-
Notifications
You must be signed in to change notification settings - Fork 122
Loopring_36_Security_Audit
Loopring 3.1 is the first zkRollup implementation on the Ethereum blockchain, a relayer and a DEX (Loopring.io) was launched in March 2020 and is still serving our users. Loopring 3.6 is an improved version with the same technical stack. We expect Loopring 3.6 will be the production version for the next two to three years.
We made a comparison table to outline the major differences between 3.6 and 3.1.
Files in the following directories should be covered:
-
https://github.com/Loopring/protocols/tree/protocol-36/packages/loopring_v3/circuit/
-
https://github.com/Loopring/protocols/tree/protocol-36/packages/loopring_v3/contracts/iface/, except:
- IProtocolFeeValut.sol
- ITokenPriceProvider.sol
- ITokenSeller.sol
- IUserStakingPool.sol
-
https://github.com/Loopring/protocols/tree/protocol-36/packages/loopring_v3/contracts/impl/, except:
- ProtocolFeeVault.sol
- UniswapTokenSeller.sol
- UserStakingPool.sol
- /price-providers
-
https://github.com/Loopring/protocols/tree/protocol-36/packages/loopring_v3/contracts/lib/
-
- /chainlink/
Below are a few things I feel like deserve special attentions. We’ll probably add more to this list before the audit.
- Reentrance attack
- Overflow protection against the SNARK scalar field
- Sybil attack in layer-2 account registration
- Worse case scenario analysis, for example, the operator private-key is leaked.
- The circuit code base
- Cost analysis for Deposit/Withdrawal/Trades/Transfer, low cost and high throughput are the most important metrics for zkRollup.
Loopring Foundation
nothing here