Discover and read the best of Twitter Threads about #securingthemission
Most recents (4)
Security guides every decision we make at zkSync. Here’s a look at the measures we’ve taken to secure zkSync Era as a part of our zero-compromise approach to security. #securingthemission
1/10
1/10
Since zkSync Era launched on Testnet, we’ve run:
• Multiple internal audits testing the entire system
• Public audits with @OpenZeppelin and @HalbornSecurity, covering the full scope of the system
• Public contests with @code4rena featuring $345k in prizes
(cont'd)
2/
• Multiple internal audits testing the entire system
• Public audits with @OpenZeppelin and @HalbornSecurity, covering the full scope of the system
• Public contests with @code4rena featuring $345k in prizes
(cont'd)
2/
(cont'd)
• A public bug bounty with @immunefi, featuring a $100k expansion in scope and rewards
• Audits with independent researchers for specific parts of the system
3/
• A public bug bounty with @immunefi, featuring a $100k expansion in scope and rewards
• Audits with independent researchers for specific parts of the system
3/
We’ve spent $3.5M+ on audits, bug bounties, and contests to secure zkSync 2.0 — but there’s no such thing as too secure. Here are some added security measures we’ll take once zkSync 2.0 is open to the public.
1/6
1/6
We’re limiting the early flow of funds, which ensures that developers have an adequate amount of ETH for contract deployment and testing transactions while minimizing the risk of losing a large amount of value during the early stages of the system.
2/6
2/6
We’ve got a “speed bump” measure in place too — restricting withdrawals to 10% of TVL per day, limiting the consequences of any security breach. This way, we can respond quickly, stopping the attacker from completely draining the system's resources.
3/6
3/6
Ethereum is a dark forest. Immutable smart contracts, financial incentives, and anonymity create an environment that forces us beyond standard security practices. Here’s how you onboard a billion users without compromising security. #securingthemission
1/7
1/7
The complexity of building a zkEVM includes the possibility of low-frequency bugs with big impact potential. That’s why zkSync has many layers of protection built into the system. Some of these security layers will fade out as the protocol moves toward full decentralization.
2/7
2/7
Instead of relying solely on one security measure, such as zero-knowledge cryptography, we implement multiple layers of protection, known as the "defense-in-depth" or "Swiss cheese model," to prevent and minimize the impact of potential breaches.
3/7
3/7
In this week’s #securingthemission, we’re walking through the security benefits of EVM compatibility on zkSync 2.0.
1/7
1/7
EVM compatibility is a spectrum with trade-offs between high compatibility (easy to redeploy from L1) and high performance (quick to generate ZK proofs). The more compatible with L1, the lower the performance and vice versa.
h/t: @vitalikbuterin: vitalik.ca/general/2022/0…
2/7
h/t: @vitalikbuterin: vitalik.ca/general/2022/0…
2/7
We designed zkSync 2.0 for high performance but specifically chose to maintain source code compatibility (Solidity and Vyper), which comes with added security benefits.
3/7
3/7
