One thing which is unclear in my head is why does one need to allow bad exits at all?
One can simply have a requirement that exits need to be signed by validators/collators of the corresponding chain, and if a validator signs a bad exit, her deposit is slashed …
This seems to be a way simpler solution, I am a bit confused why would this challenge-based thing be better than making validators/collators responsible for security …
Why is a validator-based approach good for Casper and bad for Plasma ?
Actually, if validators sign exits you would not need the UTXO model at all - validators could simply sign exits from one EVM-based chain to another …