Search

Search for projects by name

Immutable zkEVM logoImmutable zkEVM

Badges

About

Immutable zkEVM is a sidechain focused on gaming and powered by Polygon stack. It plans to eventually transition to a ZK Rollup.


Value secured
$27.54 M0.89%
Canonically Bridged
$27.54 M
Externally Bridged
$0.00
Natively Minted
$0.00

  • Tokens
  • Daily UOPS
    No data
  • 30D ops count
    No data

  • Type
    Other
  • Purpose
    Universal
  • Sequencer failureState validationData availabilityExit windowProposer failure

    Badges

    About

    Immutable zkEVM is a sidechain focused on gaming and powered by Polygon stack. It plans to eventually transition to a ZK Rollup.

    Why is the project listed in others?

    The proof system isn't fully functional

    Consequence: projects without a proper proof system fully rely on single entities to safely update the state. A malicious proposer can finalize an invalid state, which can cause loss of funds.

    There is no data availability bridge

    Consequence: projects without a data availability bridge fully rely on single entities (the sequencer) to honestly rely available data roots on Ethereum. A malicious sequencer can collude with the proposer to finalize an unavailable state, which can cause loss of funds.

    Learn more about the recategorisation here.

    Value Secured
    Canonical
    External
    Native
    Risk summary
    Risk analysis
    Sequencer failureState validationData availabilityExit windowProposer failure

    Sequencer failure

    No mechanism

    There is no mechanism to have transactions be included if the sequencer is down or censoring.

    State validation

    None

    Currently the system permits invalid state roots. More details in project overview.

    Data availability

    External

    Proof construction and state derivation rely fully on data that is NOT published onchain.

    Exit window

    None

    There is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.

    Proposer failure

    Cannot withdraw

    Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.

    Technology

    No state validation

    Immutable zkEVM bridge makes use of Axelar network (a Cosmos chain) to transfer assets between Ethereum and Immutable zkEVM. As in any standard Cosmos chain, validators are bonded by staking tokens and can be slashed by social consensus for misbehaviour.

    A deposit starts by a user depositing tokens on the Bridge contract and then the tokens are minted on the destination chain.

    Withdrawals to Ethereum can be delayed by a predefined time with a flow rate mechanism that controls outflows of the bridge escrow. The ProxyAdmin or an address with the rate_control role can define so-called buckets for each token: Each bucket has a capacity and a refill rate. All withdrawals that exceed the tokens bucket capacity trigger the withdrawal queue, which delays subsequent withdrawals of any of the bridges’ assets for a time defined in withdrawalDelay (currently 1d).

    • Users can be censored if validators on Axelar decide to not mint tokens after observing an event on Ethereum.

    • Funds can be stolen if validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum.

    • Funds can be stolen if validators relay a withdraw request that wasn't originated on the source chain.

    Permissions

    The system uses the following set of permissioned addresses:

    OwnerMultisig 0xD2C3…D192

    A Gnosis Safe with 4 / 6 threshold. Multisig controlling the ProxyAdmin, potentially stealing all locked funds.

    Used in:

    ProxyAdmin 0xdE2B…1Ec8

    Contract allowed to upgrade the Bridge, its flow rate control and the Axelar adaptor.

    Smart contracts
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    The system consists of the following smart contracts on the host chain (Ethereum):

    Main escrow for tokens. This contract stores the following tokens: IMX, USDC, ETH, USDT, GOG.

    Can be upgraded by:

    Upgrade delay: No delay

    Axelar adaptor contract used by the bridge.

    Can be upgraded by:

    Upgrade delay: No delay

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).