Discover and read the best of Twitter Threads about #securingthemission

Most recents (4)

Security guides every decision we make at zkSync. Here’s a look at the measures we’ve taken to secure zkSync Era as a part of our zero-compromise approach to security. #securingthemission

1/10
Since zkSync Era launched on Testnet, we’ve run:

• Multiple internal audits testing the entire system
• Public audits with @OpenZeppelin and @HalbornSecurity, covering the full scope of the system
• Public contests with @code4rena featuring $345k in prizes

(cont'd)

2/
(cont'd)

• A public bug bounty with @immunefi, featuring a $100k expansion in scope and rewards
• Audits with independent researchers for specific parts of the system

3/
Read 10 tweets
We’ve spent $3.5M+ on audits, bug bounties, and contests to secure zkSync 2.0 — but there’s no such thing as too secure. Here are some added security measures we’ll take once zkSync 2.0 is open to the public.

1/6
We’re limiting the early flow of funds, which ensures that developers have an adequate amount of ETH for contract deployment and testing transactions while minimizing the risk of losing a large amount of value during the early stages of the system.

2/6
We’ve got a “speed bump” measure in place too — restricting withdrawals to 10% of TVL per day, limiting the consequences of any security breach. This way, we can respond quickly, stopping the attacker from completely draining the system's resources.

3/6
Read 6 tweets
Ethereum is a dark forest. Immutable smart contracts, financial incentives, and anonymity create an environment that forces us beyond standard security practices. Here’s how you onboard a billion users without compromising security. #securingthemission

1/7
The complexity of building a zkEVM includes the possibility of low-frequency bugs with big impact potential. That’s why zkSync has many layers of protection built into the system. Some of these security layers will fade out as the protocol moves toward full decentralization.

2/7
Instead of relying solely on one security measure, such as zero-knowledge cryptography, we implement multiple layers of protection, known as the "defense-in-depth" or "Swiss cheese model," to prevent and minimize the impact of potential breaches.

3/7
Read 7 tweets
In this week’s #securingthemission, we’re walking through the security benefits of EVM compatibility on zkSync 2.0.

1/7
EVM compatibility is a spectrum with trade-offs between high compatibility (easy to redeploy from L1) and high performance (quick to generate ZK proofs). The more compatible with L1, the lower the performance and vice versa.

h/t: @vitalikbuterin: vitalik.ca/general/2022/0…

2/7
We designed zkSync 2.0 for high performance but specifically chose to maintain source code compatibility (Solidity and Vyper), which comes with added security benefits.

3/7
Read 7 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!