Starknet is a general purpose ZK Rollup built using STARK cryptographic proof system. Starknet uses the Cairo programming language both for its infrastructure and for writing Starknet contracts. L2 <–> L1 messaging infrastructure is available and contracts are fully composable. It is currently launched with a single Sequencer.
zkSTARKS are zero knowledge proofs that ensure state correctness.
All of the data (SD = state diffs) needed for proof construction is published on chain.
The code that secures the system can be changed arbitrarily and without notice.
There is no mechanism to have transactions be included if the sequencer is down or censoring.
Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.
Each update to the system state must be accompanied by a ZK proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. These proofs are then verified on Ethereum by a smart contract.
Despite their production use zkSTARKs proof systems are still relatively new, complex and they rely on the proper implementation of the polynomial constraints used to check validity of the Execution Trace.
Funds can be lost if the proof system is implemented incorrectly.
State diffs are publish on-chain as calldata on every state update. The state diffs contain information on every contact whose storage was updated, and additional information on contract deployments. From diffs full system state can be recovered. Contracts’ code is not published on L1, but can be trustlessly verified if available elsewhere.
Starknet doesn’t use any compression scheme.
There is no non-empty genesis state.
The data format has been updated with different versions, and the full specification can be found here.
The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system. Typically, the Operator is the hot wallet of the Starknet service submitting state updates for which proofs have been already submitted and verified.
MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.
There is no general mechanism to force the sequencer to include the transaction.
Users can be censored if the operator refuses to include their transactions.
The user initiates the withdrawal by submitting a regular transaction on this chain. When the block containing that transaction is proven the funds become available for withdrawal on L1. Finally the user submits an L1 transaction to claim the funds. This transaction does not require a merkle proof. Note that the withdrawal request can be censored by the Sequencer.
Funds can be frozen if the operator censors withdrawal transaction.
There is no generic escape hatch mechanism as Starknet cannot be forced by users into a frozen state. Note that a freezing mechanism on L2, to be secure, requires anti-censorship protection.
Can upgrade implementation of the system, potentially gaining access to all funds stored in the bridge. Can also upgrade implementation of the StarknetCore contract, potentially allowing fraudulent state to be posted. Currently there is no delay before the upgrade, so the users will not have time to migrate.
One of Proxy Governors. This is a Gnosis Safe with 2 / 4 threshold.
SHARP Verifier Governor. This is a Gnosis Safe with 2 / 3 threshold.
In DAI bridge it can set max deposit per bridge and per user. In DAI escrow it can approve token transfers.
Can upgrade implementation of the wstETH escrow, potentially gaining access to all funds stored in the bridge. Currently there is no delay before the upgrade, so the users will not have time to migrate.
Can upgrade implementation of the rETH escrow, potentially gaining access to all funds stored in the bridge. Currently there is no delay before the upgrade, so the users will not have time to migrate.
Can upgrade the following bridges: WBTC, ETH, USDT, USDC. This is a Gnosis Safe with 2 / 4 threshold.
Starkware SHARP verifier used collectively by Starknet, Sorare, ImmutableX, Apex, Myria, rhino.fi and Canvas Connect. It receives STARK proofs from the Prover attesting to the integrity of the Execution Trace of these Programs including correctly computed state root which is part of the Program Output.
Part of STARK Verifier.
Part of STARK Verifier.
MemoryPageFactRegistry is one of the many contracts used by SHARP verifier. This one is important as it registers all necessary on-chain data.
Part of STARK Verifier.
Custom DAI Gateway, main entry point for users depositing DAI to L2 where “canonical” L2 DAI token managed by MakerDAO will be minted. Managed by MakerDAO.
DAI Vault for custom DAI Gateway managed by MakerDAO. The current bridge cap is 5.00 M DAI.
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).