When the Prize Pays for the Protection
What happens when a contest's reward depends on the very security that contest provides?
Consider a city that funds its police force through property taxes. If crime rises, property values fall, tax revenue drops, police budgets shrink, and crime rises further. The system can spiral into collapse — not because of any single shock, but because the activity that finances protection is itself protected by that protection.
This feedback loop is everywhere. Insurance pools funded by premiums that depend on the pool’s solvency. Platform security funded by usage fees that depend on how safe the platform feels. Trade route protection funded by the commerce that flows along the route. Blockchain mining funded by transaction fees that depend on how secure the chain is.
In all of these systems, the prize in the contest — the revenue that pays for security — is not fixed. It is endogenous. It depends on how well the contest performs.
This observation is the starting point of a new paper, “Endogenous Prizes in Security Contests,” which I have made available on SSRN (awaiting release) and submitted to Econometrica. The paper develops a general theory of what happens when the prize in a security contest is funded by the very activity the contest protects. The results are not specific to any single application. They apply to any system where protection is financed by protected activity.
The fixed-point problem
Most of the contest theory literature takes the prize as given. There is a prize VV V, contestants compete for it, and the analysis asks how much effort they exert and who wins. This is the right setup for a patent race, a sporting tournament, or a lobbying contest where the stakes are set externally.
But in a protection contest, the prize is not set externally. The prize is revenue from users — and users only show up if the system is secure enough to be worth using. Security depends on how many contestants enter. How many contestants enter depends on the prize. The prize depends on how many users there are. How many users there are depends on security.
This is a fixed-point problem. The equilibrium security level must be simultaneously consistent with the demand it generates, the revenue that demand produces, the entry that revenue attracts, the attack cost that entry creates, and the deterrence that attack cost provides. Everything depends on everything else.
The paper characterises the full structure of this fixed-point problem. The analysis requires no specific functional forms — the results hold for any demand system, cost schedule, and deterrence technology satisfying a small number of regularity conditions. The specific application to proof-of-work blockchains is used as an illustration, not as the source of the results.
What the paper finds
There are four main results, each building on the last.
First: the equilibrium set forms a complete lattice. This means there is always a least equilibrium and a greatest equilibrium, and the set of equilibria has a well-defined structure. The least equilibrium is shutdown — no users, no revenue, no contestants, no security. This is always an equilibrium because if nobody participates, there is nothing to protect and nothing to fund protection with. The greatest equilibrium, when it exists, is a high-security state where many users participate, revenue is substantial, many contestants enter, attack is costly, and deterrence is strong. In between sits an unstable tipping threshold: above it, the system converges to the high equilibrium; below it, it collapses to shutdown.
This structure — two stable equilibria separated by an unstable threshold — is a generic feature of the endogenous-prize problem, not an artefact of particular parameter values. It arises from the fundamental complementarity: more users make the system more worth protecting, which makes it more secure, which attracts more users.
Second: the system exhibits a saddle-node bifurcation. As the fee that users pay increases, the high equilibrium and the unstable threshold move toward each other. At a critical fee level, they collide and annihilate. Beyond that fee, only the shutdown equilibrium survives. The system cannot sustain itself above the critical fee.
This is not a gradual decline. It is a discontinuous collapse. One moment the system has a viable high-security equilibrium. The next moment — with an infinitesimal fee increase — it does not. The entire surplus of the high equilibrium vanishes instantaneously. And the collapse is irreversible in a precise sense: reducing the fee back below the critical threshold does not restore the high equilibrium. The system exhibits hysteresis. The recovery threshold is strictly below the collapse threshold. To restart the system after a collapse, the fee must be cut further than it needed to be raised to cause the collapse.
Third: all comparative statics inherit a common amplification denominator. When a parameter changes — the cost of entry, the value of an attack, the strength of the deterrence technology — the effect on equilibrium security is amplified by a factor of 1/(1−Φ′)1/(1 - \Phi’) 1/(1−Φ′), where Φ′\Phi’ Φ′ is the slope of the self-map at the equilibrium. This denominator is always greater than one at a stable equilibrium. Near the fold point (the critical threshold), it diverges to infinity.
The amplification captures what makes endogenous-prize contests different from fixed-prize contests. In a fixed-prize contest, a 10% increase in attack cost produces a bounded improvement in security. In an endogenous-prize contest, the same 10% increase also attracts more users (because the system is safer), which increases revenue, which attracts more contestants, which raises the attack cost further, which attracts more users. The feedback loop multiplies the initial shock. The closer the system operates to its tipping point, the larger the multiplication factor.
This is the formal mechanism behind the fragility of protection-financed systems. A system operating far from its tipping point is robust — shocks are absorbed with modest amplification. A system operating near its tipping point is fragile — small shocks are amplified into large ones, and a shock just past the threshold causes total collapse.
Fourth: the welfare-maximising fee is strictly below the revenue-maximising fee. A monopolist platform would set the fee to maximise revenue. But the socially optimal fee accounts for the security externality: when the fee is slightly lower, more users participate, which makes the system slightly more secure, which benefits all existing users. The monopolist ignores this externality. The gap between the two fees is a measure of the welfare cost of market power in protection-financed systems.
Why this matters beyond the model
The endogenous-prize structure appears in systems that matter enormously for economic life.
Payment infrastructure. Every payment system is, at bottom, a protection-financed contest. Users pay fees. Fees fund the infrastructure that processes and secures transactions. If the infrastructure is unreliable, users leave. If users leave, fee revenue drops. If revenue drops, infrastructure investment falls. The tipping dynamics identified in the paper — discontinuous collapse, hysteresis, amplified fragility near the threshold — are not theoretical curiosities. They describe real phenomena in payment system adoption and failure.
Cybersecurity investment. Firms invest in cybersecurity to the extent that users trust their platforms. Users trust platforms to the extent that firms invest in cybersecurity. This feedback loop has the same structure as the endogenous-prize model. The paper’s fold result predicts that there exist critical thresholds of user trust below which no level of investment can sustain a viable platform — and that crossing those thresholds can happen suddenly.
Insurance markets. An insurance pool is solvent if enough policyholders participate to diversify risk. Policyholders participate if the pool is solvent. Premiums fund the pool’s reserves. If premiums rise too high, participation falls, reserves shrink, and the pool becomes insolvent. The paper’s hysteresis result predicts that restoring a failed insurance pool requires lower premiums than the level that caused the failure — a well-documented phenomenon in insurance markets that the endogenous-prize framework explains from first principles.
Proof-of-work blockchains. This is the application developed in the paper’s illustration section. Miners compete for block rewards funded by transaction fees. Users transact only if the chain is secure. Security depends on mining investment, which depends on fee revenue, which depends on user participation, which depends on security. The documented 51% attacks on smaller proof-of-work chains — Bitcoin Gold, Ethereum Classic — are instances of the shutdown equilibrium. The attackers did not need to overcome enormous resources. They needed only to push the system past its tipping point, after which the feedback loop did the rest.
The technical contribution
From the perspective of economic theory, the paper contributes to two literatures.
In contest theory, the standard framework assumes the prize is exogenous. A small number of papers have studied contests where effort affects the prize, but in those models the contestants’ own effort is what changes the prize value. The endogenous-prize model studied here is structurally different: the prize is determined by a third party (users) whose participation depends on the outcome of the contest. This creates a feedback loop between the contest and the market that the contest serves — a structure that does not appear in the existing contest literature.
In the economics of strategic complementarities and tipping, the paper contributes a new source of multiplicity. The standard models of strategic complementarities — network effects, technology adoption, bank runs — involve direct externalities between agents on the same side of the market. The endogenous-prize model generates complementarities through a contest with cost heterogeneity, mediated by the demand–security feedback loop. The shape conditions that determine whether multiplicity occurs (the paper’s “multiplicity condition”) depend on primitive parameters of the cost schedule and the deterrence technology, not on assumed functional forms.
The fold bifurcation and the amplification result connect the paper to the bifurcation theory literature in mathematical economics, but the paper does not require readers to know that literature. The proofs use only standard tools: Tarski’s fixed-point theorem, the implicit function theorem, and the intermediate value theorem.
What the paper does not claim
The paper does not claim that any particular real-world system is at its tipping point. That is an empirical question that requires data on the specific system’s demand function, cost schedule, and deterrence technology. The paper provides the framework for asking and answering that question.
The paper does not claim that the tipping dynamics are inevitable. If the system operates far from its fold point — if the fee is well below the critical threshold, if demand is robust, if entry costs are low — then the high equilibrium is stable and resilient. The fragility is a property of systems near their tipping point, not of all protection-financed systems.
The paper does not resolve the question of how trust is provided. The deterrence technology is taken as a reduced form — a function mapping defense expenditure to the probability of successful deterrence. Whether that deterrence comes from computational investment, legal enforcement, reputational capital, or institutional design is outside the model. The paper’s results hold for any deterrence technology satisfying a small number of regularity conditions.
Hysteresis: why recovery is harder than collapse
One of the paper’s most striking results is that collapse and recovery are not symmetric.
Imagine a platform operating at its high-security equilibrium. The operator raises fees gradually. At first, nothing dramatic happens — a few marginal users leave, security dips slightly, but the feedback loop absorbs the shock. Then the fee crosses the critical threshold. The high equilibrium vanishes. The system crashes to shutdown.
Now the operator realises the mistake and cuts the fee back. To where? Crucially, cutting it back to just below the threshold that caused the collapse does not restore the high equilibrium. The system is stuck at shutdown. To restart, the fee must be cut further — sometimes substantially further — below the collapse threshold. There is a recovery threshold strictly below the collapse threshold, and the gap between the two is the hysteresis band.
The formal mechanism is a two-fold structure. One fold controls collapse (the high equilibrium and the unstable threshold collide and annihilate). A different fold controls recovery (a new pair of equilibria appears from below). These two folds occur at different fee levels. The system has memory: its current state depends not just on the current fee, but on the path that brought it there.
This has practical implications for platform governance. A fee increase that appears safe — because the system is still operating — may be irreversibly dangerous. And a fee decrease that appears adequate — because it reverses the increase — may be insufficient. Platform operators, regulators, and protocol designers who set fees in protection-financed systems need to understand the asymmetry between breaking a system and restarting one.
What the illustration shows
The paper includes a numerical illustration calibrated to proof-of-work parameters. With high user mass, the system supports three equilibria: shutdown at security near zero, an unstable threshold at security around 10%, and a stable high equilibrium at security around 79%. The multiplicity condition is satisfied by a factor of five — meaning the system is well into the multiple-equilibria region, not teetering on the edge.
The amplification theorem applies at the high equilibrium with a multiplier of approximately 1.02 — modest, because the high equilibrium is far from the fold. Near the fold, the multiplier diverges: a small shock to fundamentals produces an arbitrarily large response in equilibrium security.
The illustration also shows that cost heterogeneity among contestants — which is the empirically relevant case, since miners have different electricity costs, hardware vintages, and capital structures — compounds the amplification. The error from assuming homogeneous costs is approximately 24%, and the demand-side feedback loop amplifies that error by a further 2%. These are not large numbers at the calibrated equilibrium. But at a system operating closer to its fold point, both factors would be substantially larger.
The paper does not present these numbers as estimates of any real system’s parameters. They are chosen to illustrate the qualitative predictions of the theory: that the tipping point exists, that the amplification mechanism works as the theory predicts, and that heterogeneity compounds through the feedback loop exactly as the formal results describe.
Where to find it
The paper is available on SSRN at https://papers.ssrn.com/abstract=6436941. The supplemental online appendix, which extends the core results to general contest classes, smooth demand systems, and global-games equilibrium selection, is available as a companion document. A full replication package containing all numerical scripts and figures accompanies the paper.