Curve + zkSync L2: Ethereum’s first user-defined ZK rollup smart contract!

Welcome to Zinc Alef, the zkSync smart contracts testnet.

Matter Labs
Oct 9 · 5 min read
Image for post
Image for post

Curve and Matter Labs teams are excited to announce a big step towards scaling Ethereum in a secure and decentralized way: today, we’re unveiling a zkSync L2 smart contracts testnet with Curve Finance as the first resident dapp.

>> Live demo! <<

Curve contracts in Zinc

Zinc documentation

Discussion in Gitter

Why ZK rollup?

ZK rollup (ZKR) is one of the two existing rollup flavors, the other one being optimistic rollup (OR). Both approaches have their trade-offs (see a detailed comparison). Here are the major practical differences:

Security. ZK rollups are extremely secure even with a single validator, as they rely on pure math instead of ongoing economically incentivized activity to keep funds safe. Cryptographic assumptions aside, ZKRs are as secure as the underlying L1. This is especially important for protocols that deal with a high total value of assets. In contrast to ZKRs, optimistic rollups possess a strong anti-network effect: their security decreases proportionally to the value locked. In fact, there is an effective cap on the capital size (in the range of $10s of millions) that can be securely placed into a single OR while keeping it resistant to a highly plausible attack on L1. This attack vector cannot be mitigated as long as Ethereum remains a PoW chain.

Finality. ZK rollups have short finality (minutes), and therefore support capital-efficient fast exits to L1. In contrast, optimistic rollups are forced to choose between fast and capital-efficient exits, but cannot have both. Most researchers consider a dispute-delay time of at least one week necessary for ORs. This is important for interoperability with contracts on L1, which (will at least initially) continue to play a big role in the ecosystem.

Programmability. It is easier to support full EVM-compatibility with optimistic rollups. The OR approach was generally considered the only viable way to bring existing Ethereum smart contracts into L2. However, this is about to change.

Smart contracts in a ZK rollup?

How does Zinc VM work?

  1. Bytecode for the Zinc Virtual Machine.
  2. SNARK verification keys for this contract.

Zinc VM bytecode + verification keys can be deployed to the zkSync network in a fully permissionless manner. The contract will get assigned a new address inside L2. Whenever users interact with this contract, validators of zkSync will execute the Zinc VM opcodes and produce a zero-knowledge proof of the validity of the transaction — a special design of SNARK-friendly Zinc VM makes this possible. The proof will then be recursively verified by the rollup block circuit against the deployed verification keys. The block proof is then verified by the zkSync smart contract on Ethereum to authorize state transition, which by transience verifies the entire contractual logic of all transactions in the block.

Thus, Zinc smart contracts on zkSync inherit the strict security guarantees of validity proofs.

How to write smart contracts for zkSync?

Zinc is currently in a closed development beta. If you are interested in trying it out for your project, please talk to us.

How does Zinc differ from Solidity/Vyper? Can I port my existing source code?

Since Zinc is structurally identical to Solidity, existing Solidity code can easily be translated into Zinc. The main challenge is that Zinc is currently non-Turing-complete. This means: recursion and unbounded loops are prohibited (bounded loops are fine).

Vyper, the second most popular ETH smart contract language, is non-Turing-complete too. Therefore any Vyper program can be isomorphically translated into Zinc today. This is exactly how the Curve on zkSync works: Matter Labs helped the Curve team to rewrite existing Curve contracts into a Zinc version. It is almost line-by-line identical to the original source.

Although Zinc itself is non-Turing complete, anything you can do in Solidity can in practice be achieved in Zinc with minimal modifications: in part because the code of most Defi apps rarely requires loops or recursion, and in part, because the Turing-complete components can be re-implemented by leveraging transaction-level recursion, i.e. contracts invoking their own public methods via external calls (this is still possible in zkSync).

But we have more good news: Matter Labs is working on making Zinc Turing-complete in the near future. And until then, we are happy to provide support for your team to make existing Solidity code portable. Please reach out.

What about composability?

How are the user keys managed?

Even if the zkSync website was hacked, our approach requires a 2-factor authentication by signing every message additionally by your Ethereum wallet. This signature is currently verified by our servers, although recursive PLONK proofs now make it possible for us to integrate it directly into our ZKP circuits without too much overhead.

In parallel, we are working together with other teams on the development of universal Ethereum signing standards for L2, which will make the UX around interacting with L2 contracts even more delightful.

What are the limitations of Zinc Alef?

However, at this stage, Zinc VM is not yet integrated into zkSync core. Some important functionality in the Zinc programming language can also be missing. We are prioritizing the feature development according to the requests from the community.

Matter Labs

Matter Labs

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store