Search

Search for projects by name or address

SummaryValue SecuredActivityOnchain costsData postedLivenessMilestones & IncidentsRisk summaryRisk analysisStageData availabilityState derivationState validationUpgrades & GovernanceUpdatesOperatorWithdrawalsPermissionsSmart contracts

Starknet logo
Starknet

Badges

About

Starknet is a ZK rollup that uses STARK proofs to securely scale Ethereum and Ethereum blobs for data availability. Starknet is also actively engaged in bringing Bitcoin users the same scale, UX, and liquidity through a variety of products and programs.

  • Total Value SecuredTVS
    $415.42 M0.13%
  • Past day UOPSDaily UOPS
    8.2316.1%
  • Stage
  • Gas tokens
    ETH, STRK
  • Type
    ZK Rollup
  • Purpose
    Universal

    • Tokens breakdown

    Sequencer failureState validationData availabilityExit windowProposer failure
    Explore more in Discovery UI

    Badges

    About

    Starknet is a ZK rollup that uses STARK proofs to securely scale Ethereum and Ethereum blobs for data availability. Starknet is also actively engaged in bringing Bitcoin users the same scale, UX, and liquidity through a variety of products and programs.

    Value SecuredView TVS breakdown
    Total
    Canonically BridgedCanonically Bridged ValueCanonical
    Natively MintedNatively Minted TokensNative
    Externally BridgedExternally Bridged ValueExternal
    ETH & derivatives
    Stablecoins
    BTC & derivatives
    Other
    View TVS breakdown
    Activity
    Data source: Voyager API

    2025 Jun 12 — 2026 Jun 12

    Past Day UOPS
    8.2316.1%
    Past Day Ops count
    711.12 K
    Max. UOPS
    273.38
    2025 Oct 09
    Past day UOPS/TPS Ratio
    2.09
    Onchain costs

    The section shows the operating costs that L2s pay to Ethereum.

    2025 Jun 12 — 2026 Jun 12

    Total cost
    $51.58 K
    Avg cost per L2 UOP
    $0.000102
    Avg cost per day
    $140.93
    Data posted

    This section shows how much data the project publishes to its data-availability (DA) layer over time. The project currently posts data toEthereumEthereum.

    2025 Jun 12 — 2026 Jun 12

    Data posted
    12.62 GiB
    Avg size per day
    35.30 MiB
    Avg size per L2 UOP
    26.76 B
    Liveness

    This section shows how "live" the project's operators are by displaying how frequently they submit transactions of the selected type. It also highlights anomalies - significant deviations from their typical schedule.

    No ongoing anomalies detected

    2026 May 13 — Jun 12

    Avg. state updates interval
    33 minutes
    Past 30 days anomalies
    100% normal uptime
    Milestones & Incidents

    Starknet reverts 18mins of history

    2026 Jan 5th

    Starknet experienced an outage during which block production was halted.

    Learn more

    Starknet upgrades its proving system to Stwo

    2025 Oct 19th

    Starknet switches to the next-generation prover Stwo to prove its STF on Ethereum L1.

    Learn more
    Risk summary

    Funds can be stolen if

    1. a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

    Funds can be frozen if

    1. the operator censors withdrawal transaction.

    Users can be censored if

    1. the operator refuses to include their transactions.

    MEV can be extracted if

    1. the operator exploits their centralized position and frontruns user transactions.
    Risk analysis
    Sequencer failureState validationData availabilityExit windowProposer failure
    Sequencer failure
    Log via L1

    Users can submit transactions to an L1 map, but can’t force them. When users “complain” that their transaction is stuck on L1 and not picked up by the sequencer, the Security Council minority can bypass the sequencer by posting a state root that includes it.

    State validation
    Validity proofs (ST)

    STARKs are zero knowledge proofs that ensure state correctness.

    Data availability
    Onchain (SD)

    All of the data (SD = state diffs) needed for proof construction is published onchain.

    Exit window
    None (emergency upgrade path)
    7d (regular upgrade path)

    Non-emergency upgrades are initiated on L1 and go through a 8d delay. In case users are censored, the Security Council minority can be alerted to enforce censorship resistance by submitting a new state root. This process is assumed to take 1d, leaving users 7d to exit.

    There is no window for users to exit in case of an unwanted upgrade since contracts are instantly upgradable.

    Proposer failure
    Security Council minority

    Only the whitelisted proposer can update state roots on L1, so in the event of failure the withdrawals are frozen. The Security Council minority can be alerted to enforce censorship resistance because they are a permissioned Operator.

    Stage
    Starknet
    Starknet is a
    Stage 1
    ZK Rollup.
    The project does not pass the walkaway test: users are not able to exit in the presence of malicious operators if the Security Council disappears.
    Learn more about Stages
    Please keep in mind that these stages do not reflect project security, this is an opinionated assessment of project maturity based on subjective criteria, created with a goal of incentivizing projects to push toward better decentralization. Each team may have taken different paths to achieve this goal.
    Data availability

    All data required to reconstruct rollup state is published on chain

    State diffs are publish onchain as blob or calldata on every state update. The state diffs contain information on every contact whose storage was updated, and additional information on contract deployments. From diffs full system state can be recovered. Contracts’ code is not published on L1, but can be trustlessly verified if available elsewhere.

    1. On-Chain Data - Starknet documentation
    Learn more about the DA layer here: Ethereum logoEthereum
    State derivation
    Node software

    The Juno node software can be used to reconstruct the L2 state entirely from L1. The feature has not been released yet, but can be found in this PR.

    Compression scheme

    Starknet uses stateful compression since v0.13.4.

    Genesis state

    There is no non-empty genesis state.

    Data format

    The data format has been updated with different versions, and the full specification can be found here.

    State validation

    Each update to the system state must be accompanied by a ZK proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. These proofs are then verified on Ethereum by a smart contract.

    Proven Program

    The source code of the Starknet OS can be found here. The source code of the bootloader can be found here.

    Validity proofs

    Each update to the system state must be accompanied by a ZK proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. These proofs are then verified on Ethereum by a smart contract.

    1. What is Starknet
    PROVER
    Stwo
    Stwo

    Trusted Setups

    Verifiers

    Used in

    Starknet logoParadex logo

    Verifiers

    Used in

    Starknet logoParadex logo

    Program Hashes

    Name
    Hash
    Repository
    Verification
    Used in
    273300...7702
    Github
    Starknet logoParadex logo
    257150...8294
    Github
    Starknet logoParadex logo
    344285...1079
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    235884...3330
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    378893...4778
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    989994...0176
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    348018...5714
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    303597...6711
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    358503...1237
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    160268...8631
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    110431...7907
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    Starknet state transition function could be proven with unverified ZK programs (bootloaders) on older versions of verifiers. Compliance with the rules of L2 STF can not be independently verified without the sources of these programs.

    Upgrades & Governance
    A diagram of the upgrades and governance
    A diagram of the upgrades and governance

    The Starknet zk Rollup shares its SHARP verifier with other StarkEx and SN Stack Layer 2s. Governance of the main Starknet rollup contract and its core bridge escrows (ETHBridge, STRKBridge) is currently split between the 9/12 Security Council with instant upgrade capability and the 2/4 Starkware Multisig 2 who can upgrade with a 8d delay. The former Multisig also governs most other bridge escrows with instant upgradeability. The shared SHARP verifier used for state validation can be changed by the 2/4 SHARP Multisig with and a 8d delay, affecting all rollups like Starknet that are sharing it.

    The Operator role in the Starknet contract is permissioned to update the state of the Starknet rollup by supplying valid (zk) state transition proofs. Since this role is not permissionless, Starknet implements a StarknetSCMinorityMultisig with the Operator role, which allows a 3/12 minority of the StarknetSecurityCouncil to enforce censorship resistance by including transactions that are not included by regular Operators.

    All bridge escrows allow enabling a withdrawal throttle of 5% of the locked funds per 24h period. Enabling it is permissioned to a Multisig while disabling it in the core bridge escrows (STRKBridge, ETHBridge) can be done by a 3/12 minority of the Security Council.

    Past upgrades

    The metrics include upgrades on the currently used proxy contracts. Historical proxy contracts and changes of such are not included.

    Count of upgrades
    78
    Last upgrade
    1mo 14d ago
    Avg upgrade interval
    6mo 25d
    Updates
    2026 April 21, 08:57 UTC
    High severity
    22changes

    Starknet v0.14.2 upgrade: https://x.com/StarkWareLtd/status/2046232501887062448. Upgraded Rollup contract with minimal diff: https://disco.l2beat.com/diff/eth:0x2793010E6711Acd5C46ed17f2183a9d58db71e04/eth:0x9961D34D3baE6914635c882e8FE382e14E0F172A (mainly added safety checks on L1 - L2 msg hash computation). Also upgraded aggregation and starknet os programs: sources are here https://github.com/starkware-libs/sequencer/tree/c294a8ba263834d45cf525217d8700f5de24a260/crates/apollo starknet os program/src/cairo/starkware/starknet/core.

    Starknet v0.14.2 upgrade: https://x.com/StarkWareLtd/status/2046232501887062448.

    Upgraded Rollup contract with minimal diff: https://disco.l2beat.com/diff/eth:0x2793010E6711Acd5C46ed17f2183a9d58db71e04/eth:0x9961D34D3baE6914635c882e8FE382e14E0F172A (mainly added safety checks on L1 -> L2 msg hash computation).

    Also upgraded aggregation and starknet os programs: sources are here https://github.com/starkware-libs/sequencer/tree/c294a8ba263834d45cf525217d8700f5de24a260/crates/apollo_starknet_os_program/src/cairo/starkware/starknet/core.

    contract Starknet (eth:0xc662c410C0ECf747543f5bA90660f6ABeBD9C8c4) {
    +++ description: Central rollup contract. Receives (verified) state roots from the Sequencer, allows users to consume L2 -> L1 messages and send L1 -> L2 messages. Critical configuration values for the L2's logic are defined here by various governance roles.
    sourceHashes.1:
    - "0x8074e96abc7cacf654908c0111c69027cf599f3b67332f3680c5de768a2d6dfe"
    + "0x4ebd3e71fba7928b1daa4cdd93a1081aa0b578578cc8e6aada6a3b86b057fcb5"
    values.$implementation:
    - "eth:0x2793010E6711Acd5C46ed17f2183a9d58db71e04"
    + "eth:0x9961D34D3baE6914635c882e8FE382e14E0F172A"
    values.$pastUpgrades.10:
    + ["2026-04-20T11:53:35.000Z","0xb2fd817ea47d39435e0b08825964bcb0b2ae08ebc4c5a47954f9b169235ed1c1",["eth:0x9961D34D3baE6914635c882e8FE382e14E0F172A"]]
    values.$upgradeCount:
    - 10
    + 11
    values.aggregatorHashMapped:
    - "1701025211190912681772481128523426351562426117847395998223683709327746845867"
    + "2571508110958925737463010241874806654058743535666147712534445437599630018294"
    values.aggregatorProgramHash:
    - "1701025211190912681772481128523426351562426117847395998223683709327746845867"
    + "2571508110958925737463010241874806654058743535666147712534445437599630018294"
    values.identify:
    - "StarkWare_Starknet_2025_10"
    + "StarkWare_Starknet_2026_11"
    values.implementation:
    - "eth:0x2793010E6711Acd5C46ed17f2183a9d58db71e04"
    + "eth:0x9961D34D3baE6914635c882e8FE382e14E0F172A"
    +++ description: The L2 programHash which is a hash of the L2 state machine logic. Liveness config MUST be changed in the .ts as soon as this is updated.
    +++ severity: HIGH
    values.programHash:
    - "918745833886511857768061986591752808672496300091957204265383861063635175685"
    + "2733003247060056328192560178934419513655729851806095615814023997114795707702"
    values.programHashHistory.13:
    + "918745833886511857768061986591752808672496300091957204265383861063635175685"
    values.programHashMapped:
    - "918745833886511857768061986591752808672496300091957204265383861063635175685"
    + "2733003247060056328192560178934419513655729851806095615814023997114795707702"
    implementationNames.eth:0x2793010E6711Acd5C46ed17f2183a9d58db71e04:
    - "Starknet"
    implementationNames.eth:0x9961D34D3baE6914635c882e8FE382e14E0F172A:
    + "Starknet"
    }
    2026 January 27, 10:45 UTC
    4changes

    Added new EOA to be a security agent for ETH and STRK bridge (can enable withdrawal limit).

    Added new EOA to be a security agent for ETH and STRK bridge (can enable withdrawal limit).

    contract ETHBridge (eth:0xae0Ee0A63A2cE6BaeEFFE56e7714FB4EFE48D419) {
    +++ description: Standard Starkware canonical bridge escrow for ETH. Withdrawals can be throttled to 5% of the locked funds per 24 hours.
    values.accessControl.SECURITY_AGENT.members.1:
    + "eth:0x4032bE860716F6e4488CBc9f1505E26E2FA3C2c2"
    values.secAgentAC.1:
    + "eth:0x4032bE860716F6e4488CBc9f1505E26E2FA3C2c2"
    }
    contract STRKBridge (eth:0xcE5485Cfb26914C5dcE00B9BAF0580364daFC7a4) {
    +++ description: Standard Starkware bridge escrow (single token). Withdrawals can be throttled to 5% of the locked funds per 24 hours.
    values.accessControl.SECURITY_AGENT.members.1:
    + "eth:0x4032bE860716F6e4488CBc9f1505E26E2FA3C2c2"
    values.secAgentAC.1:
    + "eth:0x4032bE860716F6e4488CBc9f1505E26E2FA3C2c2"
    }
    2026 January 20, 15:02 UTC
    High severity
    65changes

    Halted WBTC and SolvBTC bridges, sweeped tokens to respective clearing addresses. See this tweet: https://x.com/starknet/status/2012177863353815198.

    Halted WBTC and SolvBTC bridges, sweeped tokens to respective clearing addresses. See this tweet: https://x.com/starknet/status/2012177863353815198.

    contract Starkware Multisig 2 (eth:0x015277f49d5dD035A5F3Ce34aD5eBfDBaCA0C6Ec) {
    +++ description: None
    receivedPermissions.27.delay:
    - 259200
    }
    contract WBTCBridge (eth:0x283751A21eafBFcD52297820D27C1f1963D9b5b4) {
    +++ description: Haltable version of the Starkware Multibridge escrow. Withdrawals can be throttled to 5% of the locked funds per 24 hours for each token individually. Deposits for a particular token can be halted by app governor, halt must be finalized in the second transaction that also sweeps all funds into a clrearing address. There is no logic to resume bridging after the halt.
    template:
    - "starknet/StarknetERC20Bridge"
    + "starknet/StarknetMultiBridge_haltable"
    sourceHashes.1:
    - "0x8f135fc371babc0f7b9fd3b63668e1c35eed87f3dedd2416ebe0e7a118c4fd0a"
    + "0x75f2a8488acf6abb9e13f53441969f226aebd93a943aae7e6051a2cbfea0b7d0"
    description:
    - "Standard Starkware bridge escrow (single token). Withdrawals can be throttled to 5% of the locked funds per 24 hours."
    + "Haltable version of the Starkware Multibridge escrow. Withdrawals can be throttled to 5% of the locked funds per 24 hours for each token individually. Deposits for a particular token can be halted by app governor, halt must be finalized in the second transaction that also sweeps all funds into a clrearing address. There is no logic to resume bridging after the halt."
    values.$implementation:
    - "eth:0x6ad74D4B79A06A492C288eF66Ef868Dd981fdC85"
    + "eth:0xE0D1fab527A85D955d4c05323250367E61bA3f18"
    values.$pastUpgrades.8:
    + ["2026-01-19T15:01:23.000Z","0xdb7a4f9c3e38994d167d6943b6b7f247972ac3c7564febba428a407cf0e89e5b",["eth:0xE0D1fab527A85D955d4c05323250367E61bA3f18"]]
    values.$upgradeCount:
    - 8
    + 9
    values.bridgedToken:
    - "eth:0x2260FAC5E5542a773Aa44fBCfeDf7C193bc2C599"
    values.depositStatus:
    - "active"
    values.getUpgradeActivationDelay:
    - 259200
    + 0
    values.identify:
    - "StarkWare_StarknetERC20Bridge_2.0_5"
    + "StarkWare_StarknetTokenBridge_2.0_6-halt"
    values.implementation:
    - "eth:0x6ad74D4B79A06A492C288eF66Ef868Dd981fdC85"
    + "eth:0xE0D1fab527A85D955d4c05323250367E61bA3f18"
    values.maxTotalBalance:
    - "115792089237316195423570985008687907853269984665640564039457584007913129639935"
    values.StarkWareProxy_upgradeDelay:
    - 259200
    + 0
    +++ description: empty: withdrawals are not limited, `0x0000000000000000000000000000000000455448` (or respective `bridgedToken` address): withdrawals are limited.
    +++ severity: HIGH
    values.withdrawalLimitStatus:
    - "inactive"
    + []
    values.cleareanceAddress:
    + "eth:0x0555E30da8f98308EdB960aa94C0Db47230d2B9c"
    values.getL2Bridge:
    + "3475252094465534150446669812792040965529065299943233505330779571674053440258"
    +++ description: The maximum total escrow balance per token (can limit deposits) is listed here if modified.
    values.maxTotalTokenBalance:
    + {}
    +++ description: Bridge halt was completed for these tokens.
    +++ severity: HIGH
    values.tokenHaltCompleted:
    + ["eth:0x2260FAC5E5542a773Aa44fBCfeDf7C193bc2C599"]
    +++ description: Bridge halt was signalled for these tokens.
    +++ severity: HIGH
    values.tokenHaltSignalled:
    + ["eth:0x2260FAC5E5542a773Aa44fBCfeDf7C193bc2C599"]
    fieldMeta.$admin.description:
    - "NOT the same as the `GOVERNANCE_ADMIN` access control role (see implementation) but managed by it."
    + "Same as UPGRADE_ADMIN role and managed by `GOVERNANCE_ADMIN` access control role (see implementation)."
    fieldMeta.withdrawalLimitStatus.description:
    - "inactive: withdrawals are not limited, any number: withdrawals are limited and the number is the intraday allowance that is left."
    + "empty: withdrawals are not limited, `0x0000000000000000000000000000000000455448` (or respective `bridgedToken` address): withdrawals are limited."
    fieldMeta.maxTotalBalance:
    - {"description":"The maximum total balance that can be locked in the bridge."}
    fieldMeta.depositStatus:
    - {"severity":"HIGH","description":"Token status managed by the Manager. Only affects deposits."}
    fieldMeta.maxTotalTokenBalance:
    + {"description":"The maximum total escrow balance per token (can limit deposits) is listed here if modified."}
    fieldMeta.tokenHaltSignalled:
    + {"severity":"HIGH","description":"Bridge halt was signalled for these tokens."}
    fieldMeta.tokenHaltCompleted:
    + {"severity":"HIGH","description":"Bridge halt was completed for these tokens."}
    implementationNames.eth:0x6ad74D4B79A06A492C288eF66Ef868Dd981fdC85:
    - "StarknetERC20Bridge"
    implementationNames.eth:0xE0D1fab527A85D955d4c05323250367E61bA3f18:
    + "StarknetTokenBridge"
    usedTypes:
    - [{"typeCaster":"Mapping","arg":{"115792089237316195423570985008687907853269984665640564039457584007913129639935":"inactive"}},{"typeCaster":"Mapping","arg":{"0":"unknown","1":"pending","2":"active","3":"deactivated"}}]
    }
    contract SolvBTCBridge (eth:0xA86b9b9c58d4f786F8ea89356c9c9Dde9432Ab10) {
    +++ description: Haltable version of the Starkware Multibridge escrow. Withdrawals can be throttled to 5% of the locked funds per 24 hours for each token individually. Deposits for a particular token can be halted by app governor, halt must be finalized in the second transaction that also sweeps all funds into a clrearing address. There is no logic to resume bridging after the halt.
    template:
    - "starknet/StarknetMultiBridge"
    + "starknet/StarknetMultiBridge_haltable"
    sourceHashes.1:
    - "0x066d78e6d7d8dd603e76a970521e74980c0853d848c55f014c7867ecac8be211"
    + "0x75f2a8488acf6abb9e13f53441969f226aebd93a943aae7e6051a2cbfea0b7d0"
    description:
    - "Starkware Multibridge escrow. Withdrawals can be throttled to 5% of the locked funds per 24 hours for each token individually."
    + "Haltable version of the Starkware Multibridge escrow. Withdrawals can be throttled to 5% of the locked funds per 24 hours for each token individually. Deposits for a particular token can be halted by app governor, halt must be finalized in the second transaction that also sweeps all funds into a clrearing address. There is no logic to resume bridging after the halt."
    values.$implementation:
    - "eth:0xf39d314C5aD7DC88958116dfA7d5ac095d563Aff"
    + "eth:0x205Fef0daB48D83CbA6888C5F050FeE36C4762B7"
    values.$pastUpgrades.3:
    + ["2026-01-19T14:07:59.000Z","0xa0ae9228abd03f1701caf995520b4ad4f9998bf46376e5f8cea39a24d0ee461a",["eth:0x205Fef0daB48D83CbA6888C5F050FeE36C4762B7"]]
    values.$upgradeCount:
    - 3
    + 4
    values.identify:
    - "StarkWare_StarknetTokenBridge_2.0_6"
    + "StarkWare_StarknetTokenBridge_2.0_6-halt"
    values.implementation:
    - "eth:0xf39d314C5aD7DC88958116dfA7d5ac095d563Aff"
    + "eth:0x205Fef0daB48D83CbA6888C5F050FeE36C4762B7"
    values.cleareanceAddress:
    + "eth:0xd6FD2d2B18207a3b1A3d45C1ccA8c5624Ca82041"
    +++ description: Bridge halt was completed for these tokens.
    +++ severity: HIGH
    values.tokenHaltCompleted:
    + ["eth:0x7A56E1C57C7475CCf742a1832B028F0456652F97"]
    +++ description: Bridge halt was signalled for these tokens.
    +++ severity: HIGH
    values.tokenHaltSignalled:
    + ["eth:0x7A56E1C57C7475CCf742a1832B028F0456652F97"]
    fieldMeta.tokenHaltSignalled:
    + {"severity":"HIGH","description":"Bridge halt was signalled for these tokens."}
    fieldMeta.tokenHaltCompleted:
    + {"severity":"HIGH","description":"Bridge halt was completed for these tokens."}
    implementationNames.eth:0xf39d314C5aD7DC88958116dfA7d5ac095d563Aff:
    - "StarknetTokenBridge"
    implementationNames.eth:0x205Fef0daB48D83CbA6888C5F050FeE36C4762B7:
    + "StarknetTokenBridge"
    }
    + Status: CREATED
    contract Safe (eth:0xd6FD2d2B18207a3b1A3d45C1ccA8c5624Ca82041)
    +++ description: None
    2026 January 19, 12:01 UTC
    6changes

    Added Starkware multisig as app governor and app admin to WBTC bridge. Upgraded SolvBTCBridge twice, second upgrade returned implementation to the initial version, the intermediate implementation is haltable but was not halted afai can see: https://disco.l2beat.com/diff/eth:0xf39d314C5aD7DC88958116dfA7d5ac095d563Aff/eth:0x205Fef0daB48D83CbA6888C5F050FeE36C4762B7.

    Added Starkware multisig as app governor and app admin to WBTC bridge. Upgraded SolvBTCBridge twice, second upgrade returned implementation to the initial version, the intermediate implementation is haltable but was not halted afai can see: https://disco.l2beat.com/diff/eth:0xf39d314C5aD7DC88958116dfA7d5ac095d563Aff/eth:0x205Fef0daB48D83CbA6888C5F050FeE36C4762B7.

    contract WBTCBridge (eth:0x283751A21eafBFcD52297820D27C1f1963D9b5b4) {
    +++ description: Standard Starkware bridge escrow (single token). Withdrawals can be throttled to 5% of the locked funds per 24 hours.
    values.accessControl.APP_GOVERNOR.members.0:
    + "eth:0x015277f49d5dD035A5F3Ce34aD5eBfDBaCA0C6Ec"
    values.accessControl.APP_ROLE_ADMIN.members.0:
    + "eth:0x015277f49d5dD035A5F3Ce34aD5eBfDBaCA0C6Ec"
    }
    contract SolvBTCBridge (eth:0xA86b9b9c58d4f786F8ea89356c9c9Dde9432Ab10) {
    +++ description: Starkware Multibridge escrow. Withdrawals can be throttled to 5% of the locked funds per 24 hours for each token individually.
    values.$pastUpgrades.1:
    + ["2026-01-15T16:06:23.000Z","0x27532d9c2db25f9d053fe4246f83a8c719a0d0b000a9d0e9f1e7dae1e05f287a",["eth:0x205Fef0daB48D83CbA6888C5F050FeE36C4762B7"]]
    values.$pastUpgrades.2:
    + ["2026-01-15T16:08:35.000Z","0x787522b1ecf6f59d77fdd6278cf3d92f7b28cc292264e5f7ae9ef93c1344d587",["eth:0xf39d314C5aD7DC88958116dfA7d5ac095d563Aff"]]
    values.$upgradeCount:
    - 1
    + 3
    }
    2025 December 16, 10:16 UTC
    High severity
    9changes

    Updated Starknet OS and Aggregator programs.

    Updated Starknet OS and Aggregator programs.

    contract Starknet (eth:0xc662c410C0ECf747543f5bA90660f6ABeBD9C8c4) {
    +++ description: Central rollup contract. Receives (verified) state roots from the Sequencer, allows users to consume L2 -> L1 messages and send L1 -> L2 messages. Critical configuration values for the L2's logic are defined here by various governance roles.
    values.aggregatorHashMapped:
    - "Starknet Aggregator (since v0.14.0)"
    + "1701025211190912681772481128523426351562426117847395998223683709327746845867"
    values.aggregatorProgramHash:
    - "760308386675154762009993173725077399730170358078020153308029499928875469870"
    + "1701025211190912681772481128523426351562426117847395998223683709327746845867"
    +++ description: The L2 programHash which is a hash of the L2 state machine logic. Liveness config MUST be changed in the .ts as soon as this is updated.
    +++ severity: HIGH
    values.programHash:
    - "793595346346724189681221050719974054861327641387231526786912662354259445535"
    + "918745833886511857768061986591752808672496300091957204265383861063635175685"
    values.programHashHistory.12:
    + "793595346346724189681221050719974054861327641387231526786912662354259445535"
    values.programHashMapped:
    - "StarkNet OS (since v0.14.0)"
    + "918745833886511857768061986591752808672496300091957204265383861063635175685"
    }
    Operator

    The system has a centralized operator

    The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system. Typically, the Operator is the hot wallet of the Starknet service submitting state updates for which proofs have been already submitted and verified.

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

    Users can't force any transaction

    There is no general mechanism to force the sequencer to include the transaction.

    • Users can be censored if the operator refuses to include their transactions.

    1. Censorship resistance of Starknet - Forum Discussion
    Withdrawals

    Regular messaging

    The user initiates L2->L1 messages by submitting a regular transaction on this chain. When the block containing that transaction is settled, the message becomes available for processing on L1. ZK proofs are required to settle blocks. Note that the message request can be censored by the Sequencer.

    • Funds can be frozen if the operator censors withdrawal transaction.

    1. Withdrawing is based on l2 to l1 messages - Starknet documentation

    Emergency exit

    There is no generic escape hatch mechanism as Starknet cannot be forced by users into a frozen state. Note that a freezing mechanism on L2, to be secure, requires anti-censorship protection.

    Permissions
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    Disco UI BannerExplore in Disco

    Ethereum

    Actors:

    Starkware Multisig 20x0152…C6Ec

    A Multisig with 2/4 threshold.

    • Can upgrade with no delay
      • StarkgateManager
      • StarkgateRegistry
      • WBTCBridge
      • FXSBridge
      • sfrxETHBridge
      • FRAXBridge
      • MultiBridge
      • UNIBridge
    • Can upgrade with 3d delay
      • USDTBridge
      • wstETHBridge
      • rETHBridge
      • USDCBridge
    • Can interact with StarkgateManager
      • enroll new tokens, deactivate existing ones (for deposits) or block tokens from being added to the Multibridge
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    • Can interact with StarkgateRegistry
      • manage critical access control roles and the role that can upgrade the implementation
    • Can interact with WBTCBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    • Can interact with FXSBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    • Can interact with USDTBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    • Can interact with wstETHBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    • Can interact with rETHBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    • Can interact with sfrxETHBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    • Can interact with FRAXBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    • Can interact with LUSDBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    • Can interact with MultiBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    • Can interact with USDCBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    • Can interact with UNIBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation

    Participants (4):

    0xd388…d3F80x5923…85580xCe95…23a00x64F4…5770
    Starkware Security Council0x15e8…C361

    A Multisig with 9/12 threshold.

    • Can upgrade with no delay
      • ETHBridge
      • Starknet
      • STRKBridge
    • Can interact with ETHBridge
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    • Can interact with Starknet
      • Permissioned to manage the Operator role, finalize state and change critical parameters like the programHash, configHash, or message cancellation delay in the core contract
    • Can interact with STRKBridge
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation

    Participants (12):

    0x0762…F09c0x5C7D…252F0x04D5…F94c0x2914…751d0xfaEC…33B00xF6AB…FbD80x16aB…57CD0x1027…8cac0x7383…E5600x590C…430C0x7A3a…982E0xFf71…0D90
    1. Security Council members - Starkware Governance Hub
    Starkware Multisig 10x83C0…e988

    A Multisig with 2/6 threshold.

    • Can upgrade with 8d delay
      • ETHBridge
      • Starknet
      • STRKBridge
    • Can interact with Starknet
      • Permissioned to manage the Operator role, finalize state and change critical parameters like the programHash, configHash, or message cancellation delay in the core contract with 8d delay

    Participants (6):

    0xaDB2…38fc0x8e81…7Dd50x804d…C81f0x2871…B4030x64F4…57700x5923…8558
    SHARP Multisig0x21F9…AEc4

    A Multisig with 2/4 threshold.

    • Can upgrade with 8d delay
      • SHARPVerifierCallProxy
    • Can interact with SHARPVerifierCallProxy
      • manage the upgrade admin amd access control roles
      • set custom implementations for specific operators (changes the verifier based on who calls it)

    Participants (4):

    0x0405…84880x5923…85580xebc8…fD7F0x955B…2Fec
    Used in:
    Starkware SCMinority Multisig0xF6b0…bC6B

    A Multisig with 3/12 threshold.

    • Can interact with ETHBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
    • Can interact with Starknet
    • Can interact with STRKBridge
      • disable the withdrawal limit and manage the security agent role that can enable it

    Participants (12):

    0x2914…751d0x04D5…F94c0x5C7D…252F0x0762…F09c0xfaEC…33B00xF6AB…FbD80x16aB…57CD0x1027…8cac0x7383…E5600x590C…430C0x7A3a…982E0xFf71…0D90
    StarkgateManager0x0c5a…5B60

    Acts as a central contract to manage StarkGate bridge escrows (add new ones, deactivate existing, change configs) when given the Manager role from the respective escrows.

    • Can interact with MultiBridge
      • enroll new tokens or deactivate deposits into the escrow (for each token individually)
    Starkware Multisig 40x77Dd…88c5

    A Multisig with 1/3 threshold.

    Participants (3):

    EOA 10x5923…8558EOA 2
    Safe0xd6FD…2041

    A Multisig with 3/5 threshold.

    Participants (5):

    0x3236…Ce790x81a3…05010x5540…033F0x6963…9CAA0x6F8d…7969
    2 EOAs
    EOA 1EOA 2

    Member of Starkware Multisig 4.

    • Can interact with WBTCBridge
      • enable the withdrawal limit
    • Can interact with ETHBridge
      • enable the withdrawal limit
    • Can interact with USDTBridge
      • enable the withdrawal limit
    • Can interact with STRKBridge
      • enable the withdrawal limit
    • Can interact with MultiBridge
      • enable the withdrawal limit
    • Can interact with USDCBridge
      • enable the withdrawal limit
    EOA 30x2C16…0CA7
    EOA 40x4032…C2c2
    • Can interact with ETHBridge
      • enable the withdrawal limit
    • Can interact with STRKBridge
      • enable the withdrawal limit
    EOA 50x5751…f21A
    • Can upgrade with no delay
      • SolvBTCBridge
      • LUSDBridge
    • Can interact with SolvBTCBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    EOA 60xF689…e86b
    • Can upgrade with no delay
      • LBTCBridge
    • Can interact with LBTCBridge
      • disable the withdrawal limit and manage the security agent role that can enable it
      • manage critical access control roles related to upgrades and set the proxy governor that can upgrade the implementation
    Smart contracts
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    Disco UI BannerExplore in Disco
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    Ethereum

    Starknet0xc662…C8c4Implementation (Upgradable)AdminAdmin

    Central rollup contract. Receives (verified) state roots from the Sequencer, allows users to consume L2 -> L1 messages and send L1 -> L2 messages. Critical configuration values for the L2’s logic are defined here by various governance roles.

    • Roles:
      • admin: DelayedExecutor, Starkware Security Council; ultimately Starkware Multisig 1
      • operators: EOA 3, Starkware SCMinority Multisig
    Can be upgraded by:
    Starkware Security Council with no delayStarkware Multisig 1 with 8d delay
    Implementation used in:
    SHARPVerifierCallProxy0x4731…Db60Implementation (Upgradable)Admin

    Upgradable call proxy contract through which the SHARPVerifier can be called. A call proxy does not delegatecall and the storage context remains at the target contract. It allows SHARP Multisig to change the otherwise immutable verifier contract with 8d delay.

    • Roles:
      • admin: SHARP Multisig
      • appGovernor: SHARP Multisig
      • governanceAdmin: SHARP Multisig
    Can be upgraded by:
    SHARP Multisig with 8d delay
    Proxy used in:
    SHARPVerifier_2026_130x5C1C…a9fe

    Shared Starkware SHARP verifier used collectively by Starknet and other SN stack and StarkEx projects. It receives STARK proofs from the Prover and verifies the integrity of the offchain execution including a correctly computed state root which is part of the Program Output.

    Implementation used in:
    SHARPVerifier0x7Da1…3fF7

    Shared Starkware SHARP verifier used collectively by Starknet and other SN stack and StarkEx projects. It receives STARK proofs from the Prover and verifies the integrity of the offchain execution including a correctly computed state root which is part of the Program Output.

    Implementation used in:
    DelayedExecutor0xCA11…Ca0c

    A simple Timelock contract with an immutable delay of 8d. The owner (Starkware Multisig 1) can queue transactions.

    • Roles:
      • owner: Starkware Multisig 1
    ETHBridge
    Escrow
    0xae0E…D419Implementation (Upgradable)AdminAdmin

    Standard Starkware canonical bridge escrow for ETH. Withdrawals can be throttled to 5% of the locked funds per 24 hours.

    • Roles:
      • admin: DelayedExecutor, Starkware Security Council; ultimately Starkware Multisig 1
      • govAdmin: Starkware Security Council
      • secAdmin: Starkware SCMinority Multisig
      • secAgent: EOA 4, Starkware Multisig 4; ultimately EOA 1, EOA 2
    The following tokens are included in the value secured calculation:
    ETH token logo
    Can be upgraded by:
    Starkware Security Council with no delayStarkware Multisig 1 with 8d delay
    LORDSBridge
    Escrow
    0x023A…E5C9

    Custom (and immutable) entry point contract and escrow for users depositing LORDS to via StarkGate to the L2.

    The following tokens are included in the value secured calculation:
    LORDS token logo
    StarkgateRegistry0x1268…6812Implementation (Upgradable)Admin

    A simple registry that maps tokens to their StarkGate escrows. It also keeps a list of tokens that are blocked from being added to StarkGate.

    • Roles:
      • admin: Starkware Multisig 2
      • govAdmin: Starkware Multisig 2
    Can be upgraded by:
    Starkware Multisig 2 with no delay
    WBTCBridge
    Custom Escrow
    0x2837…b5b4Implementation (Upgradable)Admin

    Haltable version of the Starkware Multibridge escrow. Withdrawals can be throttled to 5% of the locked funds per 24 hours for each token individually. Deposits for a particular token can be halted by app governor, halt must be finalized in the second transaction that also sweeps all funds into a clrearing address. There is no logic to resume bridging after the halt.

    • Roles:
      • admin: Starkware Multisig 2
      • govAdmin: Starkware Multisig 2
      • secAdmin: Starkware Multisig 2
      • secAgent: Starkware Multisig 4; ultimately EOA 1, EOA 2
    The following tokens are included in the value secured calculation:
    WBTC token logo
    Can be upgraded by:
    Starkware Multisig 2 with no delay
    FXSBridge
    Custom Escrow
    0x66ba…0B7CImplementation (Upgradable)Admin

    Standard Starkware bridge escrow (single token). Withdrawals can be throttled to 5% of the locked funds per 24 hours.

    • Roles:
      • admin: Starkware Multisig 2
      • govAdmin: Starkware Multisig 2
      • secAdmin: Starkware Multisig 2
    The following tokens are included in the value secured calculation:
    FRAX token logo
    Can be upgraded by:
    Starkware Multisig 2 with no delay
    L1DaiGateway0x9F96…388d

    Gateway contract that is the user entrypoint to deposit DAI to a custom escrow to bridge via StarkGate.

    USDTBridge
    Custom Escrow
    0xbb34…7605Implementation (Upgradable)Admin

    Standard Starkware bridge escrow (single token). Withdrawals can be throttled to 5% of the locked funds per 24 hours.

    • Roles:
      • admin: Starkware Multisig 2
      • govAdmin: Starkware Multisig 2
      • secAdmin: Starkware Multisig 2
      • secAgent: Starkware Multisig 4; ultimately EOA 1, EOA 2
    The following tokens are included in the value secured calculation:
    USDT token logo
    Can be upgraded by:
    Starkware Multisig 2 with 3d delay
    wstETHBridge
    Custom Escrow
    0xBf67…985BImplementation (Upgradable)Admin

    Standard Starkware bridge escrow (single token). Withdrawals can be throttled to 5% of the locked funds per 24 hours.

    • Roles:
      • admin: Starkware Multisig 2
      • govAdmin: Starkware Multisig 2
      • secAdmin: Starkware Multisig 2
    The following tokens are included in the value secured calculation:
    wstETH token logo
    Can be upgraded by:
    Starkware Multisig 2 with 3d delay
    STRKBridge
    Escrow
    0xcE54…C7a4Implementation (Upgradable)AdminAdmin

    Standard Starkware bridge escrow (single token). Withdrawals can be throttled to 5% of the locked funds per 24 hours.

    • Roles:
      • admin: DelayedExecutor, Starkware Security Council; ultimately Starkware Multisig 1
      • govAdmin: Starkware Security Council
      • secAdmin: Starkware SCMinority Multisig
      • secAgent: EOA 4, Starkware Multisig 4; ultimately EOA 1, EOA 2
    The following tokens are included in the value secured calculation:
    STRK token logo
    Can be upgraded by:
    Starkware Security Council with no delayStarkware Multisig 1 with 8d delay
    rETHBridge
    Custom Escrow
    0xcf58…76C2Implementation (Upgradable)Admin

    Standard Starkware bridge escrow (single token). Withdrawals can be throttled to 5% of the locked funds per 24 hours.

    • Roles:
      • admin: Starkware Multisig 2
      • govAdmin: Starkware Multisig 2
      • secAdmin: Starkware Multisig 2
    The following tokens are included in the value secured calculation:
    rETH token logo
    Can be upgraded by:
    Starkware Multisig 2 with 3d delay
    sfrxETHBridge
    Custom Escrow
    0xd8E8…8Ee8Implementation (Upgradable)Admin

    Standard Starkware bridge escrow (single token). Withdrawals can be throttled to 5% of the locked funds per 24 hours.

    • Roles:
      • admin: Starkware Multisig 2
      • govAdmin: Starkware Multisig 2
      • secAdmin: Starkware Multisig 2
    The following tokens are included in the value secured calculation:
    sfrxETH token logo
    Can be upgraded by:
    Starkware Multisig 2 with no delay
    FRAXBridge
    Custom Escrow
    0xDc68…1ebbImplementation (Upgradable)Admin

    Standard Starkware bridge escrow (single token). Withdrawals can be throttled to 5% of the locked funds per 24 hours.

    • Roles:
      • admin: Starkware Multisig 2
      • govAdmin: Starkware Multisig 2
      • secAdmin: Starkware Multisig 2
    The following tokens are included in the value secured calculation:
    FRAX.legacy token logo
    Can be upgraded by:
    Starkware Multisig 2 with no delay
    MultiBridge
    Custom Escrow
    0xF5b6…69EbImplementation (Upgradable)Admin

    Starkware Multibridge escrow. Withdrawals can be throttled to 5% of the locked funds per 24 hours for each token individually.

    • Roles:
      • admin: Starkware Multisig 2
      • govAdmin: Starkware Multisig 2
      • manager: StarkgateManager
      • secAdmin: Starkware Multisig 2
      • secAgent: Starkware Multisig 4; ultimately EOA 1, EOA 2
    The following tokens are included in the value secured calculation:
    EKUBO token logoZEND token logoNSTR token logo
    Can be upgraded by:
    Starkware Multisig 2 with no delay
    USDCBridge
    Escrow
    0xF608…2816Implementation (Upgradable)Admin

    Standard Starkware bridge escrow (single token). Withdrawals can be throttled to 5% of the locked funds per 24 hours.

    • Roles:
      • admin: Starkware Multisig 2
      • govAdmin: Starkware Multisig 2
      • secAdmin: Starkware Multisig 2
      • secAgent: Starkware Multisig 4; ultimately EOA 1, EOA 2
    The following tokens are included in the value secured calculation:
    Can be upgraded by:
    Starkware Multisig 2 with 3d delay
    UNIBridge
    Custom Escrow
    0xf76e…236BImplementation (Upgradable)Admin

    Standard Starkware bridge escrow (single token). Withdrawals can be throttled to 5% of the locked funds per 24 hours.

    • Roles:
      • admin: Starkware Multisig 2
      • govAdmin: Starkware Multisig 2
      • secAdmin: Starkware Multisig 2
    The following tokens are included in the value secured calculation:
    UNI token logo
    Can be upgraded by:
    Starkware Multisig 2 with no delay
    DAIBridge
    Escrow
    0x0437…585C

    Simple escrow that accepts tokens and allows to configure permissioned addresses that can access the tokens.

    The following tokens are included in the value secured calculation:
    DAI token logo
    LBTCBridge
    Escrow
    0x96C8…685eImplementation (Upgradable)Admin

    Starkware Multibridge escrow. Withdrawals can be throttled to 5% of the locked funds per 24 hours for each token individually.

    • Roles:
      • admin: EOA 6
      • govAdmin: EOA 6
      • secAdmin: EOA 6
    The following tokens are included in the value secured calculation:
    LBTC token logo
    Can be upgraded by:
    EOA 6 with no delay
    SolvBTCBridge
    Escrow
    0xA86b…Ab10Implementation (Upgradable)Admin

    Haltable version of the Starkware Multibridge escrow. Withdrawals can be throttled to 5% of the locked funds per 24 hours for each token individually. Deposits for a particular token can be halted by app governor, halt must be finalized in the second transaction that also sweeps all funds into a clrearing address. There is no logic to resume bridging after the halt.

    • Roles:
      • admin: EOA 5
      • govAdmin: EOA 5
      • secAdmin: EOA 5
    The following tokens are included in the value secured calculation:
    SolvBTC token logo
    Can be upgraded by:
    EOA 5 with no delay
    LUSDBridge
    Custom Escrow
    0xF3F6…3DF5Implementation (Upgradable)Admin

    Standard Starkware bridge escrow (single token). Withdrawals can be throttled to 5% of the locked funds per 24 hours.

    • Roles:
      • admin: EOA 5
      • govAdmin: Starkware Multisig 2
      • secAdmin: Starkware Multisig 2
    The following tokens are included in the value secured calculation:
    LUSD token logo
    Can be upgraded by:
    EOA 5 with no delay
    CairoBootloaderProgram0x2410…4A47
    Implementation used in:
    MemoryPageFactRegistry0xe583…C460

    Auxiliary to the SHARPVerifier contract: Verified ‘memory fact pages’ get stored here. This is important as it registers all necessary onchain data produced by the verifier.

    Implementation used in:

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

    Program Hashes

    Name
    Hash
    Repository
    Verification
    Used in
    273300...7702
    Github
    Starknet logoParadex logo
    257150...8294
    Github
    Starknet logoParadex logo
    344285...1079
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    235884...3330
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    378893...4778
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    989994...0176
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    348018...5714
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    303597...6711
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    358503...1237
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    160268...8631
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    110431...7907
    Github
    Starknet logoEdgeX logoParadex logoSorare logotanX logo

    Projects used in

    Search for projects used in

    Starknet state transition function could be proven with unverified ZK programs (bootloaders) on older versions of verifiers. Compliance with the rules of L2 STF can not be independently verified without the sources of these programs.