## Hardening rollups with multi-proofs --- ### Today, almost all rollups are still on "training wheels"  --- ### Why? Code risk.  PSE ZK-EVM circuits: 34,469 lines of code --- ### 34,469 lines of code are not going to be bug-free for a long long time.  --- ### Option 1: high-threshold governance override  --- ### Option 2: multi-prover  --- ### More complex variants of multi-prover   * If anyone submits two conflicting state roots to a prover and both pass, that prover is turned off * If no successful message is passed through a particular prover for 7 days, that prover is turned off (Inspired by smart contract wallet designs!) --- ### Option 3: two-prover plus governance tie break  --- ### Advantages   * Don't have to trust governance (it can't contradict the provers) * Protected from a bug in either of the two provers * Ideally, the two provers should have _very_ different construction, to minimize the chance of simultaneous bugs * One optimistic, one ZK? --- ### Conclusions   * ZK-EVMs will not be bug-free for a long time * But we can minimize the chance of bugs leading to catastrophic outcomes with multiple implementations! * There is a tradeoff space of "security against bugs" vs "security against bad governance" * Keeping governance involved but only in emergencies seems like a good idea ---  And hopefully we will have safe and scalable rollups soon!