Loopring

The chart illustrates how "live" the project's operators are by displaying how frequently they submit transactions of the selected type and if these intervals deviate from their typical schedule.

2025 Jun 05 — Jul 05

30D avg. proof subs. interval

16 minutes

30D avg. state updates interval

16 minutes

Past 30 days anomalies

Milestones & Incidents

DeFi Port is Live on Loopring

2022 Sep 27th

Dutch auctions, lending, and other DeFi functions can be performed on Loopring.

Learn more

Loopring Supports NFTs

2021 Aug 24th

Loopring supports NFT minting, trading, and transfers.

Learn more

Risk summary

Sequencer failureState validationData availabilityExit windowProposer failure

Sequencer failure

Force via L1

Users can force the sequencer to include a withdrawal transaction by submitting a request through L1 with a 0.02 ETH fee. If the sequencer is down for more than 15d, users can use the exit hatch to withdraw their funds. The sequencer can censor individual deposits, but in such case after 15d users can get their funds back.

State validation

ZK proofs (SN)

SNARKs are zero knowledge proofs that ensure state correctness, but require trusted setup.

Data availability

Onchain

All of the data needed for proof construction is published on Ethereum L1.

Exit window

None

There is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.

Proposer failure

Use escape hatch

Users are able to trustlessly exit by submitting a Merkle proof of funds.

Rollup stage

Loopring is a

Stage 0

Appchain

ZK Rollup.

Rollup operators cannot compromise the system, but being application-specific might bring additional risk.

Loopring provides an orderbook decentralized exchange for spot trading. Arbitrary contracts are not supported.

Note:

We're still in the process of formalizing how to properly integrate appchains in the Stages framework.

Learn more about Rollup stages

Please keep in mind that these stages do not reflect rollup security, this is an opinionated assessment of rollup maturity based on subjective criteria, created with a goal of incentivizing projects to push toward better decentralization. Each team may have taken different paths to achieve this goal.

Data availability

All data required for proofs is published onchain

All the data that is used to construct the system state is published onchain in the form of cheap calldata. This ensures that it will always be available when needed.

Introduction - Loopring design doc

Learn more about the DA layer here:

Ethereum

State validation

Each update to the system state must be accompanied by a ZK proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. These proofs are then verified on Ethereum by a smart contract.

ZK Circuits

Loopring utilizes Groth16 for their proving system. The source code of the circuits can be found here.

Funds can be lost if the proof system is implemented incorrectly.

Verification Keys Generation

Groth16 requires a circuit specific trusted setup, so they run their own ceremony. The first phase is run using Powers of Tau ceremony. Some of the instructions on how to regenerate the verification keys can be found here.

Validity proofs

Operators - Loopring design doc

Operator

The system has a centralized operator

The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system.

MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

Users can force exit the system

Force exit allows the users to escape censorship by withdrawing their funds. The system allows users to force the withdrawal of funds by submitting a request directly to the contract onchain. The request must be served within a defined time period. If this does not happen, the system will halt regular operation and permit trustless withdrawal of funds.

Users can be censored if the operator refuses to include their transactions. However, there exists a mechanism to independently exit the system.

Withdrawals

Regular exit

The user initiates the withdrawal by submitting a regular transaction on this chain. When the block containing that transaction is settled the funds become available for withdrawal on L1.ZK proofs are required to settle blocks. Finally the user submits an L1 transaction to claim the funds.

Withdraw - Loopring design doc

Forced exit

If the user experiences censorship from the operator with regular exit they can submit their withdrawal requests directly on L1. The system is then obliged to service this request. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular exit.

Emergency exit

If the 15d deadline passes and the forced exit is still ignored the user can put the system into Withdrawal Mode, disallowing further state updates. In that case everybody can withdraw by submitting a merkle proof of their funds with their L1 transaction.

Permissions

A dashboard to explore contracts and permissions

Go to Disco

Explore in Disco

Ethereum

Actors:

Block Submitters (13) 0x2b26…ab46 0x4774…A3aE 0x53dD…E234 0x212e…0A1A 0x238b…3843 0x3243…68f2 0xbfCc…7C42 0xA921…48Fc 0xeadb…c834 0xB1a6…36AB 0xeDEE…D9e5 0xE6b0…f095 0x487e…E341

Actors who can submit new blocks, updating the L2 state on L1.

RollupOwner 0x153C…8512

The rollup owner can submit blocks, set rollup parameters and shutdown the exchange.

There are impactful changes to the following permissions, and part of the information might be outdated.

LoopringMultisig 0xDd2A…9c97

A Multisig with 4/6 threshold. This address is the owner of the following contracts: LoopringIOExchangeOwner, ExchangeV3 (proxy), BlockVerifier, AgentRegistry, LoopringV3. This allows it to grant access to submitting blocks, arbitrarily change the forced withdrawal fee, change the Verifier address and upgrade ExchangeV3 implementation potentially gaining access to all funds in DefaultDepositContract.

Participants (6):

0x0F02…0438 0x576a…AB98 0x88f8…F191 0x3b1D…d5F1 0x7414…baa9 0x1F28…B3D1

Smart contracts

A dashboard to explore contracts and permissions

Go to Disco

Explore in Disco

A diagram of the smart contract architecture

Ethereum

ExchangeV3 0x0BAB…1eA4 Implementation (Upgradable)Admin

Main Loopring contract.

Can be upgraded by:

LoopringMultisig with no delay

LoopringIOExchangeOwner 0x153C…8512

Contract used by the Prover to submit exchange blocks with zkSNARK proofs that are later processed and verified by the BlockVerifier contract. It allows to give or revoke permissions to submit blocks and to open block submission to everyone.

DefaultDepositContract 0x674b…Bd3f

ERC 20 token basic deposit contract. Handles user deposits and withdrawals.

This contract can store any token.

LoopringV3 0xe56D…0C71

Contract managing LRC staking for exchanges (one Loopring contract can manage many exchanges). It also allows to change the forced withdrawal fee and the Verifier address.

FastWithdrawalAgent 0xec3C…8a31

Auxiliary contract allowing users to process fast withdrawals.

ForcedWithdrawalAgent 0x52ea…4470

Auxiliary contract able to force withdrawals from L1 on behalf of users.

BlockVerifier 0x6150…01ef

zkSNARK Verifier based on ethsnarks library.

Can be upgraded by:

LoopringMultisig with no delay

AgentRegistry 0x39B9…ea14

Agent registry that is used by all other Loopring contracts. Currently used are FastWithdrawalAgent, ForcedWithdrawalAgent, DestroyableWalletAgent and a number of LoopringAmmPool contracts.

The current deployment carries some associated risks:

Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

Badges

About

Badges

About

Funds can be stolen if

Funds can be lost if

Users can be censored if

MEV can be extracted if