c2451918 (main)
and
9572fdbc (PR)
+27 -0
+27 -0
{
"dataAvailability": [
{
"name": "All data required for forced exits is published onchain",
"description": "All the data needed to recover the latest accounts state (represented by the Account Tree) and construct the zk proof necessary for forced exits is published onchain in the form of blobs. Only data that leads to state changes is posted.",
"risks": [],
"references": []
}
],
"exitMechanisms": [
{
"name": "Regular exit",
"description": "The user initiates the withdrawal by submitting a regular transaction on this chain. When the block containing that transaction is settled the funds become available for withdrawal on L1. ZK proofs are required to settle blocks. Finally the user submits an L1 transaction to claim the funds.",
"risks": [],
"references": []
},
{
"name": "Escape hatch through ZK proofs",
"description": "If the centralized operators fail to process forced transactions after the deadline, the system can be frozen (desert mode) and users can exit by reconstructing the latest settled state using the data available on L1 and providing a ZK proof of balance.",
"risks": [],
"references": []
}
],
"forceTransactions": {
"name": "Users can force their transactions on L1",
"description": "If the centralized operators fail to include user transactions, users can force them themselves through L1. The possible transaction types that users can force are: deposits, withdrawals, order creation, order cancellation, and burning of pool shares. If the operators do not process forced transactions within 14d, the system can be frozen (desert mode) and users can exit using the latest settled state. All open positions are settled using the latest index price.",
"risks": [],
"references": []
},
"operator": {
"name": "Centralized operators",
"description": "Only the centralized operators can submit batches and verify them with a ZK proof, i.e. advance the state of the protocol.",
"risks": [
{
"category": "MEV can be extracted if",
"text": "the operator exploits their centralized position and frontruns user transactions."
}
],
"references": []
},
"otherConsiderations": [
{
"name": "External oracles used for index prices",
"description": "Lighter uses a combination of oracles to determine index prices, with Stork as the primary source. External signatures are currently not verified and the sequencer must be trusted to truthfully report data.",
"risks": [
{
"category": "Funds can be lost if",
"text": "the oracle prices are manipulated."
}
],
"references": [
{
"title": "Lighter docs - Fair Price Marking",
"url": "https://docs.lighter.xyz/perpetual-futures/fair-price-marking"
}
]
}
],
"stateValidation": {
"description": "Each update to the system state must be accompanied by a ZK proof that ensures that the new state was derived by correctly applying a series of valid transactions to the previous state. This includes user transactions originating from L1 and L2, as well as internal transactions created by L2 operators. In the desert mode, valid proofs of exit must be generated. These proofs are then verified on Ethereum by a smart contract.",
"categories": [
{
"title": "Prover Architecture",
"description": "[This repo](https://github.com/elliottech/lighter-prover/tree/main) contains the circuits and prover code for normal (i.e. non-desert) operation mode of Lighter. It includes the logic to generate and verify proofs of valid state transition according to the Lighter [matching engine](https://github.com/elliottech/lighter-prover/blob/d0ff2304aea516b22f3a5223881006b6a9af1cc9/circuit/src/matching_engine.rs)."
},
{
"title": "ZK Circuits",
"description": "Lighter transition is proven with custom Plonky2 circuits, compiled into ZK Lighter Verifier and Desert Verifier. ZK Lighter verifier implements the perp DEX and spot trading logic and could be found in this [prover repo](https://github.com/elliottech/lighter-prover/tree/main/circuit/src). Desert verifier consists of circuits proving valid L2 -> L1 withdrawals in the desert mode. More details in [ZK Catalog](https://l2beat.com/zk-catalog/lighterprover#proof-system)."
},
{
"title": "Verification Keys Generation",
"description": "Lighter wraps its validity proof into a Plonk-based proof system which requires a trusted setup. The verification keys are hardcoded in the verifier contract on-chain. Lighter prover repo contains a [script](https://github.com/elliottech/lighter-prover/blob/main/build_circuits.sh) that regenerates circuits and verification keys.",
"references": [
{
"title": "ZK Lighter verifier verification keys",
"url": "https://etherscan.io/address/0x7ddad28962571f77fe5e9cb2fe74a896300eeed4#code#F1#L41"
},
{
"title": "Desert verifier verification keys",
"url": "https://etherscan.io/address/0xd4460475F00307845082d3a146f36661354FBc67#code#F1#L39"
}
]
}
]
},
"upgradesAndGovernance": "Regular upgrades are initiated by the \"network governor\" and executed with a 21d delay. The \"security council\" is allowed to reduce the upgrade delay to zero in case of an emergency. The security council does not currently satisfy the Stage 1 requirements. The network governor also retains the ability to add or remove validators.",
"warning": "Jan 5 2026: at the moment of writing, the desert mode circuits source code is not publicly available and therefore it is not possible to fully verify the escape hatch logic."
}+0 -24
+0 -24
{
"creator": "Succinct",
"projectsForTvs": [
{
"projectId": "forknet",
"sinceTimestamp": 1753882500
},
{
"projectId": "katana",
"sinceTimestamp": 1751328000
},
{
"projectId": "blobstream",
"sinceTimestamp": 1717608107
},
{
"projectId": "vector",
"sinceTimestamp": 1720128227
},
{
"projectId": "sophon",
"sinceTimestamp": 1745341091
},
{
"projectId": "lens",
"sinceTimestamp": 1745359200
},
{
"projectId": "plumenetwork",
"sinceTimestamp": 1746735060
},
{
"projectId": "galxegravity",
"sinceTimestamp": 1745880540
},
{
"projectId": "rari",
"sinceTimestamp": 1734562800
},
{
"projectId": "winr",
"sinceTimestamp": 1747088280
},
{
"projectId": "molten",
"sinceTimestamp": 1731480840
},
{
"projectId": "taiko",
"sinceTimestamp": 1730452800
},
{
"projectId": "lumia",
"sinceTimestamp": 1753882500
},
{
"projectId": "polygonzkevm",
"sinceTimestamp": 1753882500
},
{
"projectId": "xlayer",
"sinceTimestamp": 1753882500
},
{
"projectId": "silicon",
"sinceTimestamp": 1753882500
},
{
"projectId": "facet",
"sinceTimestamp": 1751407200
},
{
"projectId": "ternoa",
"sinceTimestamp": 1753882500
},
{
"projectId": "wirex",
"sinceTimestamp": 1753882500
},
{
"projectId": "penchain",
"sinceTimestamp": 1753882500
},
{
"projectId": "phala",
"sinceTimestamp": 1736290800
},
{
"projectId": "mantle",
"sinceTimestamp": 1757973600
},
{
"projectId": "zircuit",
"sinceTimestamp": 1756072800
},
{
"projectId": "omni",
"sinceTimestamp": 1748856160
},
{
"projectId": "morph",
"sinceTimestamp": 1737359447
},
{
"projectId": "gpt",
"sinceTimestamp": 1753882500
},
{
"projectId": "astarzkevm",
"sinceTimestamp": 1753882500
},
{
"projectId": "witness",
"sinceTimestamp": 1753882500
},
{
"projectId": "kroma",
"sinceTimestamp": 1739228400
},
{
"projectId": "haust",
"sinceTimestamp": 1756808195
},
{
"projectId": "celo",
"sinceTimestamp": 1765324800
}
],
"proofSystemInfo": "\n ## Description\n\n SP1 is a RISC-V zkVM using the [Plonky3](https://github.com/Plonky3/Plonky3) stack. The zkVM execution is proven recursively and is wrapped into a SNARK for final verification. It provides tools to generate onchain Groth16 or Plonk verifiers. SP1 targets [100 bits of security](https://docs.succinct.xyz/docs/sp1/security/security-model#conjectures-for-fris-security).\n\n ## Proof system\n\n SP1 proves execution of a RISC-V VM using several ZK circuits connected by lookup arguments, as implemented in Plonky3. VM execution trace is split into several chunks that could be proven in parallel with a STARK proving system. The parallelized proofs are recursively checked by the next layer of STARK circuits. The correctness of the final STARK proof is verified with the final wrap SNARK program, the wrap SNARK proof is verified onchain.\n\n ### zkVM component\n\n Verifies execution of a RISC-V program in a zkVM. Uses [Plonky3](https://github.com/Plonky3/Plonky3) STARK toolkit with AIR arithmetization and FRI-based polynomial commitment scheme within the [BabyBear field](https://docs.succinct.xyz/docs/sp1/security/security-model#hash-functions-and-the-random-oracle-model).\n\n ### Recursion circuits\n\n SP1 provides tools for recursive proof generation by [verifying proofs in a zkVM](https://docs.succinct.xyz/docs/sp1/writing-programs/proof-aggregation#verifying-proofs-inside-the-zkvm). This uses the same toolkit as top-level proof system, but proves the correct verification of all proofs generated on the previous step.\n\n ### Final wrap\n\n SP1 supports Plonk (with KZG polynomial commitments) or Groth16 final SNARK wrap of the STARK proof for performant onchain proof verification ([link](https://docs.succinct.xyz/docs/sp1/generating-proofs/proof-types#compressed)). The [gnark](https://github.com/Consensys/gnark) implementation of these proof systems over BN254 curve is used. For Plonk, Aztec Ignition trusted setup ceremony is used, for Groth16 Succinct run internal circuit-dependent phase 2 trusted setup, see [below](#trusted-setups) for more details.\n ",
"techStack": {
"zkVM": [
{
"id": "Plonky3",
"type": "STARK",
"name": "Plonky3",
"description": "Toolkit that implements a set of primitives for STARK-based zkVMs developed by Polygon Zero team."
},
{
"id": "RISCV",
"type": "ISA",
"name": "RISC-V",
"description": "Free and open-source universal 32-bit ISA used across a variety of hardware and software."
},
{
"id": "BabyBear",
"type": "Field",
"name": "Baby Bear",
"description": "Prime field of order p = 15 * 2**27 + 1."
}
],
"finalWrap": [
{
"id": "Gnark",
"type": "Plonk",
"name": "Gnark",
"description": "Consensys implementation of Plonk proving system written in Go."
},
{
"id": "Gnark",
"type": "Groth16",
"name": "Gnark",
"description": "Consensys implementation of Groth16 proving system written in Go."
},
{
"id": "BN254",
"type": "curve",
"name": "BN254",
"description": "BN254, aka BN256, aka alt_bn128 pairing-friendly 254-bit prime field Weierstrass elliptic curve."
}
]
},
"trustedSetups": [
{
"proofSystem": {
"id": "Gnark",
"type": "Plonk",
"name": "Gnark",
"description": "Consensys implementation of Plonk proving system written in Go."
},
"id": "AztecIgnition",
"name": "Aztec Ignition",
"risk": "green",
"shortDescription": "Aztec Ignition is a trusted setup ceremony that was run by Aztec for KZG commitment over BN254 curve in 2019. It included 176 participants and was publicly open for participation.",
"longDescription": " \n Aztec Ignition is a trusted setup ceremony for KZG commitments over BN254 curve that was run by Aztec for KZG commitment over BN254 curve in 2019. \n It included 176 participants and was publicly open for participation.\n \n - Github repo to download and verify the ceremony artifacts: [https://github.com/AztecProtocol/ignition-verification](https://github.com/AztecProtocol/ignition-verification).\n - Github repo with instructions for ceremony participants: [https://github.com/AztecProtocol/Setup](https://github.com/AztecProtocol/Setup).\n - Ceremony announcement with a call to participate: [https://aztec.network/blog/announcing-ignition](https://aztec.network/blog/announcing-ignition).\n "
},
{
"proofSystem": {
"id": "Gnark",
"type": "Groth16",
"name": "Gnark",
"description": "Consensys implementation of Groth16 proving system written in Go."
},
"id": "SP1Groth16",
"name": "SP1 Groth16 circuit-specific setup",
"risk": "red",
"shortDescription": "Succinct's internally run trusted setup for SP1 Groth16 final wrap circuits. Ceremony was run among 7 contributors to the SP1 project without public calls to participate.",
"longDescription": "\n Ceremony was run among 7 contributors to the SP1 project without public calls to participate. It generated setup parameters for Groth16 wrapper of SP1 zkVM.\n\n - Ceremony info on Succinct docs page: [https://docs.succinct.xyz/docs/sp1/security/security-model#options](https://docs.succinct.xyz/docs/sp1/security/security-model#options).\n - Ceremony instructions and verification instructions: [https://github.com/succinctlabs/semaphore-gnark-11/tree/main](https://github.com/succinctlabs/semaphore-gnark-11/tree/main).\n - Link to transcript and other artifacts (Note: will immediately start downloading .tar.gz file): [https://sp1-circuits.s3.us-east-2.amazonaws.com/v4.0.0-rc.3-trusted-setup.tar.gz](https://sp1-circuits.s3.us-east-2.amazonaws.com/v4.0.0-rc.3-trusted-setup.tar.gz).\n "
}
],
"verifierHashes": [
{
"hash": "0xd4e8ecd2357dd882209800acd6abb443d231cf287d77ba62b732ce937c8b56e7",
"proofSystem": {
"id": "Gnark",
"type": "Plonk",
"name": "Gnark",
"description": "Consensys implementation of Plonk proving system written in Go."
},
"knownDeployments": [
{
"address": "0x0459d576A6223fEeA177Fb3DF53C9c77BF84C459",
"chain": "ethereum"
},
{
"address": "0xFF5Adab685362DC4C33536a65aF5873738D1216B",
"chain": "ethereum"
}
],
"verificationStatus": "notVerified"
},
{
"hash": "0x1b34fe11a637737f0c75c88241669dcf9ca3c03713659265b8241f398a2d286d",
"proofSystem": {
"id": "Gnark",
"type": "Plonk",
"name": "Gnark",
"description": "Consensys implementation of Plonk proving system written in Go."
},
"knownDeployments": [
{
"address": "0xE00a3cBFC45241b33c0A44C78e26168CBc55EC63",
"chain": "ethereum"
}
],
"verificationStatus": "successful",
"verificationSteps": "\n - Check out [sp1 repo](https://github.com/succinctlabs/sp1) at commit `76c28bf986ba102127788ce081c21fa09cf93b18`.\n - Set an environment variable by calling `export SP1_ALLOW_DEPRECATED_HOOKS=true`. It is needed for the correct execution of circuit building.\n - Make sure that you have [go lang installed](https://go.dev/doc/install).\n - From `crates/prover` call `make build-circuits`. Note that the execution could take a while.\n ",
"attesters": [
{
"id": "l2beat",
"name": "L2BEAT",
"link": "https://l2beat.com"
}
]
},
{
"hash": "0xa4594c59bbc142f3b81c3ecb7f50a7c34bc9af7c4c444b5d48b795427e285913",
"proofSystem": {
"id": "Gnark",
"type": "Groth16",
"name": "Gnark",
"description": "Consensys implementation of Groth16 proving system written in Go."
},
"knownDeployments": [
{
"address": "0x50ACFBEdecf4cbe350E1a86fC6f03a821772f1e5",
"chain": "ethereum"
},
{
"address": "0x50ACFBEdecf4cbe350E1a86fC6f03a821772f1e5",
"chain": "arbitrum"
},
{
"address": "0xa5E60dbBAc6A65B654E5A14A5E357da3Fcf139dd",
"chain": "gnosis"
}
],
"verificationStatus": "notVerified"
},
{
"hash": "0xffea2d2e12ed24da258af874d77eee7ee91a1e050ee197052908089e57681e67",
"proofSystem": {
"id": "Gnark",
"type": "Plonk",
"name": "Gnark",
"description": "Consensys implementation of Plonk proving system written in Go."
},
"knownDeployments": [
{
"address": "0x045d4BC73Bd1918192f34e98532A5272Ef620423",
"chain": "ethereum"
}
],
"verificationStatus": "notVerified"
}
]
}+0 -68
+0 -68
{
"creator": "Matter Labs",
"projectsForTvs": [
{
"projectId": "zksync",
"sinceTimestamp": 1592431200
},
{
"projectId": "zkspace",
"sinceTimestamp": 1639954800
}
],
"proofSystemInfo": "\n ## Proof system\n\n ZKSync Lite prover is a monolithic SNARK proving system that generates validity proofs for the state transition of ZKSync Lite L2. It is a [Plonk system](https://docs.lite.zksync.io/userdocs/security/#primitives) over BN254 curve with [custom circuits](https://github.com/matter-labs/zksync/tree/master/core/lib/circuit/src) designed to prove the specific state transition function of the L2, including deposits and withdrawals, transfers, swaps, NFT operations. The proof system itself is implemented in the [bellman library](https://github.com/matter-labs/bellman), while many base cryptographic primitives are implemented in [franklin library](https://github.com/matter-labs/franklin-crypto/tree/dev). \n ",
"techStack": {
"snark": [
{
"id": "Zksync",
"type": "Plonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Plonk proving system, originally developed for ZKsync Lite (old ZKsync)."
},
{
"id": "BN254",
"type": "curve",
"name": "BN254",
"description": "BN254, aka BN256, aka alt_bn128 pairing-friendly 254-bit prime field Weierstrass elliptic curve."
},
{
"id": "CustomCircuits",
"type": "Other",
"name": "App-specific circuits",
"description": "This project uses custom app-specific ZK circuits."
}
]
},
"trustedSetups": [
{
"proofSystem": {
"id": "Zksync",
"type": "Plonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Plonk proving system, originally developed for ZKsync Lite (old ZKsync)."
},
"id": "AztecIgnition",
"name": "Aztec Ignition",
"risk": "green",
"shortDescription": "Aztec Ignition is a trusted setup ceremony that was run by Aztec for KZG commitment over BN254 curve in 2019. It included 176 participants and was publicly open for participation.",
"longDescription": " \n Aztec Ignition is a trusted setup ceremony for KZG commitments over BN254 curve that was run by Aztec for KZG commitment over BN254 curve in 2019. \n It included 176 participants and was publicly open for participation.\n \n - Github repo to download and verify the ceremony artifacts: [https://github.com/AztecProtocol/ignition-verification](https://github.com/AztecProtocol/ignition-verification).\n - Github repo with instructions for ceremony participants: [https://github.com/AztecProtocol/Setup](https://github.com/AztecProtocol/Setup).\n - Ceremony announcement with a call to participate: [https://aztec.network/blog/announcing-ignition](https://aztec.network/blog/announcing-ignition).\n "
}
],
"verifierHashes": [
{
"hash": "0xfa15bba967ebf892d9657359fb8ff07aea13e152c0d5160143a494abb4bc9df3",
"proofSystem": {
"id": "Zksync",
"type": "Plonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Plonk proving system, originally developed for ZKsync Lite (old ZKsync)."
},
"knownDeployments": [
{
"address": "0x57B09100e6160503aBDEBC76012b6c358eA4e462",
"chain": "ethereum"
}
],
"verificationStatus": "notVerified",
"description": "Custom verifier ID: SHA256 hash of the abi packed array of uint256 obtained from flattening VerificationKey structure returned by getVkAggregated1()"
},
{
"hash": "0xdfd9cbc5d113efddf3bfe382bcdd2cd67a9548fb62d758e9b18c8d8821ef1f22",
"proofSystem": {
"id": "Zksync",
"type": "Plonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Plonk proving system, originally developed for ZKsync Lite (old ZKsync)."
},
"knownDeployments": [
{
"address": "0x57B09100e6160503aBDEBC76012b6c358eA4e462",
"chain": "ethereum"
}
],
"verificationStatus": "notVerified",
"description": "Custom verifier ID: SHA256 hash of the abi packed array of uint256 obtained from flattening VerificationKey structure returned by getVkAggregated4()"
},
{
"hash": "0xdfd12090ec7d5f3cc8c98dcad49e938e9e33f6807b70679c6bdfe61fdf9fd329",
"proofSystem": {
"id": "Zksync",
"type": "Plonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Plonk proving system, originally developed for ZKsync Lite (old ZKsync)."
},
"knownDeployments": [
{
"address": "0x57B09100e6160503aBDEBC76012b6c358eA4e462",
"chain": "ethereum"
}
],
"verificationStatus": "notVerified",
"description": "Custom verifier ID: SHA256 hash of the abi packed array of uint256 obtained from flattening VerificationKey structure returned by getVkAggregated8()"
},
{
"hash": "0x730bd4aefc695fa8689235a3a8deafa82f785e5d9302481a6b7ecf95a7d0420a",
"proofSystem": {
"id": "Zksync",
"type": "Plonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Plonk proving system, originally developed for ZKsync Lite (old ZKsync)."
},
"knownDeployments": [
{
"address": "0x44DedA2C824458A5DfE1e363c679dea33f1ffA39",
"chain": "ethereum"
}
],
"verificationStatus": "notVerified",
"description": "Custom verifier ID: SHA256 hash of the abi packed array of uint256 obtained from flattening VerificationKey structure returned by getVkAggregated1()"
},
{
"hash": "0x4a13f5d7934015fbfc3e24c61d3356fdc5c200032ab19c514e1ba619d3039ace",
"proofSystem": {
"id": "Zksync",
"type": "Plonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Plonk proving system, originally developed for ZKsync Lite (old ZKsync)."
},
"knownDeployments": [
{
"address": "0x44DedA2C824458A5DfE1e363c679dea33f1ffA39",
"chain": "ethereum"
}
],
"verificationStatus": "notVerified",
"description": "Custom verifier ID: SHA256 hash of the abi packed array of uint256 obtained from flattening VerificationKey structure returned by getVkAggregated5()"
},
{
"hash": "0x75d87653bd7f2833ebbbec7128550beb4dd4f22e5224eb2b6bd73fa720da3a24",
"proofSystem": {
"id": "Zksync",
"type": "Plonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Plonk proving system, originally developed for ZKsync Lite (old ZKsync)."
},
"knownDeployments": [
{
"address": "0x44DedA2C824458A5DfE1e363c679dea33f1ffA39",
"chain": "ethereum"
}
],
"verificationStatus": "notVerified",
"description": "Custom verifier ID: SHA256 hash of the abi packed array of uint256 obtained from flattening VerificationKey structure returned by getVkAggregated10()"
},
{
"hash": "0x79cab0460ac9f99789702614b77a3eacd0c52b0c29fb69d4065952edc247dad9",
"proofSystem": {
"id": "Zksync",
"type": "Plonk",
"name": "Zksync",
"description": "Matter Labs Rust implementation of Plonk proving system, originally developed for ZKsync Lite (old ZKsync)."
},
"knownDeployments": [
{
"address": "0x44DedA2C824458A5DfE1e363c679dea33f1ffA39",
"chain": "ethereum"
}
],
"verificationStatus": "notVerified",
"description": "Custom verifier ID: SHA256 hash of the abi packed array of uint256 obtained from flattening VerificationKey structure returned by getVkAggregated20()"
}
]
}