Audits & Exploits
"Funds can be stolen if…
- the cryptography is broken or implemented incorrectly,
- a contract receives a malicious code upgrade. There is a 21 days or 0 if overridden by 9/15 MSig delay on code upgrades.
Funds can be lost if…
- the user is unable to generate the non-trivial zk proof for exodus withdraw.
Users can be censored if…
- the operator refuses to include their transactions. They can still exit the system.
MEV can be extracted if…
"ZK-SNARKs require a trusted setup to operate. The system has a centralized operator. The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system. Force exit allows the users to escape censorship by withdrawing their funds. The system allows users to force the withdrawal of funds by submitting a request directly to the contract on-chain. The request must be served within a defined time period. If this does not happen, the system will halt regular operation and permit trustless withdrawal of funds. If enough time passes and the forced exit is still ignored the user can put the system into Exodus Mode, disallowing further state updates. In that case everybody can withdraw by submitting a zero knowledge proof of their funds with their L1 transaction.
- zkSync MultiSig 0xE24f…0d99 (MultiSig) This MultiSig is the master of Upgrade Gatekeeper contract, which is allowed to perform upgrades for Governance, Verifier and ZkSync contracts. It can change the list of active validators.
- MultiSig participants0xA5F3…b0FF (EOA), 0x474D…53D4 (EOA), 0x9D5d…f607 (EOA), 0x9dF8…747A (EOA), 0x3068…d2Bc (EOA), 0xa265…6769 (EOA) These addresses are the participants of the 3/6 zkSync MultiSig.
- Security Council0xa260…1769 (EOA), 0x9D5d…f607 (EOA), 0x002A…7346 (EOA), 0x71E8…88c3 (EOA), 0x76C6…cB11 (EOA), 0xFBfF…3190 (EOA), 0xAfC2…c0d6 (EOA), 0x4d1E…38C6 (EOA), 0x19eD…8567 (EOA), 0x3941…e1b6 (EOA), 0x399a…52C2 (EOA), 0xee8A…5eaB (EOA), 0xe7CC…231f (EOA), 0xA093…e33B (EOA), 0x225d…086e (EOA) By default upgradeable contracts can be upgraded only after 3 weeks period. Security council can vote to cut this period to 0 days making the upgrade possible immediately if at least 9 out of 15 counselors agree on this.
- Active validator 0x01c3…F91e (EOA) This actor is allowed to propose, revert and execute L2 blocks on L1.
- Token listing beneficiary 0x2A0a…d027 (EOA) Account receiving fees for listing tokens. Can be updated by zkSync MultiSig."
“We are not in a hurry to do the token,” Newcomb told Decrypt. “There’s a trilemma that exists in decentralization: the trilemma of decentralizing your organization, decentralizing your technology, and decentralizing your economy. The token is only one part of this. And we want to make sure we handle that trilemma really, really well.”
- From their docs (3-5-2022):
- zkSync docs can be found here.
- Code for zkSync can be viewed here. The team announced (16-11-2022) that it would be open-sourcing all of its code, too, as per the MIT Open Source Initiative.
- Built on: L2 on Ethereum
How it works
"Each update to the system state must be accompanied by a ZK Proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. Once the proof is processed on the Ethereum blockchain the L2 block is instantly finalized. All the data that is used to construct the system state is published on chain in the form of cheap calldata. This ensures that it will always be available when needed."
"Funds move between users inside the smart contract, which is orchestrated by validators and guardians. When a contract is open, validators package transactions into blocks. Elected by guardians, validators have a near-perfect probabilistic guarantee of participating honestly with safety features such as built-in collateral (to disincentivize cheating). Users also decide when a contract closes, sending funds back to the main ethereum chain."
- zkSync v2.0 deployed for the team; apps will be able to deploy later this year, opens to users next year (29-10-2022).
- From Our Network (23-4-2022):
"Matter Labs team has been focused on building zkSync 2.0, which has been live on testnet since Feb 2022. Powered by zkEVM, zkSync 2.0 is the first EVM compatible ZK rollup bringing Solidity developers the scaling, security and UX benefits of zero knowledge proofs."
Their Other Projects
- zkPorter is a new L2 scaling technique combining zkRollup and sharding in a highly scalable yet atomically composable blockchain network.
- Is behind zkSync.
- Roadmap can be found here (27-3-2021), it will involve a Zinc virtual machine.
- Had an update (14-7-2021):
"The highest capacity measured so far was during a Gitcoin grants round that saw a peak load of 20,000 transactions per hour—5.6 TPS. Though it is a significant amount less than the 18,000 transfers demonstrated by StarkEx, it was sustained for an entire hour."
"Live with payment support since June 2020, zkSync has processed over 300,000 transactions in total. The Gitcoin grants round 7 was one big driver in transaction volume, starting on 15th September and ending on 2nd October. It is worth noting that there are no block rewards or delegations on the current zkSync network yet and therefore all 300,000 transactions represent real interactions between users. 1inch’s Mooniswap and Balancer are currently in the process of completing their integrations as well."
Projects that use it / build on top of it:
- Argent; plans to integrate it (16-3-2021).
- Curve implemented (11-10-2020) on zkSync’s Zinc VM, live on testnet.
- Gitcoin. Used by Gitcoin (11-9-2020).
- ZkSync is working on (29-10-2022) Layer 3 blockchain for Ethereum called Opportunity. The team plans to release a proof of concept in the first quarter of 2023. Opportunity will be an additional off-chain computation layer on zkSync's Layer 2 main network.
- From Coin98 (27-4-2022):
- "December 2019: ZK Sync v0.1 Testnet
- June 2020: Mainnet version of @zksync
- August 2020: zkSync 1.1
- May 2021: zkSync version 1.x
- June 2021: zkEVM Testnet.
- February 2022: zkSync 2.0 Public Testnet"
- Can be found here (3-5-2022).
"zkSync 1.0 has processed over 7.3m transactions. Despite the lack of smart contract functionality, zkSync 1.0 continues to see healthy growth. There have been more than 378k transactions from ETH Mainnet to zkSync by more than 257k unique addresses. At time of writing, zkSync 1.0 currently has ~$132.4m TVL. TVL reached an all-time high in March 2022 of $163m."
Projects that use or built on it
Pros and Cons
Team, Funding, Partners
- Full team can be found [here].
- Alex Gluchowski; CEO
- Raised $200M in their Series C (16-11-2022):
- September 2019: $2M from Hashed, Dragonfly Capital, etc.
- February 2021: $6M from Binance, Coinbase Ventures, etc.
- November 2021: $50M from a16z, etc.
- January 2022: a $200M DAO to fund projects on @zksync
- From their blog (8-11-2021):
"Announced US$50M in new funding today (in addition to US$6M raised at Series A in February this year).
The Series B financing was led by Andreessen Horowitz and included existing investors Placeholder, Dragonfly, and 1kx. A second financing was closed with strategic partners such as Blockchain.com, Crypto.com, Consensys, ByBit, OKEx, Alchemy, Covalent and joined by the founders and leadership of AAVE, Paraswap, Lido, Futureswap, Gnosis, Rarible, Aragon, Liquity, Celer, Connext, Perpetual, Euler, Opium, and 70 more."
- From their blog (1-3-2021):
"This [undisclosed amount] round is led by Union Square Ventures, Cloudflare, Firebase, Twilio, MongoDB, and Coinbase. It also includes our existing investors — Placeholder, 1kx, and Dragonfly — who have provided us with incredible support over the last two years."
Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!
Making these free wiki pages is fun but takes a lot of effort and time.
If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.