Chart

...

Tokens

Choose token

Canonically Bridged Tokens (Top 15)

Ether (ETH)
USD Coin (USDC)
Tether USD (USDT)
Dai Stablecoin (DAI)
Wrapped liquid staked Ether 2.0 (wstETH)
Wrapped BTC (WBTC)
Rocket Pool ETH (rETH)

Milestones

StarkGate Alpha

2022 May 9th

Bridge is live on mainnet, serving as gateway between Ethereum and Starknet.

Learn more

Starknet Alpha

2021 Nov 29th

Rollup is live on mainnet, enabling general computation using ZK Rollup technology.

Learn more
Show more

Description

Starknet is a general purpose ZK Rollup built using STARK cryptographic proof system. Starknet uses the Cairo programming language both for its infrastructure and for writing Starknet contracts. L2 <–> L1 messaging infrastructure is available and contracts are fully composable. It is currently launched with a single Sequencer.

If you find something wrong on this page you can submit an issue or edit the information.

Risk analysis

Sequencer failureState validationData availabilityUpgradeabilityProposer failure

State validation

ZK proofs (ST)

zkSTARKS are zero knowledge proofs that ensure state correctness.

Data availability

On chain (SD)

All of the data (SD = state diffs) needed for proof construction is published on chain.

Upgradeability

Yes

The code that secures the system can be changed arbitrarily and without notice.

Sequencer failure

No mechanism

There is no mechanism to have transactions be included if the sequencer is down or censoring.

Proposer failure

Cannot withdraw

Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.

Rollup stage

StarknetStarknet is a
Stage 0
ZK Rollup.
Learn more about Rollup stages
Please keep in mind that these stages do not reflect rollup security, this is an opinionated assessment of rollup maturity based on subjective criteria, created with a goal of incentivizing projects to push toward better decentralization. Each team may have taken different paths to achieve this goal.

Technology

Validity proofs ensure state correctness

Each update to the system state must be accompanied by a ZK proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. These proofs are then verified on Ethereum by a smart contract.

  1. What is Starknet

Zero knowledge STARK cryptography is used

Despite their production use zkSTARKs proof systems are still relatively new, complex and they rely on the proper implementation of the polynomial constraints used to check validity of the Execution Trace.

  • Funds can be lost if the proof system is implemented incorrectly.

  1. STARK Core Engine Deep Dive

All data required to reconstruct rollup state is published on chain

State diffs are publish on-chain as calldata on every state update. The state diffs contain information on every contact whose storage was updated, and additional information on contract deployments. From diffs full system state can be recovered. Contracts’ code is not published on L1, but can be trustlessly verified if available elsewhere.

  1. On-Chain Data - Starknet documentation

State derivation

Node software

The Juno node software can be used to reconstruct the L2 state entirely from L1. The feature has not been released yet, but can be found in this PR.

Compression scheme

Starknet doesn’t use any compression scheme.

Genesis state

There is no non-empty genesis state.

Data format

The data format has been updated with different versions, and the full specification can be found here.

Operator

The system has a centralized operator

The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system. Typically, the Operator is the hot wallet of the Starknet service submitting state updates for which proofs have been already submitted and verified.

  • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

Users can't force any transaction

There is no general mechanism to force the sequencer to include the transaction.

  • Users can be censored if the operator refuses to include their transactions.

  1. Censorship resistance of Starknet - Forum Discussion

Withdrawals

Regular exit

The user initiates the withdrawal by submitting a regular transaction on this chain. When the block containing that transaction is proven the funds become available for withdrawal on L1. Finally the user submits an L1 transaction to claim the funds. This transaction does not require a merkle proof. Note that the withdrawal request can be censored by the Sequencer.

  • Funds can be frozen if the operator censors withdrawal transaction.

  1. Withdrawing is based on l2 to l1 messages - Starknet documentation

Emergency exit

There is no generic escape hatch mechanism as Starknet cannot be forced by users into a frozen state. Note that a freezing mechanism on L2, to be secure, requires anti-censorship protection.

Permissions

The system uses the following set of permissioned addresses:

Starknet Proxy Governors 0xD5fB…B2630x83C0…e988

Can upgrade implementation of the system, potentially gaining access to all funds stored in the bridge. Can also upgrade implementation of the StarknetCore contract, potentially allowing fraudulent state to be posted. Currently there is no delay before the upgrade, so the users will not have time to migrate.

Proxy Multisig 0x83C0…e988

One of Proxy Governors. This is a Gnosis Safe with 2 / 4 threshold.

Those are the participants of the Proxy Multisig.

Starknet Implementation Governors 0x16C8…eA3E0x86fD…b1Bd

The governors are responsible for: appointing operators, changing program hash, changing config hash, changing message cancellation delay. There is no delay on governor actions.

SHARP Verifier Governors 0x3DE5…F5C60x21F9…AEc4

Can upgrade implementation of SHARP Verifier, potentially with code approving fraudulent state. Currently there is 28d delay before the upgrade.

SHARPVerifierGovernorMultisig 0x21F9…AEc4

SHARP Verifier Governor. This is a Gnosis Safe with 2 / 3 threshold.

SHARPVerifierGovernorMultisig participants 0x5923…85580xebc8…fD7F0x955B…2Fec

Those are the participants of the SHARPVerifierGovernorMultisig.

Allowed to post state updates. When the operator is down the state cannot be updated.

MakerDAO Governance 0x0a3f…dDC0

In DAI bridge it can set max deposit per bridge and per user. In DAI escrow it can approve token transfers.

StarkGate ETH owner 0xC91E…B2Ae0x0152…C6Ec

Can upgrade implementation of the ETH escrow, potentially gaining access to all funds stored in the bridge. Currently there is 7d delay before the upgrade.

StarkGate WBTC owner 0xdc29…1D230x0152…C6Ec

Can upgrade implementation of the WBTC escrow, potentially gaining access to all funds stored in the bridge. Currently there is 7d delay before the upgrade.

StarkGate USDC owner 0xf5EF…30b40x0152…C6Ec

Can upgrade implementation of the USDC escrow, potentially gaining access to all funds stored in the bridge. Currently there is 7d delay before the upgrade.

StarkGate USDT owner 0x8dB2…29810x0152…C6Ec

Can upgrade implementation of the USDT escrow, potentially gaining access to all funds stored in the bridge. Currently there is 7d delay before the upgrade.

StarkGate wstETH owner 0x5751…f21A

Can upgrade implementation of the wstETH escrow, potentially gaining access to all funds stored in the bridge. Currently there is no delay before the upgrade, so the users will not have time to migrate.

StarkGate rETH owner 0x5751…f21A

Can upgrade implementation of the rETH escrow, potentially gaining access to all funds stored in the bridge. Currently there is no delay before the upgrade, so the users will not have time to migrate.

BridgeMultisig 0x0152…C6Ec

Can upgrade the following bridges: WBTC, ETH, USDT, USDC. This is a Gnosis Safe with 2 / 4 threshold.

Those are the participants of the BridgeMultisig.

Smart contracts

A diagram of the smart contract architecture
A diagram of the smart contract architecture

The system consists of the following smart contracts:

Starknet contract receives (verified) state roots from the Sequencer, allows users to read L2 -> L1 messages and send L1 -> L2 message.

Can be upgraded by: Starknet Proxy Governors

Upgrade delay: No delay

CallProxy for GpsStatementVerifier.

SHARPVerifier 0x6cB3…1BF6

Starkware SHARP verifier used collectively by Starknet, Sorare, ImmutableX, Apex, Myria, rhino.fi and Canvas Connect. It receives STARK proofs from the Prover attesting to the integrity of the Execution Trace of these Programs including correctly computed state root which is part of the Program Output.

FriStatementContract 0x3E61…d2DD

Part of STARK Verifier.

MerkleStatementContract 0x5899…5fa4

Part of STARK Verifier.

MemoryPageFactRegistry 0xFD14…D1b4

MemoryPageFactRegistry is one of the many contracts used by SHARP verifier. This one is important as it registers all necessary on-chain data.

CairoBootloaderProgram 0x5d07…9dDf

Part of STARK Verifier.

L1DaiGateway 0x9F96…388d

Custom DAI Gateway, main entry point for users depositing DAI to L2 where “canonical” L2 DAI token managed by MakerDAO will be minted. Managed by MakerDAO.

Value Locked is calculated based on these smart contracts and tokens:

StarkGate bridge for ETH. The current bridge cap is 150 K ETH.

Can be upgraded by: StarkGate ETH owner and BridgeMultisig

Upgrade delay: 7d

Escrow for DAI 0x0437…585C

DAI Vault for custom DAI Gateway managed by MakerDAO. The current bridge cap is 5.00 M DAI.

StarkGate bridge for WBTC. The current bridge cap is 200 WBTC.

Can be upgraded by: StarkGate WBTC owner and BridgeMultisig

Upgrade delay: 7d

StarkGate bridge for USDC. The current bridge cap is 40.00 M USDC.

Can be upgraded by: StarkGate USDC owner and BridgeMultisig

StarkGate bridge for USDT. The current bridge cap is 20.00 M USDT.

Can be upgraded by: StarkGate USDT owner and BridgeMultisig

Upgrade delay: 7d

StarkGate bridge for wstETH. The current bridge cap is 5.00 K wstETH.

Can be upgraded by: StarkGate wstETH owner

StarkGate bridge for rETH. The current bridge cap is 10.00 K rETH.

Can be upgraded by: StarkGate rETH owner

The current deployment carries some associated risks:

  • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

Knowledge nuggets