StarkNet logoStarkNet

TVL: $594 K

+12.01% / 7 days

...

...

Tokens:
Websitestarknet.iostarkware.co/starknetstarkware.co/ecosystemcommunity.starknet.io
Social mediadiscord.gg@StarkWareLtdstarkwarestarkware.co
Documentationhttps://starknet.io/what-is-starknet
Explorervoyager.online
Source codegithub.com/starkware-libs

News

Description[Edit][Issue]

Currently only whitelisted contracts can be deployed on StarkNet.

StarkNet is a general purpose ZK-Rollup built using STARK cryptographic proof system. StarkNet uses the Cairo programming language both for its infrastructure and for writing StarkNet contracts. L2 <--> L1 messaging infrastructure is available and contracts are fully composable. It is currently launched with a single Sequencer.

Risk summary

Funds can be stolen if…

  1. a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

Funds can be lost if…

  1. the proof system is implemented incorrectly.

Funds can be frozen if…

  1. the operator censors withdrawal transaction.

Users can be censored if…

  1. the operator refuses to include their transactions.

MEV can be extracted if…

  1. the operator exploits their centralized position and frontruns user transactions.

Technology

Validity proofs ensure state correctness[Edit][Issue]

Each update to the system state must be accompanied by a ZK Proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. Once the proof is processed on the Ethereum blockchain the L2 block is instantly finalized.[1]

    Zero knowledge STARK cryptography is used[Edit][Issue]

    Despite their production use ZK-STARKs proof systems are still relatively new, complex and they rely on the proper implementation of the polynomial constraints used to check validity of the Execution Trace.[2]

    • Funds can be lost if the proof system is implemented incorrectly.

    All data required to reconstruct rollup state is published on chain[Edit][Issue]

    State diffs are publish on-chain as calldata on every state update. The state diffs contain information on every contact whose storage was updated, and additional information on contract deployments. From diffs full system state can be recovered.[3]

      Operator

      The system has a centralized operator[Edit][Issue]

      The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system. Typically, the Operator is the hot wallet of the StarkNet service submitting state updates for which proofs have been already submitted and verified.[4]

      • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

      Users can't force any transaction[Edit][Issue]

      There is no general mechanism to force the sequencer to include the transaction.[5]

      • Users can be censored if the operator refuses to include their transactions.

      Withdrawals

      Regular exit[Edit][Issue]

      The user initiates the withdrawal by submitting a transaction on L2. When the block containing that transaction is proven the funds become available for withdrawal on L1. Finally the user submits an L1 transaction to claim the funds. This transaction does not require a merkle proof. Note that the withdrawal request can be censored by the Sequencer.[6]

      • Funds can be frozen if the operator censors withdrawal transaction.

      Emergency exit[Edit][Issue]

      There is no generic escape hatch mechanism as StarkNet cannot be frozen. Application developers can develp app-specific escape hatches that could allow users to exit funds when L2 app is frozen. Note that freezing mechanizm on L2, to be secure, requires anti-censorship protection.[7]

        Smart Contracts[Edit][Issue]

        A diagram of the smart contract architecture
        A diagram of the smart contract architecture

        The system consists of the following smart contracts:

        • StarkNet Core Contract 0xc662…C8c4 Implementation (Upgradable)
          StarkNet contract receives (verified) state roots from the Sequencer, allows users to read L2 -> L1 messages and send L1 -> L2 message.
        • GpsStatementVerifier 0x4731…Db60 Implementation (Upgradable)
          Starkware SHARP verifier used collectively by StarkNet, Sorare, Immutable X and DeversiFi. It receives STARK proofs from the Prover attesting to the integrity of the Execution Trace of these four Programs including correctly computed L2 state root which is part of the Program Output.
        • MemoryPageFactRegistry 0x9637…DD8B
          MemoryPageFactRegistry is one of the many contracts used by SHARP verifier. This one is important as it registers all necessary on-chain data such as StarkNet contracts state diffs.
        • Eth Bridge 0xae0E…D419 Implementation (Upgradable)
          Starkgate bridge for ETH. This contract stores the following tokens: ETH.
        • L1DaiGateway 0x659a…5BB6
          Custom DAI Gateway, main entry point for users depositing DAI to L2 where "canonical" L2 DAI token managed by MakerDAO will be minted. Managed by MakerDAO.
        • L1Escrow 0x0437…585C
          DAI Vault for custom DAI Gateway managed by MakerDAO. This contract stores the following tokens: DAI.

        The current deployment carries some associated risks:

        • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

        References

        1. What is StarkNet
        2. STARK Core Engine Deep Dive
        3. On-chain Data
        4. StarkNet operator Etherscan address
        5. Censorship resistance of StarkNet - Forum Discussion
        6. Withdrawing is based on l2 to l1 messages - StarkNet documentation
        7. StarkNet code