Search

Search for projects by name

SummaryMilestones & IncidentsRisk summaryRisk analysisTechnologyState validationOperatorWithdrawalsUpgrades & GovernancePermissionsSmart contractsKnowledge nuggets

GRVT logoGRVT

Badges

About

Gravity (GRVT) is a hybrid crypto derivatives exchange, providing a centralized exchange-like experience while being based on the ZK stack Validium codebase with confidential data availability and transaction filtering enabled.

Value secured
No data
Canonically Bridged
$0.00
Externally Bridged
$0.00
Natively Minted
$0.00
  • Tokens
    No data
  • Past day UOPS
    No data
  • 30D ops count
    No data
  • Type
    Validium
  • Purposes
    Universal, Gaming
    • Sequencer failureState validationData availabilityExit windowProposer failure

    Badges

    About

    Gravity (GRVT) is a hybrid crypto derivatives exchange, providing a centralized exchange-like experience while being based on the ZK stack Validium codebase with confidential data availability and transaction filtering enabled.

    Recategorisation

    116d
    18h
    16m
    46s

    The project will be classified as "Other" due to its specific risks that set it apart from the standard classifications.

    The project will move to Others because:

    There is no data availability bridge

    Consequence: projects without a data availability bridge fully rely on single entities (the sequencer) to honestly rely available data roots on Ethereum. A malicious sequencer can collude with the proposer to finalize an unavailable state, which can cause loss of funds.

    Learn more about the recategorisation
    Milestones & Incidents

    Mainnet alpha launch

    2024 Dec 20th

    GRVT mainnet alpha launches for all users.

    Learn more
    Risk summary

    Funds can be lost if

    1. the external data becomes unavailable (CRITICAL),
    2. the proof system is implemented incorrectly.

    Users can be censored if

    1. the operator refuses to include their transactions,
    2. the Operator does not specifically whitelist them in the TransactionFilterer.

    MEV can be extracted if

    1. the operator exploits their centralized position and frontruns user transactions.
    Risk analysis
    Sequencer failureState validationData availabilityExit windowProposer failure

    Sequencer failure

    No mechanism

    There is no mechanism to have transactions be included if the sequencer is down or censoring. The Operator actively uses a TransactionFilterer contract, which requires accounts that enqueue or force transactions from L1 to be whitelisted.

    State validation

    ZK proofs (ST, SN)

    STARKs and SNARKs are zero knowledge proofs that ensure state correctness. STARKs proofs are wrapped in SNARKs proofs for efficiency. SNARKs require a trusted setup.

    Data availability

    External

    Proof construction and state derivation rely fully on data that is NOT published onchain.

    Exit window

    None

    There is no window for users to exit in case of an unwanted standard upgrade because the central operator can censor withdrawal transactions by implementing a TransactionFilterer with no delay. The standard upgrade delay is 4d 3h.

    Proposer failure

    Cannot withdraw

    Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen. There is a decentralized Governance system that can attempt changing Proposers with an upgrade.

    Technology

    Data is not stored on chain

    The transaction data is not recorded on the Ethereum main chain. Transaction data is stored off-chain and only the hashes are posted onchain by the centralized Sequencer.

    • Funds can be lost if the external data becomes unavailable (CRITICAL).

    1. ExecutorFacet - _commitOneBatch() function
    State validation

    Each update to the system state must be accompanied by a ZK proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. These proofs are then verified on Ethereum by a smart contract.

    Prover Architecture

    ZKsync Era proof system Boojum can be found here and contains essential tools like the Prover, the Verifier, and other backend components. The specs of the system can be found here.

    ZK Circuits

    ZKsync Era circuits are built from Boojum and are designed to replicate the behavior of the EVM. The source code can be found here. The circuits are checked against tests that can be found here.

    • Funds can be lost if the proof system is implemented incorrectly.

    Verification Keys Generation

    SNARK verification keys can be generated and checked against the Ethereum verifier contract using this tool. The system requires a trusted setup.

    Operator

    The system has a centralized operator

    The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system.

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

    Users can't force any transaction

    If a user is censored by the L2 Sequencer, they cannot by default force their transaction via the L1 queue. An an active TransactionFilterer contract which allows only whitelisted accounts to enqueue, prevents it. Even if a user was specifically whitelisted, there is no mechanism that forces L2 Sequencer to include transactions from the queue in an L2 block.

    • Users can be censored if the operator refuses to include their transactions.

    • Users can be censored if the Operator does not specifically whitelist them in the TransactionFilterer.

    1. L1 - L2 interoperability - Developer's documentation
    2. Mailbox facet
    3. TransactionFilterer
    Withdrawals

    Regular messaging

    The user initiates L2->L1 messages by submitting a regular transaction on this chain. When the block containing that transaction is settled, the message becomes available for processing on L1. ZK proofs are required to settle blocks.

    1. Withdrawing funds - ZKsync documentation

    Forced messaging

    If the user experiences censorship from the operator with regular L2->L1 messaging they can submit their messages directly on L1. The system is then obliged to service this request or halt all messages from L1, including all forced withdrawals and deposits. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular message.

    Upgrades & Governance
    A diagram of the upgrades and governance
    A diagram of the upgrades and governance

    There are two main paths for contract upgrades in the shared ZK stack ecosystem - standard and emergency - both converging on the shared upgrade proxy contract ProtocolUpgradeHandler. The standard path involves a governance proposal and voting through the DAO, multiple timelock delays and finally approval by the Guardians or 6 SecurityCouncil participants. The emergency path allows for contract upgrades without any delay by the EmergencyUpgradeBoard, which acts as a 3/3 Multisig between SecurityCouncil, Guardians and the FoundationMultisig.

    Standard path

    On ZKsync Era

    Delegates can start new proposals by reaching a threshold of 21M ZK tokens on the ZKsync Era Rollup’s ZkProtocolGovernor contract. This launches a 7d ‘voting delay’ after which the 7d voting period starts. During these first two periods, the proposal can be canceled by the proposer or if it falls below the proposing threshold. A proposal is only successful if it reaches both quorum (630M ZK tokens) and simple majority. When it reaches quorum, the voting period is reset to 7d. In the successful case, it can be queued in the 0s timelock which forwards it to Ethereum as an L2->L1 log.

    On Ethereum

    After the execution of the proposal-containing batch (3h delay), the proposal is now picked up by the ProtocolUpgradeHandler and enters the 3d ‘legal veto period’. This serves as a window in which a veto could be coordinated offchain, to be then enforced by non-approval of Guardians and SecurityCouncil. A threshold of 2 Guardians can extend the veto period to 7d. After this a proposal enters a waiting state of 30d, from which it can be immediately approved (cancelling the delay) by 6 participants of the SecurityCouncil. For the unlikely case that the SC does not approve here, the Guardians can instead approve the proposal, or nobody. In the two latter cases, the waiting period is enforced in full. A proposal cannot be actively cancelled in the ProtocolUpgradeHandler, but will be expired if not approved within the waiting period. An approved proposal now enters the pendingExecution state for a final delay of 1d, and can then be executed.

    Other governance tracks

    There are two other tracks of Governance also starting with DAO Delegate proposals the ZKsync Era rollup: 1) Token Program Proposals that add new minters, allocations or upgrade the ZK token and 2) Governance Advisory Proposals that e.g. change the ZK Credo or other offchain Governance Procedures without onchain targets. The protocol for these two other tracks is similar to the first part of the standard path described above (albeit having different quorum and timelock values), and not passing over to the Ethereum L1. Further customizations are that the ZkFoundationMultisig can propose to the ZkTokenGovernor without a threshold and that the Guardians’ L2 alias can cancel proposals in the ZkTokenGovernor and the ZkGovOpsGovernor.

    Emergency path

    SecurityCouncil (9 / 12), Guardians (5 / 8) and ZkFoundationMultisig (3 / 5) form a de-facto 3/3 Multisig by pushing an immediate upgrade proposal through the EmergencyUpgradeBoard, which circumvents all delays and executes immediately via the ProtocolUpgradeHandler.

    Upgrade Delays

    The cumulative duration of the upgrade paths from the moment of a voted ‘successful’ proposal is 4d 3h or 8d 3h (depending on Guardians extending the LegalVetoPeriod) for Standard, 0 for Emergency and 34d 3h for the path in which the SecurityCouncil is not approving the proposal.

    Freezing

    The SecurityCouncil can freeze (pause withdrawals and settlement) all chains connected to the current StateTransitionManager. Either for a softFreeze of 12h or a hardFreeze of 7d. After a softFreeze and / or a hardFreeze, a proposal from the EmergencyUpgradeBoard has to be passed before subsequent freezes are possible. Only the SecurityCouncil can unfreeze an active freeze.

    Elastic Chain Operator and ChainAdmin

    Apart from the paths that can upgrade all shared implementations, the ZK stack governance system defines other roles that can modify the system: A single Elastic Chain operator role that governs parameters in the shared contracts and a ChainAdmin role (in the chain-specific diamond contract) for managing parameters of each individual Hyperchain that builds on the stack. These chain-specific actions include setting a transaction filterer that can censor L1 -> L2 messages, setting fee parameters and adding / removing Validators in the ValidatorTimelock. ZKsync Era’s ChainAdmin differs from the others as it also has the above Elastic Chain Operator role in the shared ZK stack contracts.

    Permissions

    Ethereum

    Roles:

    Validator (2) 0x0b11…6ef00x58D1…6522

    Permissioned to call the functions to commit, prove, execute and revert L2 batches through the ValidatorTimelock in the main Diamond contract.

    Actors:

    GrvtChainAdminMultisig 0x3a23…19e5
    • A Multisig with 2 / 3 threshold.
    • Can act on behalf of GrvtZkEvmAdmin.
    • Is allowed to interact with GrvtZkEvmAdmin - set the conversion factor for gas token deposits.
    • Is allowed to interact with GrvtZkEvm - manage fees, apply predefined upgrades and manage censorship through a TransactionFilterer (ChainAdmin role) - acting via GrvtZkEvmAdmin.
    • Can upgrade the implementation of GRVTTransactionFilterer, GRVTBridgeProxy.

    Participants (3):

    EOA 40x2949…5F3A0x9A44…1270
    GRVTTransactionFilterer 0x3Cd5…109a

    Is allowed to interact with GrvtZkEvm - define addresses that can send transactions from L1 to L2 (e.g. for deposits, withdrawals, queued transactions). This is enforced in the Mailbox Facet.

    ValidatorTimelock 0x5D8b…d06E
    • Intermediary contract between the Validators and the central diamond contract that delays block execution (ie withdrawals and other L2 --> L1 messages) by 3h.
    • Is allowed to interact with GrvtZkEvm - commit, prove, execute, revert batches directly in the main Diamond contract. This role is typically held by a proxying ValidatorTimelock.

    Used in:

    GRVTBridgeProxy 0xE17a…3a65
    • Checks the signature of the DepositApprover for each deposit and, on succeeding, forwards the user’s funds and bridging request to the L1SharedBridge contract to deposit to GRVT.
    • Is allowed to interact with GRVTTransactionFilterer - address is part of the GRVTTransactionFilterer whitelist.
    Governance 0xe81d…a9d1

    Is allowed to interact with GRVTTransactionFilterer - address is part of the GRVTTransactionFilterer whitelist.

    Matter Labs Multisig 0x4e49…7828
    • A Multisig with 4 / 7 threshold.
    • Can act on behalf of EraAdminProxy.
    • Is allowed to interact with BridgeHub - register new tokens in the BridgeHub and create new chains sharing the Elastic Chain contracts - acting via EraAdminProxy.
    • Is allowed to interact with StateTransitionManager - manage the shared ValidatorTimelock contract address, revert batches and set permissioned validators for all chains connected to the StateTransitionManager - acting via EraAdminProxy.
    • Is allowed to interact with L1SharedBridge - register new Elastic Chains in the shared bridge - acting via EraAdminProxy.

    Participants (7):

    0x3F00…c4810x8A23…D6740x3068…d2Bc0x702c…78b70xFAdb…79AE0xfd03…aEd20x700D…F1df

    Used in:

    SecurityCouncil 0xBDFf…De0D
    • A Multisig with 9 / 12 threshold.
    • Custom Multisig implementation that has a general threshold of 9 but also specific thresholds for upgrade approvals (6) or soft freezes (3).
    • Is allowed to interact with ProtocolUpgradeHandler - soft freeze, hard freeze, approve a protocol upgrade.

    Participants (12):

    GnosisSafeGnosisSafeGnosisSafeGnosisSafeGnosisSafeGnosisSafeGnosisSafeGnosisSafeGnosisSafeGnosisSafeGnosisSafeGnosisSafe

    Used in:

    1. Security Council members - ZK Nation docs
    Guardians 0xD677…A888
    • A Multisig with 5 / 8 threshold.
    • Custom Multisig implementation that has a general threshold of 5 and a specific threshold for extending the legal voting period of 2.
    • Is allowed to interact with ProtocolUpgradeHandler - extend the legal veto period, approve a protocol upgrade.

    Participants (8):

    GnosisSafeGnosisSafeGnosisSafeGnosisSafeGnosisSafeGnosisSafeGnosisSafeGnosisSafe

    Used in:

    1. Guardians - ZK Nation docs
    EmergencyUpgradeBoard 0xdEFd…9b29
    • A custom contract allowing a 3/3 of SecurityCouncil, ZkFoundationMultisig and Guardians to executeEmergencyUpgrade() via the ProtocolUpgradeHandler.
    • Can act on behalf of ProtocolUpgradeHandler.
    • Can upgrade the implementation of BridgeHub, StateTransitionManager, L1SharedBridge - acting via ProxyAdmin, ProtocolUpgradeHandler.

    Used in:

    ZkFoundationMultisig 0xbC16…B51c

    A Multisig with 3 / 5 threshold.

    Participants (5):

    0x56B3…22220x441e…c2d10xd596…da950x0B2E…47090x610e…b991

    Used in:

    EOA 3 0x5c8d…6a37

    Is allowed to interact with GRVTBridgeProxy - approve deposits to GRVT via the GRVTBridgeProxy.

    EOA 4 0xF29b…550b
    • Member of GrvtChainAdminMultisig.
    • Is allowed to interact with GRVTTransactionFilterer - address is part of the GRVTTransactionFilterer whitelist.
    • Is allowed to interact with GRVTTransactionFilterer - manage the whitelist of addresses.
    ProtocolTimelockController(L2->L1) 0x3701…e6A8

    Is allowed to interact with ProtocolUpgradeHandler - start (queue) upgrades.

    ZKsync Era

    Actors:

    ZkTokenGovernor 0x1056…6E89
    • Governance contract allowing for token voting (simple majority) with the ZK token through delegates. This contract is used for Token Program Proposals (TPPs) usually targeting the ZK token on ZKsync Era. At least 21M ZK tokens are necessary to start a proposal (for delegates) and a 630M quorum of voted tokens must be met to succeed.
    • Can act on behalf of TokenTimelockController with 3d delay.
    • Is allowed to interact with TokenTimelockController - cancel queued transactions.
    • Is allowed to interact with TokenTimelockController - execute transactions that are ready.
    • Is allowed to interact with TokenTimelockController - propose transactions.
    • Is allowed to interact with ZkToken - grant the MINTER_ROLE to arbitrary addresses, thus controlling the minting of the ZK token - acting via TokenTimelockController with 3d delay.
    ZkGovOpsGovernor 0x4968…afAb
    • Governance contract allowing for token voting (simple majority) with the ZK token through delegates. This contract is used for Governance Advisory Proposals (GAPs) that are not executable onchain. At least 21M ZK tokens are necessary to start a proposal and a 630M quorum of voted tokens must be met to succeed.
    • Can act on behalf of GovOpsTimelockController with 3d delay.
    • Is allowed to interact with GovOpsTimelockController - cancel queued transactions.
    • Is allowed to interact with GovOpsTimelockController - execute transactions that are ready.
    • Is allowed to interact with GovOpsTimelockController - propose transactions.
    ZkProtocolGovernor 0x7670…e34f
    • Main Governance contract allowing for token voting (simple majority) with the ZK token through delegates. This contract is used for protocol upgrade proposals (ZIPs) that start on ZKsync Era, go through Ethereum Layer 1 and can - from there - target all L1 and L2 contracts. At least 21M ZK tokens are necessary to start a proposal and a 630M quorum of voted tokens must be met to succeed.
    • Can act on behalf of ProtocolTimelockController.
    • Is allowed to interact with ProtocolTimelockController - cancel queued transactions.
    • Is allowed to interact with ProtocolTimelockController - execute transactions that are ready.
    • Is allowed to interact with ProtocolTimelockController - propose transactions.
    ProtocolUpgradeHandler_l2Alias 0xA08b…29A8
    • Is allowed to interact with ZkToken - control all roles in the ZkToken access control, including the minter roles.
    • Can upgrade the implementation of ZkToken - acting via ZkTokenProxyAdmin.
    ZKFoundationMultisig_l2Alias 0xcd27…C62D

    Is allowed to interact with ZkTokenGovernor - make direct proposals without owning ZK tokens. In propose-guarded mode, this address is the ONLY allowed proposer. Propose-guarded mode is currently set to false.

    Guardians_l2Alias 0xe788…b999

    Is allowed to interact with ZkTokenGovernor, ZkGovOpsGovernor - cancel proposals while they are pending (after having been proposed) or active (during the voting period).

    Smart contracts
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    Ethereum

    Verifier 0x06aa…EB66

    Implements the ZK proof verification logic.

    Implementation used in:

    GrvtZkEvmAdmin 0x6308…3e7D

    Can be used to interact with GrvtZkEvm - manage fees, apply predefined upgrades and manage censorship through a TransactionFilterer (ChainAdmin role).

    GrvtZkEvm 0xe3e3…D89EImplementation #1 (Upgradable)Implementation #2 (Upgradable)Implementation #3 (Upgradable)Implementation #4 (Upgradable)

    The main contract defining the Layer 2. The operator commits blocks and provides a ZK proof which is validated by the Verifier contract and then processes transactions. During batch execution it processes L1 --> L2 and L2 --> L1 transactions.

    Implementation used in:

    EraAdminProxy 0x2cf3…5063
    • Can be used to interact with BridgeHub - register new tokens in the BridgeHub and create new chains sharing the Elastic Chain contracts.
    • Can be used to interact with StateTransitionManager - manage the shared ValidatorTimelock contract address, revert batches and set permissioned validators for all chains connected to the StateTransitionManager.
    • Can be used to interact with L1SharedBridge - register new Elastic Chains in the shared bridge.

    Implementation used in:

    BridgeHub 0x303a…5213Implementation (Upgradable)Admin

    Sits between the shared bridge and the StateTransitionManager(s) and relays L1 <-> L2 messages from the shared bridge or other ZK stack chains to their respective destinations.

    Can be upgraded by:
    EmergencyUpgradeBoard with no delay

    Proxy used in:

    GenesisUpgrade 0x6e2B…3971

    Helper contract that defines diamondcut data to initialize a new diamond implementation for the chain-specific system contracts.

    Implementation used in:

    ProtocolUpgradeHandler 0x8f7a…1897
    • The central upgrade contract and Governance proxy for all ZK stack contracts. Accepts successful DAO proposals from L2, emergency proposals from the EmergencyUpgradeBoard. The three members of the EmergencyUpgradeBoard also have special roles and permissions in this contract.
    • Can act on behalf of ProxyAdmin.

    Implementation used in:

    ProxyAdmin 0xC2a3…2cf1

    Can be used to upgrade implementation of BridgeHub, StateTransitionManager, L1SharedBridge.

    Implementation used in:

    StateTransitionManager 0xc2eE…5f5CImplementation (Upgradable)Admin

    Defines L2 diamond contract creation and upgrade data, the proof system for the ZKsync diamond contract connected to it (and other L2 diamond contracts that share the logic).

    Can be upgraded by:
    EmergencyUpgradeBoard with no delay

    Proxy used in:

    L1SharedBridge 0xD7f9…B2cBImplementation (Upgradable)Admin

    This bridge contract escrows all ERC-20s and ETH that are deposited to registered ZK stack chains like ZKsync Era.

    Can be upgraded by:
    EmergencyUpgradeBoard with no delay

    Proxy used in:

    ZKsync Era

    ProtocolTimelockController 0x3701…e6A8

    Timelock contract that can send L2->L1 transactions to start a proposal in the ProtocolUpgradeHandler on Ethereum (L2_SENDER_ROLE). This timelock has a minimum delay of 0s.

    TokenTimelockController 0x3E21…dDd6
    • Timelock contract allowing the queueing of transactions with a minimum delay of 3d.
    • Can be used to interact with ZkToken - grant the MINTER_ROLE to arbitrary addresses, thus controlling the minting of the ZK token.
    ZkToken 0x5A7d…af3EImplementation (Upgradable)Admin

    The ZK token contract on ZKsync Era. Mintable through access control roles. Used for voting in the ZK stack governance system.

    Can be upgraded by:
    ProtocolUpgradeHandler_l2Alias with no delay
    GovOpsTimelockController 0xC3e9…7a19

    Timelock contract allowing the queueing of transactions with a minimum delay of 3d.

    ZkTokenProxyAdmin 0xdB1E…15CC

    Can be used to upgrade implementation of ZkToken.

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is a 4d 3h - 8d 3h delay on code upgrades unless upgrade is initiated by the EmergencyUpgradeBoard in which case there is no delay.

    Knowledge nuggets
    Thumbnail of State diffs vs raw tx data

    State diffs vs raw tx data

    Learn more