NFT Smart Contract Security Audit: Ultimate Guide
Smart contract vulnerabilities in NFTs lead to security issues. Regular NFT smart contract audits migitate the risks of hacks.
🇺🇦 Hacken stands with Ukraine!Learn more
Implementing a new consensus mechanism for zero knowledge (zk) rollups is in full swing. More than a dozen protocols compete for L2 leadership in zero-knowledge proofs. Polygon zkEVM is a likely contender to win the race.
Polygon Technology is the most popular blockchain-as-a-service and the 5th largest protocol in the world, with over $1 billion in TVL. Polygon’s Matic token has the 10th largest mcap of $9 billion. Big names in Ethereum’s ecosystem, like Aave, Curve, and Uniswap, support the PoS. In addition to a well-established brand, the product by the Polygon team, zkEVM itself, has everything it takes to deliver cheaper and safer blockchain scalability.
Zero knowledge rollups will bring the Polygon ecosystem to new heights. In addition, Polygon zkEVM opens possibilities for Ethereum scaling.
The goal of zkEVM is to become the best Ethereum-equivalent scaling solution. Its main objectives are to increase throughput and reduce gas fees.
Polygon zkEVM is a layer-2 consensus mechanism for batching, verifying, and sending transactions to the Ethereum network. Polygon zkEVM is a natural step forward in blockchain’s unchanging mission to scale Ethereum.
Polygon has come a long way forward in its mission:
Becoming the best blockchain scaling solution is vital to Polygon. For the past two years, the PoS has offered consistently cheaper gas fees than Ethereum. Because of cheaper fees, it even has more transactions than Ethereum. However, the difference in gas fees is not monumental. The most important goal of Polygon zkEVM is to widen the cost gap without compromising security. Thus, progression towards zkEVM is vital for the team; they are close to the mainnet now.
Polygon zk rollups implementation timeline:
Let’s start with a high-level overview of zero-knowledge (zk) rollups. Rollups are one of many layer 2 scaling solutions. Others are validium, sharding, and state channels. Broadly speaking, Polygon uses the same zk cryptography as any other existing zk rollup.
Most rollups work the same:
The major point of difference between zk rollups and optimistic rollups relates to the second step, a step called a method of finality or verification. It refers to the way layer-2 protocols produce validity proofs.
Zero knowledge rollups, like Polygon zkEVM, zkSync, or other scaling solutions, generate validity proofs for every batch. Most zk rollups use SNARK/STARK or a similar mechanism. The validator does not check every transaction individually but in batches. On the other side are optimistic rollups. Arbitrum, an Ethereum equivalent scaling solution, “optimistically” assumes that every off-chain computation is valid unless proven otherwise on the mainnet.
Therefore, regarding finality, zk rollups use validity proofs, while optimistic rollups use fraud proofs.
Polygon zero knowledge stack
zkEVM is not a standalone project but consists of six zk projects (Hermez, Miden, Zero, Nightfall, and Avail) in the Polygon network. Polygon Hermez, Miden, and Zero are direct implementations of zk proofs. Hermez is probably the most important project for Polygon zero-knowledge rollups. Polygon Nightfall is an optimistic rollup for privacy, while Avail and Edge enable modular building.
The second and final public testnet of Polygon Hermez, led by Jordi Baylina, showed improvements. According to block explorer, they reduced batch verification time to 4 minutes (5 seconds per block), processed 15k transactions, and demonstrated the capacity to support 70k wallet addresses deploying smart contracts.
Technology in detail. Let’s also pay more attention to how this technology verifies the correctness of state transitions. Broadly speaking, the main components that generate proofs in the client stack are the RPC node, sequencer, and aggregator. The executor accepts transactions and creates a matrix, which is then converted into polynomials that must meet PIL-based equations. Upon confirming equations, the acquired proof generates knowledge about the correct state transition.
Recursive proof: Higher TPS + Lower Latency. Recursion is a major highlight of Polygon zk rollups in their current form. The recursive composition brings magic to their zero knowledge solution. It increases the TPS rate and simultaneously reduces latency.
Polygon published that its recursion works using incrementally verifiable computation. This cryptographic primitive allows using one validity proof to verify the correctness of many.
Incrementally verifiable computation isn’t special. Teams from Miden and Zero have already worked on them. What’s special is their first integration into an EVM-equivalent zk rollup. Compatibility with the leading blockchain development platform is the best advantage. Merging recursive SNARKs in Ethereum is difficult. It was only possible because the Polygon developer team delivered bytecode compatibility.
Fast STARK proofs and batch aggregation. ZK rollup proves each batch of transactions many times while fitting a high gas throughput in a batch.
Polygon zkEVM uses multiple provers, and recursion works simultaneously with aggregation. Each batch of transactions includes a hash for the batch in front. They also have an intelligent parallel operation of several provers. SNARKs are used for size optimization. However, for initial proof generation, it uses a faster mechanism called STARK.
On Jan 17, Polygon and Hacken held a joint Twitter AMA session on a zero-knowledge concept and #zkEVM. The Space featured Jordi Baylina and David Schwartz, cofounders and the masterminds behind their technology, and Yarik Bratashchuk, a blockchain researcher at Hacken.
This “behind the scenes” experience revealed a lot about zkEVM and how it solves the problem of zk proofs.
After talking with the co-founders firsthand, we conclude that their zk rollup is the first scaling solution fully compatible with Ethereum’s ecosystem. All existing smart contracts, Ethereum developer tools, and wallets work seamlessly in the Ethereum-equivalent environment. It opens the doors for the most vibrant blockchain developer community. They can also provide grants for developers building the most impressive solutions.
Polygon zk rollups are now undergoing internal and external audits. The information about the results of an internal audit is mostly classified as it should be. However, we have some details about the external blockchain protocol audit. In December 2022, the team announced cooperation with two external auditors (Spearbit and Hexens) for their zk rollup. The two audits work independently to review 37 components. They also published the scope of the audit.
We also want to comment on the general approach of Polygon to their security and auditing because it’s worthy of attention. We don’t always see companies working with two independent auditors simultaneously. However, having two auditors is only half of the story. In addition, the blockchain demonstrates an understanding of the audit’s inherent value. They worked with the Ethereum Foundation, one of the most reputable sources of blockchain knowledge, to determine the purpose of any audit, verifying whether a certain claim by a given technology is correct. In this case, the audit must verify whether zkEVM truly produces only valid state transitions using zero knowledge proofs. On top of that, they are open to a public bug bounty after the audit. A bug bounty is a crowdsourced defense where external researchers with diverse backgrounds report security bugs for a reward.
Having an external audit by a reputable party (or two parties, as is the case) makes a positive impact on developers and community trust. We strongly believe combining internal and external audits is the best option for mitigating risks and contributing to a secure Ethereum blockchain.
The platform’s commitment to security pushes Web3 projects building on top of layer 2 to adopt the same proactive approach. The mainnet is projected to be up and running by the end of the first quarter of 2023. Existing Polygon dApps interested in leveraging new zk technology still have time to trial their projects in the testnet.
At this stage, it’s also vital to think about security. A professional code review of your smart contract today will save developers countless work hours after deploying their decentralized applications. Making sure your smart contract code is free of errors will make your Web3 app more resilient to cyber threats, in addition to crucial performance improvements.
Polygon uses rollups, a layer 2 solution for Ethereum scaling.
Besides Polygon zkEVM, other crypto projects using zk rollups are zkSync, StarkNet, and Aztec.
Polygon zkEVM is a scaling solution for the Ethereum network using zk technology.