Zk.Money v2 (Aztec Connect)
$3.83 M
10.00%
- Users' withdrawals can be censored by the permissioned operators.
- Upgrades executed by actors with more centralized control than a Security Council provide less than 7d for users to exit if the permissioned operator is down or censoring.
...
Choose token
Ether (ETH)
Wrapped liquid staked Ether 2.0 (wstETH)
Dai Stablecoin (DAI)Introducing Noir
2022 Oct 6th
Noir - programming language for zero-knowledge proofs, has been introduced.
Mainnet Launch
2022 Jul 7th
Aztec Connect is live on mainnet, enabling private DeFi on Ethereum.
Funds can be stolen if
Funds can be frozen if
MEV can be extracted if
State validation
ZK proofs (SN)zkSNARKS are zero knowledge proofs that ensure state correctness, but require trusted setup.
Data availability
On chainAll of the data needed for proof construction is published on chain.
Exit window
NoneThere is no window for users to exit in case of an unwanted upgrade since contracts are instantly upgradable.
Sequencer failure
Self sequenceIn the event of a sequencer failure, users can force transactions to be included in the project’s chain by sending them to L1. Proposing new blocks requires creating ZK proofs.
Proposer failure
Cannot withdrawOnly the whitelisted proposers can publish L2 state roots on L1 within ~136 years from the last posted root, so in the event of failure the withdrawals are frozen.
Zk.Money v2 (Aztec Connect) is a Validity proofs ensure state correctness
Each update to the system state must be accompanied by a ZK proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. These proofs are then verified on Ethereum by a smart contract.
Zero knowledge SNARK cryptography is used
Despite their production use zkSNARKs are still new and experimental cryptography. Cryptography has made a lot of advancements in the recent years but all cryptographic solutions rely on time to prove their security. In addition zkSNARKs require a trusted setup to operate.
Funds can be stolen if the cryptography is broken or implemented incorrectly.
All data required for proofs is published on chain
All the data that is used to construct the system state is published on chain in the form of cheap calldata. This ensures that it will always be available when needed.
The entire stack’s source code is housed in a single monorepo, which can be found here. For instructions on running the node, please refer to this readme.
No compression is used.
The code to decode onchain data can be found here
The system has a centralized operator
Only specific addresses appointed by the owner are permitted to propose new blocks during regular rollup operation. Periodically a special window is open during which anyone can propose new blocks, but only if the last root was posted more than ~136 years prior.
MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.
Users can force any transaction
Because the block production is open to anyone if users experience censorship from the operator they can propose their own blocks which would include their transactions. Periodically the rollup opens a special window during which anyone can propose new blocks. This is only possible if the last root was posted more than ~136 years prior.
Funds can be frozen if the centralized operator censors withdrawal transactions (CRITICAL).
Regular withdraw
The user initiates the withdrawal by submitting a transaction on L2. When the block containing that transaction is proven on L1 the assets are automatically withdrawn to the user.
Payments are private
Balances and identities for all tokens on the Aztec rollup are encrypted. Each transaction is encoded as a zkSNARK, protecting user data.
The system uses the following set of permissioned addresses:
Owner of ProxyAdmin contract, which is used to upgrade RollupProcessorV2. OWNER_ROLE on RollupProcessorV2: can enable capped deposit/withdrawals, can add rollupProviders (sequencers), can change delay before escape hatch, can change the verifier contract with no delay, can change defiBridgeProxy This is a Gnosis Safe with 1 / 2 threshold.
Those are the participants of the Aztec Multisig.
EMERGENCY_ROLE on RollupProcessorV2: Can pause the rollup. This is a Gnosis Safe with 2 / 15 threshold.
Those are the participants of the Emergency Multisig.
RESUME_ROLE on RollupProcessorV2: Can resume the rollup. This is a Gnosis Safe with 10 / 15 threshold.
Those are the participants of the Resume Multisig.
LISTER_ROLE on RollupProcessorV2: Can add new tokens and bridges to the rollup. Can’t remove tokens or bridges. This is a Gnosis Safe with 2 / 3 threshold.
Those are the participants of the Lister Multisig.
Actors allowed to call the processRollup function on the RollupProcessorvV2 contract.
The system consists of the following smart contracts:
Main Rollup contract responsible for deposits, withdrawals and accepting transaction batches alongside a ZK proof. The escape hatch delay is currently set to ~136 years)} The contract is pausable by Emergency Multisig. This contract stores the following tokens: ETH, DAI, wstETH.
Can be upgraded by: Aztec Multisig
Upgrade delay: No delay
Contract responsible for distributing fees and reimbursing gas to Rollup Providers.
Bridge Connector to various DeFi Bridges.
Standard Plonk zkSNARK Verifier. It can be upgraded by the owner with no delay.
Can be upgraded by: Aztec Multisig
Upgrade delay: No delay
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
