
Every rollup has the same problem: it executes transactions somewhere Ethereum can't see, then asks Ethereum to accept the result. Ethereum needs a reason to believe that result wasn't fabricated. There are exactly two answers in production, and they're close to mirror images of each other.
A validity proof demonstrates that a state transition is correct — mathematically, before the chain accepts it. A fraud proof demonstrates that a state transition was wrong — after the fact, during a window where anyone is allowed to object. ZK-rollups use the first. Optimistic rollups use the second. The names cause genuine confusion, because a "fraud proof" sounds like a bad thing and a "validity proof" sounds like paperwork. They're just two different placements of the burden of proof.
Start with the validity proof, because it's conceptually simpler even though the cryptography underneath is not.
When a ZK-rollup posts a batch of transactions to Ethereum, it attaches a cryptographic proof — in practice a zk-SNARK or zk-STARK — attesting that the new state root is the correct result of executing those transactions against the old state. A verifier contract on Ethereum checks the proof. If it verifies, the state transition is final. If it doesn't, the batch is rejected. There's no waiting period and no assumption that someone is watching, because the checking happens up front, every single time. The "zero-knowledge" part is mostly incidental here — what rollups actually need is the succinctness: a proof that's tiny and cheap to verify regardless of how much computation it covers.
Fraud proofs invert this. An optimistic rollup posts its batches with no proof at all — the state root is simply asserted, and Ethereum accepts it optimistically. What makes this safe is the challenge window, typically seven days, during which anyone running a node can compare the asserted state root against the result of executing the posted transaction data themselves. If a verifier finds a mismatch, they submit a fraud proof.
The elegant part is how the dispute gets resolved. Re-executing an entire batch on Ethereum would be prohibitively expensive, so systems like Arbitrum's use an interactive bisection game: the challenger and the asserter repeatedly split the disputed computation in half, narrowing the disagreement down to a single instruction step. Only that one step gets re-executed on-chain, and whoever's claim it contradicts loses their bond. Fraud proofs are cheap precisely because they're almost never used — the honest path costs nothing, and the mechanism only runs when someone lies.
This is the comparison that actually matters, and it's less lopsided than either camp tends to admit.
A validity proof's security rests on two things: the soundness of the proving system's mathematics, and the correctness of the circuit implementation — the code that translates "valid EVM execution" into equations a prover can work with. The math is well-studied. The implementations are enormous, relatively young, and have had soundness bugs found in audits. If a circuit bug lets a prover generate a valid-looking proof for an invalid state transition, the chain accepts it with no challenge window to catch it.
A fraud proof's security rests on a liveness assumption: at least one honest party must be watching, must detect the invalid assertion within the window, and must be able to get their challenge included on Ethereum — which means censorship resistance matters too. It also assumes the dispute game itself can't be exploited or stalled. That's a weaker guarantee on paper than mathematics. In exchange, the happy path involves no exotic cryptography at all, and the whole system is auditable by anyone who can read ordinary execution code.
The practical costs differ too. Validity proving is computationally heavy — every batch, all the time, on specialized hardware — but users get fast finality and fast withdrawals. Fraud proofs are nearly free in normal operation, but users inherit the challenge window: withdrawing assets from an optimistic rollup to Ethereum natively takes the full seven days, which is why a market of liquidity providers exists to front the funds early for a fee.
For years the honest caveat was that most "optimistic" rollups didn't actually have permissionless fraud proofs live — challenges were restricted to whitelisted parties, a training wheel that made the security story partly reputational. That's largely resolved: Optimism shipped permissionless fault proofs in 2024, and Arbitrum's BOLD upgrade opened validation to anyone bonded. The mechanism described on paper now mostly exists in production.
On the ZK side, the movement is in cost and coverage. Proving has gotten dramatically cheaper through recursive aggregation and better hardware, and zkEVMs have climbed toward full equivalence with Ethereum's execution — closing what used to be the strongest argument for the optimistic approach, which was that faithfully proving the EVM was impractical. Several optimistic-era teams have publicly explored adding validity proofs to their stacks, and hybrid designs — optimistic execution with ZK-proved settlement — are being built rather than just theorized.
Continued decline in per-transaction proving costs. More optimistic rollups announcing concrete validity-proof integrations rather than research posts. Fraud proof systems surviving contentious, real-money disputes without governance intervention. ZK verifier contracts operating for years without a soundness incident.
A soundness bug exploited in a production validity-proof system would be the serious one — it would shift the argument back toward mechanisms humans can audit by re-execution. On the other side: a successfully exploited or stalled dispute game on a major optimistic rollup would damage the liveness-assumption story in the other direction. And if proving costs plateau instead of falling, the economic case for ZK settlement everywhere weakens to "only where fast withdrawals justify the premium."
Now: Both mechanisms are live and securing real value — validity proofs on zkSync, Starknet, Scroll, and Linea; permissionless fraud proofs on Optimism and Arbitrum. This is no longer a theoretical comparison.
Next: Watch the convergence — optimistic stacks adding ZK components, challenge windows shortening as hybrid designs mature.
Later: If real-time proving becomes cheap enough, the distinction may fade into an implementation detail rather than an architectural fork. That's a plausible end-state, not a scheduled one.
This covers the two verification mechanisms and where their trust assumptions differ. It doesn't cover the internals of any specific dispute game, the SNARK/STARK construction details (those live in their own posts), or data availability — which is a separate problem both rollup types share. Nothing here is a recommendation to use or hold assets on any particular rollup; which mechanism is "safer" depends on implementation quality at least as much as architecture.




