequately separate these costs, often simplifying them into a single formula or applying fixed pricing structures, which can lead to price distortions.
The study indicates that this simplified approach can result in small value transfers being either overpriced or underpriced. Users trying to execute low-value transactions may inadvertently end up paying excessive fees, while attackers can exploit low-cost transactions to flood the network with spam, thereby disrupting services.
An analysis of five prominent rollup networks—Polygon zkEVM, zkSync Era, Scroll, Optimism, and Arbitrum—revealed significant disparities in their fee-setting methodologies. For instance, some networks determine fees at transaction submission, while others wait until a batch is finalized, and some offer refunds if the actual costs turned out to be lower than anticipated. Although these mechanisms might seem technical, the researchers caution they can create exploitable vulnerabilities. For example, an attacker could abuse a refund system by submitting many transactions only to recuperate part of the costs while still occupying network resources.
Beyond user frustration, the findings underscore critical systemic risks. If attackers find ways to subsidize small transactions, they could effectively launch denial-of-service attacks capable of congesting the network, diminishing performance, or elevating costs for honest users. The root of these issues lies not in flawed code but rather in economic design choices that dictate user incentives.
As the rollup ecosystem for Ethereum expands—managing tens of billions of dollars in assets—these findings gain heightened importance. The authors advocate for multidimensional fee structures that would separately price computation, data posting, and proving, aligning costs with actual resource utilization. Such changes could enhance resilience against spam transactions and deliver users a more predictable cost structure.
To address the identified issues, the study suggests employing tools such as dynamic fee adjustments, partial batching, and clearer disclosures of cost components. Some rollup developers are already investigating adaptive fee curves and real-time modeling; however, the study notes that standardized practices have yet to be established.
These insights are particularly timely as Ethereum pursues a roadmap focusing on zero-knowledge proofs and rollup-centric scaling. While zero-knowledge virtual machines (zkVMs) promise improved transaction verification, they also introduce variability in proving costs that could complicate pricing models, particularly under high demand conditions.
For users, exchanges, and wallets, the implications are clear: inconsistent fees and a decline in service quality may become commonplace. For developers and investors, the report advises a deeper examination into not just apparent throughput or low nominal fees but also the mechanisms underpinning those fees.
