Starknet
$969.24 M
27.34%
- Users' withdrawals can be censored by the permissioned operators.
- Upgrades executed by actors with more centralized control than a Security Council provide less than 7d for users to exit if the permissioned operator is down or censoring.
...
Choose token
StarkNet Token (STRK)
Ether (ETH)
USD Coin (USDC)
Tether USD (USDT)
Wrapped BTC (WBTC)
Wrapped liquid staked Ether 2.0 (wstETH)
Lords (LORDS)
Dai Stablecoin (DAI)
Rocket Pool ETH (rETH)
LUSD Stablecoin (LUSD)
Uniswap (UNI)
Staked Frax Ether (sfrxETH)
Frax Share (FXS)
Frax (FRAX)...
...
Starknet Provisions
2024 Feb 14th
Starknet begins allocating $STRK to early contributors and users.
StarkGate Alpha
2022 May 9th
Bridge is live on mainnet, serving as gateway between Ethereum and Starknet.
Starknet Alpha
2021 Nov 29th
Rollup is live on mainnet, enabling general computation using ZK Rollup technology.
Funds can be stolen if
Funds can be lost if
Funds can be frozen if
Users can be censored if
MEV can be extracted if
State validation
ZK proofs (ST)zkSTARKS are zero knowledge proofs that ensure state correctness.
Data availability
On chain (SD)All of the data (SD = state diffs) needed for proof construction is published on chain.
Exit window
NoneThere is no window for users to exit in case of an unwanted upgrade since contracts are instantly upgradable.
Sequencer failure
No mechanismThere is no mechanism to have transactions be included if the sequencer is down or censoring.
Proposer failure
Cannot withdrawOnly the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.
Starknet is a Validity proofs ensure state correctness
Each update to the system state must be accompanied by a ZK proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. These proofs are then verified on Ethereum by a smart contract.
Zero knowledge STARK cryptography is used
Despite their production use zkSTARKs proof systems are still relatively new, complex and they rely on the proper implementation of the polynomial constraints used to check validity of the Execution Trace.
Funds can be lost if the proof system is implemented incorrectly.
All data required to reconstruct rollup state is published on chain
State diffs are publish on-chain as blob or calldata on every state update. The state diffs contain information on every contact whose storage was updated, and additional information on contract deployments. From diffs full system state can be recovered. Contracts’ code is not published on L1, but can be trustlessly verified if available elsewhere.
Starknet doesn’t use any compression scheme.
There is no non-empty genesis state.
The data format has been updated with different versions, and the full specification can be found here.
The system has a centralized operator
The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system. Typically, the Operator is the hot wallet of the Starknet service submitting state updates for which proofs have been already submitted and verified.
MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.
Users can't force any transaction
There is no general mechanism to force the sequencer to include the transaction.
Users can be censored if the operator refuses to include their transactions.
Regular exit
The user initiates the withdrawal by submitting a regular transaction on this chain. When the block containing that transaction is proven the funds become available for withdrawal on L1. Finally the user submits an L1 transaction to claim the funds. This transaction does not require a merkle proof. Note that the withdrawal request can be censored by the Sequencer.
Funds can be frozen if the operator censors withdrawal transaction.
Emergency exit
There is no generic escape hatch mechanism as Starknet cannot be forced by users into a frozen state. Note that a freezing mechanism on L2, to be secure, requires anti-censorship protection.
The Upgrading mechanism of Starknet follows a similar scheme for all of their smart contracts. A contract initializes with the creator of the contract as a Governor, who can then nominate or remove other Governors allowing them to call restricted governor functions.
The Starknet core contract is upgradable by 2 appointed Starknet Proxy Governors: A Proxy multisig with a 2 / 5 threshold and an EOA. Implementations can be upgraded without delay, thus users are not provided with an exit window in case of unwanted upgrades.
Starknet Implementation Governors have the authority to execute governed functions that modify contract parameters without delay. These actions encompass registering/removing Operators, specifying the program and config hash, or setting the Message Cancellation Delay between L1 and L2. Currently it is governed by a Multisig with a 2 / 5 threshold and an EOA. The verifier address is set upon initialization of the Starknet Implementation contract.
Via the proxy contracts, the SHARP Verifier Governors can upgrade the GPSStatement Verifier implementation. It is important to note that the state is also maintained in the implementation contract, rather than in the proxy itself. An upgrade to the Verifier could potentially introduce code that approves fraudulent states. Currently, there is no delay before any upgrade takes effect.
The StarkGate bridge escrows are mostly governed and upgraded by a Bridge Multisig, others by different owners. (see Permissions section)
At present, the StarkNet Foundation hosts voting for STRK token holders (or their delegates) regarding protocol updates to reflect community intent, however, there is no direct authority to implement the execution of these upgrades.
The system uses the following set of permissioned addresses:
Can upgrade implementation of the system, potentially gaining access to all funds stored in the bridge. Can also upgrade implementation of the StarknetCore contract, potentially allowing fraudulent state to be posted. Currently there is 0s delay before the upgrade.
One of Proxy Governors. This is a Gnosis Safe with 2 / 5 threshold.
Those are the participants of the ProxyMultisig.
The governors are responsible for: appointing operators, changing program hash, changing config hash, changing message cancellation delay. There is no delay on governor actions.
Can upgrade implementation of SHARP Verifier, potentially with code approving fraudulent state. Currently there is 0s delay before the upgrade.
SHARP Verifier Governor. This is a Gnosis Safe with 2 / 3 threshold.
Those are the participants of the SHARPVerifierGovernorMultisig.
Allowed to post state updates. When the operator is down the state cannot be updated.
In DAI bridge it can set max deposit per bridge and per user. In DAI escrow it can approve token transfers.
Can upgrade implementation of the ETH escrow, potentially gaining access to all funds stored in the bridge. Currently there is 0s delay before the upgrade.
Can upgrade implementation of the WBTC escrow, potentially gaining access to all funds stored in the bridge. Currently there is 0s delay before the upgrade.
Can upgrade implementation of the USDC escrow, potentially gaining access to all funds stored in the bridge. Currently there is 0s delay before the upgrade.
Can upgrade implementation of the USDT escrow, potentially gaining access to all funds stored in the bridge. Currently there is 0s delay before the upgrade.
Can upgrade implementation of the wstETH escrow, potentially gaining access to all funds stored in the bridge. Currently there is 0s delay before the upgrade.
Can upgrade implementation of the rETH escrow, potentially gaining access to all funds stored in the bridge. Currently there is 0s delay before the upgrade.
Can upgrade implementation of the UNI escrow, potentially gaining access to all funds stored in the bridge. Currently there is 0s delay before the upgrade.
Can upgrade implementation of the FRAX escrow, potentially gaining access to all funds stored in the bridge. Currently there is 0s delay before the upgrade.
Can upgrade implementation of the FXS escrow, potentially gaining access to all funds stored in the bridge. Currently there is 0s delay before the upgrade.
Can upgrade implementation of the sfrxETH escrow, potentially gaining access to all funds stored in the bridge. Currently there is 0s delay before the upgrade.
Can upgrade implementation of the LUSD escrow, potentially gaining access to all funds stored in the bridge. Currently there is 0s delay before the upgrade.
Can upgrade the following bridges: FRAX, FXS, sfrxETH, USDT, WBTC, ETH, USDT, and additional permissions on other bridges, like setting the max total balance or activate withdrawal limits. This is a Gnosis Safe with 2 / 4 threshold.
Those are the participants of the BridgeMultisig.
Can upgrade implementation of the STRK escrow, potentially gaining access to all funds stored in the bridge. Currently there is 0s delay before the upgrade.
The system consists of the following smart contracts:
Starknet contract receives (verified) state roots from the Sequencer, allows users to read L2 -> L1 messages and send L1 -> L2 message.
Can be upgraded by: Starknet Proxy Governors
Upgrade delay: No delay
CallProxy for GpsStatementVerifier.
Starkware SHARP verifier used collectively by Starknet, Sorare, ImmutableX, Apex, Myria, rhino.fi and Canvas Connect. It receives STARK proofs from the Prover attesting to the integrity of the Execution Trace of these Programs including correctly computed state root which is part of the Program Output.
Part of STARK Verifier.
Part of STARK Verifier.
Part of STARK Verifier.
MemoryPageFactRegistry is one of the many contracts used by SHARP verifier. This one is important as it registers all necessary on-chain data.
Same as MemoryPageFactRegistry but stores facts proved by the old SHARP Verifier, used as a fallback.
Custom DAI Gateway, main entry point for users depositing DAI to L2 where “canonical” L2 DAI token managed by MakerDAO will be minted. Managed by MakerDAO.
Value Locked is calculated based on these smart contracts and tokens:
StarkGate bridge for ETH. There is no bridge cap.
Can be upgraded by: StarkGate ETH owner and BridgeMultisig
Upgrade delay: 0s
DAI Vault for custom DAI Gateway managed by MakerDAO. The current bridge cap is 5.00 M DAI.
StarkGate bridge for WBTC. There is no bridge cap.
Can be upgraded by: StarkGate WBTC owner and BridgeMultisig
Upgrade delay: 0s
StarkGate bridge for USDC. There is no bridge cap.
Can be upgraded by: StarkGate USDC owner and BridgeMultisig
StarkGate bridge for USDT. There is no bridge cap.
Can be upgraded by: StarkGate USDT owner and BridgeMultisig
Upgrade delay: 0s
StarkGate bridge for wstETH. There is no bridge cap.
Can be upgraded by: StarkGate wstETH owner
Upgrade delay: 0s
StarkGate bridge for rETH. There is no bridge cap.
Can be upgraded by: StarkGate rETH owner
Upgrade delay: 0s
StarkGate bridge for UNI. There is no bridge cap.
Can be upgraded by: StarkGate UNI owner
Upgrade delay: 0s
StarkGate bridge for FRAX. There is no bridge cap.
Can be upgraded by: StarkGate FRAX owner
Upgrade delay: 0s
StarkGate bridge for FXS. There is no bridge cap.
Can be upgraded by: StarkGate FXS owner
Upgrade delay: 0s
StarkGate bridge for sfrxETH. There is no bridge cap.
Can be upgraded by: StarkGate sfrxETH owner
Upgrade delay: 0s
StarkGate bridge for LUSD. There is no bridge cap.
Can be upgraded by: StarkGate LUSD owner
Upgrade delay: 0s
StarkGate bridge for LORDS.
StarkGate bridge for STRK. There is no bridge cap.
Upgrade delay: 0s
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
