Starknet logoStarknet

  • Total value locked$62.36 M0.27%
  • Breakdown
  • Daily TPS2.230.56%
  • 30D tx count5.77 M
  • TechnologyZK Rollup
  • PurposeUniversal

    • ...

    Tokens:

    Milestones

    StarkGate Alpha

    2022 May 9th

    Bridge is live on mainnet, serving as gateway between Ethereum and Starknet.

    Learn more

    Starknet Alpha

    2021 Nov 29th

    Rollup is live on mainnet, enabling general computation using zkRollup technology.

    Learn more
    Show more

    Knowledge Nuggets

    Understand StarkWare #1

    Learn more

    Understand StarkWare #2

    Learn more

    Understand StarkWare #3

    Learn more

    Understand StarkWare #4

    Learn more

    Description

    Starknet is a general purpose ZK-Rollup built using STARK cryptographic proof system. Starknet uses the Cairo programming language both for its infrastructure and for writing Starknet contracts. L2 <--> L1 messaging infrastructure is available and contracts are fully composable. It is currently launched with a single Sequencer.

    If you find something wrong on this page you can submit an issue or edit the information.

    Risk Analysis

    Sequencer failureState validationData availabilityUpgradeabilityProposer failure

    State validation

    ZK proofs (ST)

    ZK-STARKS are zero knowledge proofs that ensure state correctness.

    Data availability

    On chain

    All of the data needed for proof construction is published on chain.

    Upgradeability

    Yes

    The code that secures the system can be changed arbitrarily and without notice.

    Sequencer failure

    No mechanism

    There is no mechanism to have transactions be included if the sequencer is down or censoring.

    Proposer failure

    Cannot withdraw

    Only the whitelisted proposers can publish L2 state roots on L1, so in the event of failure the withdrawals are frozen.

    Technology

    Validity proofs ensure state correctness

    Each update to the system state must be accompanied by a ZK Proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. Once the proof is processed on the Ethereum blockchain the L2 block is instantly finalized.

    1. What is Starknet

    Zero knowledge STARK cryptography is used

    Despite their production use ZK-STARKs proof systems are still relatively new, complex and they rely on the proper implementation of the polynomial constraints used to check validity of the Execution Trace.

    • Funds can be lost if the proof system is implemented incorrectly.

    1. STARK Core Engine Deep Dive

    All data required to reconstruct rollup state is published on chain

    State diffs are publish on-chain as calldata on every state update. The state diffs contain information on every contact whose storage was updated, and additional information on contract deployments. From diffs full system state can be recovered.

    1. On-Chain Data - Starknet documentation

    Operator

    The system has a centralized operator

    The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system. Typically, the Operator is the hot wallet of the Starknet service submitting state updates for which proofs have been already submitted and verified.

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

    1. Starknet operator Etherscan address

    Users can't force any transaction

    There is no general mechanism to force the sequencer to include the transaction.

    • Users can be censored if the operator refuses to include their transactions.

    1. Censorship resistance of Starknet - Forum Discussion

    Withdrawals

    Regular exit

    The user initiates the withdrawal by submitting a transaction on L2. When the block containing that transaction is proven the funds become available for withdrawal on L1. Finally the user submits an L1 transaction to claim the funds. This transaction does not require a merkle proof. Note that the withdrawal request can be censored by the Sequencer.

    • Funds can be frozen if the operator censors withdrawal transaction.

    1. Withdrawing is based on l2 to l1 messages - Starknet documentation

    Emergency exit

    There is no generic escape hatch mechanism as Starknet cannot be forced by users into a frozen state. Note that a freezing mechanism on L2, to be secure, requires anti-censorship protection.

    Permissions

    The system uses the following set of permissioned addresses:

    Starknet Proxy Governors 0xD5fB…B2630x83C0…e988

    Can upgrade implementation of the system, potentially gaining access to all funds stored in the bridge. Can also upgrade implementation of the StarknetCore contract, potentially allowing fraudulent state to be posted. Currently there is no delay before the upgrade, so the users will not have time to migrate.

    Proxy Multisig 0x83C0…e988

    One of Proxy Governors. This is a Gnosis Safe with 2 / 3 threshold.

    Proxy Multisig participants 0x64F4…57700x5923…85580xCe95…23a0

    Those are the participants of the Proxy Multisig.

    Starknet Implementation Governors 0x16C8…eA3E0x86fD…b1Bd

    The governors are responsible for: appointing operators, changing program hash, changing config hash, changing message cancellation delay. There is no delay on governor actions.

    SHARP Verifier Governors 0x3DE5…F5C60x21F9…AEc4

    Can upgrade implementation of SHARP Verifier, potentially with code approving fraudulent state. Currently there is 28d delay before the upgrade.

    SHARPVerifierGovernorMultisig 0x21F9…AEc4

    SHARP Verifier Governor. This is a Gnosis Safe with 2 / 3 threshold.

    SHARPVerifierGovernorMultisig participants 0x5923…85580xebc8…fD7F0x955B…2Fec

    Those are the participants of the SHARPVerifierGovernorMultisig.

    Operators 0xFf6B…c5910x2C16…0CA7

    Allowed to post state updates. When the operator is down the state cannot be updated.

    MakerDAO Governance 0x0a3f…dDC0

    In DAI bridge it can set max deposit per bridge and per user. In DAI escrow it can approve token transfers.

    StarkGate ETH owner 0xC91E…B2Ae

    Can upgrade implementation of the ETH escrow, potentially gaining access to all funds stored in the bridge. Currently there is 7d delay before the upgrade.

    StarkGate WBTC owner 0xdc29…1D23

    Can upgrade implementation of the WBTC escrow, potentially gaining access to all funds stored in the bridge. Currently there is 7d delay before the upgrade.

    StarkGate USDC owner 0xf5EF…30b4

    Can upgrade implementation of the USDC escrow, potentially gaining access to all funds stored in the bridge. Currently there is 7d delay before the upgrade.

    StarkGate USDT owner 0x8dB2…2981

    Can upgrade implementation of the USDT escrow, potentially gaining access to all funds stored in the bridge. Currently there is 7d delay before the upgrade.

    Smart Contracts

    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    The system consists of the following smart contracts:

    Starknet 0xc662…C8c4Implementation (Upgradable)

    Starknet contract receives (verified) state roots from the Sequencer, allows users to read L2 -> L1 messages and send L1 -> L2 message.

    Can be upgraded by: Starknet Proxy Governors

    Upgrade delay: No delay

    SHARPVerifierProxy 0x4731…Db60Implementation (Upgradable 28 days delay)

    CallProxy for GpsStatementVerifier.

    SHARPVerifier 0x6cB3…1BF6

    Starkware SHARP verifier used collectively by Starknet, Sorare, ImmutableX, Apex, Myria, rhino.fi and Canvas Connect. It receives STARK proofs from the Prover attesting to the integrity of the Execution Trace of these Programs including correctly computed L2 state root which is part of the Program Output.

    FriStatementContract 0x3E61…d2DD

    Part of STARK Verifier.

    MerkleStatementContract 0x5899…5fa4

    Part of STARK Verifier.

    MemoryPageFactRegistry 0xFD14…D1b4

    MemoryPageFactRegistry is one of the many contracts used by SHARP verifier. This one is important as it registers all necessary on-chain data.

    CairoBootloaderProgram 0x5d07…9dDf

    Part of STARK Verifier.

    L1DaiGateway 0x9F96…388d

    Custom DAI Gateway, main entry point for users depositing DAI to L2 where "canonical" L2 DAI token managed by MakerDAO will be minted. Managed by MakerDAO.

    TVL is calculated based on these smart contracts and tokens:

    Escrow for ETH 0xae0E…D419Implementation (Upgradable 7 days delay)

    StarkGate bridge for ETH.

    Can be upgraded by: StarkGate ETH owner

    Upgrade delay: 7d

    Escrow for DAI 0x0437…585C

    DAI Vault for custom DAI Gateway managed by MakerDAO.

    Escrow for WBTC 0x2837…b5b4Implementation (Upgradable 7 days delay)

    StarkGate bridge for WBTC.

    Can be upgraded by: StarkGate WBTC owner

    Upgrade delay: 7d

    Escrow for USDC 0xF608…2816Implementation (Upgradable 7 days delay)

    StarkGate bridge for USDC.

    Can be upgraded by: StarkGate USDC owner

    Escrow for USDT 0xbb34…7605Implementation (Upgradable 7 days delay)

    StarkGate bridge for USDT.

    Can be upgraded by: StarkGate USDT owner

    Upgrade delay: 7d

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).