Search for projects by name
Zircuit is a universal Rollup that aims to use zk proofs in the future. It is based on the Optimism Bedrock architecture, employing AI to identify and stop malicious transactions at the sequencer level.
Zircuit is a universal Rollup that aims to use zk proofs in the future. It is based on the Optimism Bedrock architecture, employing AI to identify and stop malicious transactions at the sequencer level.
The project will be classified as "Other" due to its specific risks that set it apart from the standard classifications.
The project will move to Others because:
Consequence: projects without a proper proof system fully rely on single entities to safely update the state. A malicious proposer can finalize an invalid state, which can cause loss of funds.
Learn more about the recategorisation here.
Currently the system permits invalid state roots. More details in project overview.
There is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.
Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.
Each update to the system state must be accompanied by a ZK proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. These proofs are then verified on Ethereum by a smart contract. Currently proofs are optional and state (by default) is considered optimistically to be valid. Moreover, the system doesn’t check that the transactions applied to the state are the ones published by the sequencer.
Funds can be stolen if the published state is invalid and the Challenger does not react during the 4h finalization window.
All the data that is used to construct the system state is published on chain in the form of cheap blobs or calldata. This ensures that it will be available for enough time.
The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system.
MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.
Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly.
The user initiates the withdrawal by submitting a regular transaction on this chain. When the block containing that transaction is finalized the funds become available for withdrawal on L1. The process of block finalization takes a challenge period of 4h to complete. Finally the user submits an L1 transaction to claim the funds. This transaction requires a merkle proof.
Funds can be frozen if the centralized validator goes down. Users cannot produce blocks themselves and exiting the system requires new block production (CRITICAL).
If the user experiences censorship from the operator with regular exit they can submit their withdrawal requests directly on L1. The system is then obliged to service this request or halt all withdrawals, including forced withdrawals from L1 and regular withdrawals initiated on L2. Once the force operation is submitted and if the request is serviced, the operation follows the flow of a regular exit.
OP stack chains are pursuing the EVM Equivalence model. No changes to smart contracts are required regardless of the language they are written in, i.e. anything deployed on L1 can be deployed on L2.
Admin of OptimismPortal, SystemConfig, L2OutputOracle, L1ERC721Bridge, OptimismMintableERC20Factory, L1StandardBridge.
Central actor allowed to post new L2 state roots to L1.
Central actor allowed to delete L2 state roots proposed by a Proposer.
Admin of the SuperChainConfig, can configure other roles.
Role set up in SuperChainConfig contract that can lower the withdrawal limit for a user.
A Gnosis Safe with 6 / 8 threshold. This address is the owner of the following contracts: ProxyAdmin, SystemConfig. It is also designated as a Challenger and SystemOwner of the L2OutputOracle, meaning it can remove L2 state roots and reconfigure L2OutputOracle, including changing the Verifier contract. It can upgrade the bridge implementation potentially gaining access to all funds, and change the sequencer, state root proposer or any other system component (unlimited upgrade power).
Those are the participants of the ZircuitMultiSig.
A Gnosis Safe with 2 / 5 threshold. This address is the permissioned guardian of the system, meaning it can pause all withdrawals. It is also an Admin of the ZircuitSuperchainConfig meaning that it can set roles and permissions for the SuperchainConfig contract.
Those are the participants of the ZircuitGuardianMultiSig.
The L2OutputOracle contract contains a list of proposed state roots which Proposers assert to be a result of block execution. Currently only the PROPOSER address can submit new state roots.
Upgrade delay: No delay
The L1CrossDomainMessenger (L1xDM) contract sends messages from L1 to L2, and relays messages from L2 onto L1. In the event that a message sent from L1 to L2 is rejected for exceeding the L2 epoch gas limit, it can be resubmitted via this contract’s replay function.
Upgrade delay: No delay
Upgrade delay: No delay
This contract verifies zk proof (if provided). There is a temporary backdoor allowing to call this contract without the proof.
Upgrade delay: No delay
The SuperchainConfig contract is normally used to manage configuration values for multiple OP Chains, however this is a separate instance of the SuperChain contract. It manages the PAUSED_SLOT, a boolean value indicating whether the chain is paused, and GUARDIAN_SLOT, the address of the guardian which can pause and unpause the system. It also defines OPERATOR and MONITOR roles which are used to manage throttling (withdrawal limits) on OptimismPortal.
Upgrade delay: No delay
Main entry point for users depositing ERC20 token that do not require custom gateway.
Upgrade delay: No delay
Main entry point for users depositing ETH.
Upgrade delay: No delay
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).