ZKSwap: an AMM model Layer-2 Dex based on zk-Rollup
The Next Wave of Defi is Here
Written by: Blue Fox Notes(WeChat Account ID: Lanhubiji)
Published on: Sep 30th, 2020
Check the Original Article in Chinese here.
Decentralized exchange (dex) is a critical building block for DeFi. According to Dune Analytics, DEX trading volume in the past 7 days has exceeded US$4 billion. Uniswap’s transaction volume on the same day also exceeded 300 million USD. These transactions are all real transactions recorded on-chain.
At the beginning of this year, the Total Value Locked in Uniswap was only about 15 million U.S. dollars. As of July 25, two months ago, it was only more than 80 million U.S. dollars. Two months since the Total Value Locked in Uniswap has exceeded 2 billion. The Total Value Locked is a great indicator of how fast the industry expands.
Bottlenecks of DEX
Although DEX is growing fast, behind the exponential growth lies its bottlenecks. Today’s DEX trading volume is often driven by speculative trading, mining, and other factors. High trading volume hides out issues that need to be fixed, including high cost, slow speed, low throughput, and poor user experience.
Users who have participated in mining know that during the peak period of congestion, the gas fee could cost tens or even hundreds of dollars.
Since most of the DEX execution in the AMM mode is completed on-chain, each transaction and each operation need to wait for the block confirmation, which results in slow confirmation.
For users, “swap” means “to exchange”, but the exchange experience is not ideal.
At present, most DEXs are based on Ethereum. The average Transaction per Second(TPS) on Ethtereum is typically lower than 20. For the increasing transaction demand, this level of throughput is obviously not enough.
Scalability Solutions
Comparing to traditional finance, the user scale for DEXes is still considerably small. Even so, the Ethereum network is easily overwhelmed.
Assuming that DEX wants to compete with centralized exchanges (CEX), it will need to solve the aforementioned scalability issue mentioned above.
In order to solve these problems, there are two options. One is to leave Ethereum and use a faster public blockchain, e.g. Serum chose to build a DEX on Solana. Another option to stay on Ethereum and use Layer 2 technology to scale, While waiting for the sharding of Ethereum 2.0.
By choosing a faster underpinning public chain, it may solve problems such as cost, speed, throughput. However, it takes a long time to build the ecosystem from scratch. DeFi already has a robust ecosystem on Ethereum, with abundant DeFi building blocks — money legos, and a huge user base. The Ethereum DeFi sector has formed a certain degree of the network effect, and Ethereum also has high network security.
The second solution is still based on Ethereum but makes full use of Layer 2 technology to resolve the DEX bottlenecks. Blue Fox Notes also mentioned the “Ethereum’s Layer 2 Track” before. Among all the layer-2 solutions on Ethereum, zk-Rollup has advantages in security, and it can also solve problems such as cost and throughput. It is suitable for building a DEX.
ZKSwap’s Layer 2 solution
ZKSwap is a layer-2 DEX based on Zk-Rollup technology. ZKSwap aspires to solve the above-mentioned DEX bottlenecks. Its core is to apply zk-Rollup to realize low-cost and fast exchange experience while maintaining a high level of security.
ZKSwap uses zk-Rollup technology to transfer ERC20 tokens to layer-2. All token transactions and exchanges take place in layer-2. However, since it can ensure the consistency of the state between layer-1 and layer-2 through continuously generated zero-knowledge proofs, there is no need to wait for the block confirmation time, no need to pay high gas fees. In another wore, it achieves fast exchanges, and at the same time has the layer-1 level of security, providing a token exchange experience close to CEX.
Specifically, ZKSwap utilizes the zk-Rollup implementation called zkSync. The user first submits the signed transaction to the verifier. The verifier rollups multiple transactions, merges them into one block, and sends the root hash of the updated contract state tree and the corresponding SNARK proof to the contract on-chain. The verifier will also send the state delta corresponding to the transaction to the main chain so that people can reconstruct the state after the transaction.
Since the SNARK proof and the state increment will be verified by the contract on-chain, it can prove the validity of all transactions and guarantees data availability. The verifier cannot tamper with the state, nor can it embezzle the funds on Layer 2, because all state changes require corresponding proofs, which cannot be forged.
In addition, in this process, the funds are not escrowed by a third party, and the private key is still controlled by the user. The core idea of zkSync, as one implementation of zkRollup, is to aggregate a large number of transactions, reconstruct, and verify those transactions on-chain. It executes token exchanges on the layer-2 and uses zero-knowledge proof to send proof of the aggregated transactions to the main chain.
In this process, most of the calculation and storage takes place off-chain, the data stored on the chain is greatly reduced, and funds are locked in smart contracts. Because the SNARK proof and transaction state delta are stored on-chain, even if the verifier is not working, users can reconstruct the transaction through the on-chain data and retrieve the locked tokens. This ensures the security of the token, and the user still controls the private key. For security, it is no different from the current Layer 1 DEX. But while ensuring security, ZKSwap can greatly reduce transaction costs, accelerate transaction speed, and provide smoother users experiences in much higher magnitude.
The gas consumption of SNARK verification is much lower than that of verifying a large number of transactions on layer-1. And the cost of storing the complete state off-chain is also much lower than storing on-chain. In theory, zk-Rollup can realize the scalability of Ethereum through layer 2 while greatly reducing transaction costs.
Currently, ZKSwap uses zkSync, one implementation of the layer-2 scalability solution zk-Rollup, which is suitable for building a secure decentralized exchange protocol. It supports basic token exchange, including deposit, transfer, exchange, and withdrawal of tokens. Here, “deposit” means transferring tokens from Layer-1 to Layer-2 of zkSync. “Transfer” and “exchange” refer to the transfer of tokens and token swaps on Layer-2. The advantage is that there is basically no gas fee. And token “withdrawal” refers to transfer the tokens on Layer-2 back to the Layer-1 account.
ZKSwap vs UniSwap
ZKSwap builds a decentralized DEX protocol based on zk-Rollup technology. On the surface, ZKSwap is a DEX similar to Uniswap’s AMM model, but from the perspective of the underlying technology and user experience, there are certain differences between them.
The biggest difference between ZKSwap and the current version of Uniswap is that ZKSwap can greatly reduce transaction costs, greatly increase transaction speed, and achieve an exchange experience close to CEX, while also ensuring Layer 1 security.
zkRollup vs Optimistic Rollups
Taking into account other Layer 2 solutions, such as Optimistic rollups and Validium technologies, although they can also greatly increase transaction speed and reduce transaction fees, they have made a tradeoff in security.
In view of ZK-Rollup’s emphasis on safety, DEX based on Zk-Rollup is the future development trend.
ZKSwap is expected to launch at the end of October. Since Uniswap’s Layer 2 has not yet been launched, ZKSwap may become the first DEX to launch an AMM model based on ZK-Rollup.
The Overall Framework of ZKSwap
In terms of the overall framework, the ZKSwap system includes on-chain smart contracts, an off-chain ZKSwap server, the zero-knowledge proof system, and the front-end user interface. The details are as follows:
The on-chain smart contracts are a set of smart contracts deployed on Ethereum. The user’s tokens will be deposited in it, and it will also record and verify Layer 2 status updates and corresponding proofs. It is a bridge connecting the main chain and the layer-2.
The Layer 2 server of ZKSwap processes off-chain transactions. On the one hand, it interacts with users through the interface, and on the other hand, it monitors transactions on the Ethereum chain.
The transaction request will be put into the memory pool of ZKSwap, the Block Proposer will rollup the transaction to generate a new block, and the State Keeper will update the status of the token in Layer 2 and send it to the Committer. The Committer communicates with the Prove Server to obtain proof of the corresponding transaction. These states and the corresponding SNARK proof will be sent to the ZKSwap smart contract on the chain.
ZKSwap’s zero-knowledge proof system has two characteristics. One is that it has a distributed architecture. Its Prove Server supports multiple Prove, and multiple Prove can query the Prove server’s proof tasks, and then return to the Prove Server after generating the proof. The second is to use PLONK’s zero-knowledge proof algorithm, which can greatly reduce the threshold for using zero-knowledge proof.
PLONK’s global trusted setup only needs to be generated once, and the circuit scale can be reused within a certain range. The transaction process of ZKSwap will be reflected in the changes of its state tree. ZKSwap’s state tree is a Merkel tree with a height of 34, which is used to record the balance status of all accounts in the current system.
The child nodes of the root node are all account nodes in the system. Account nodes include Ordinary Account nodes and Pair Account nodes. Ordinary Account nodes record the status of all tokens in the account. Ordinary Account can have multiple leaf nodes, and each leaf node represents a type of token and its quantity. The Pair Account nodes record the status of the liquidity pool in ZKSwap. A Pair Account node only contains two leaf nodes, and each leaf node represents the balance and type of one of the tokens in the liquidity pool.
In summary, ZKSwap has its own characteristics in its technical design. For example, it uses the Plonk proof system. Its ZK proof circuit can support different sizes. The initial trusted setup only needs to be set once, and it can be upgraded to existing settings. It realizes core Uniswap functions in Layer 2. It may become the first DEX to implement the AMM model based on zk-Rollup. When ZKSwap is successfully implemented, it can greatly reduce user fees and speed up transactions.
Under the Hood of the Near CEX User Experience on ZKSwap
Compared with the current DEX on Layer 1, what operations are available on ZKSwap on Layer 2? What is the difference between these operations on ZKSwap and the layer-1 DEXes?
From the perspective of users, the steps are basically the same, except the deposit and withdraw between layer-1 to layer-2.
From a trader’s perspective, what are the steps to complete a transaction on ZKSwap? How’s it like under the hood behind those steps?
For a layer-2 DEX, users first need to deposit tokens from his layer-1 account to his layer-2 account. After the initial transfer, the user can start swap or other transactions.
So, in step one, the user deposit tokens to his layer-2 account. Under the hood, the user deposits the tokens from an Ethtereum wallet to the ZKSwap contract. Once ZKSwap detects that the user has transferred the tokens to the ZKSwap contract from layer-1, it will update the state tree accordingly on layer-2. ZKSwap will find the corresponding account based on the transaction and update the balance of the token in the account based on the deposited amount. If the account does not have a leaf node for the corresponding token, ZKSwap will first create a leaf node, and then update the status. The status update of the leaf node will cause the hash of the root node to change. After this, the root node hash will be sent to the ZKSwap contract on-Chain together with the SNARK proof of the transaction.
The second is to transfer and swap on Layer 2. Transferring on ZKSwap is sending a token from one account to another. The transfer is also initiated by the user on Layer-2. After the ZKSwap Server receives the transfer request, it finds the corresponding sending and receiving accounts and updates the status of the token balance under these two accounts. The hash of the root node of the updated state tree and the SNARK proof corresponding to the transfer is sent to the ZKSwap smart contract.
However, it does not involve transfer on-chain, because the token is still in the ZKSwap contract. Users conduct transactions on Layer 2, which essentially is to exchange their tokens with tokens in the layer-2 liquidity pool. The user sends a certain token under the ZKSwap account to the corresponding token Pair Account, and ZKSwap calculates the number of corresponding tokens that the user can obtain according to the AMM algorithm, and sends it to the user account.
At the same time, ZKSwap sends the updated hash of the root node of the state tree and the SNARK certificate corresponding to the exchange operation to the ZKSwap contract. After the token swap, just like the transfer step, the status of the token on-chain will not change because the token is still in the ZKSwap contract.
Finally, unlike layer-1 DEXes, tokens on layer-2 DEXes need to return to layer-1. This means the users need to withdraw the tokens from their layer-2 accounts to their layer-1 accounts.
When a user withdraws tokens from ZKSwap, first the user initiates withdraw on layer-2, and the ZKSwap server will receive the user’s withdrawal request, and then update the corresponding token status under the user account and update the root of the status tree, and send the node hash and the SNARK proof of the withdraw the ZKSwap contract on-chain. The ZKSwap contract verifies the proof, and then send the corresponding tokens locked in the contract to the user’s account on-chain.
This is similar to the traditional CEX withdrawal operation, but the difference is that users can freely control the withdrawal of ZKSwap DEX, while the withdrawal of CEX is controlled by the CEX.
For AMM molded DEX, liquidity is the prerequisite for trading.
So from the perspective of a liquidity provider, how to provide liquidity on ZKSwap, and how to remove liquidity? How does it work under the hood?
To add liquidity, first, the user initiates a request on layer-2 to add liquidity to a certain token pair. After receiving the request, the ZKSwap server will find the account of the corresponding requestor and the token pair account. And then transfer the two tokens from the user's account to the pair account proportionately according to the AMM algorithm. The system calculates the amount of Liquidity Provider(LP) tokens that users can get based on the current amount of funds in the token pool. The LP tokens represent the user’s share in the liquidity pool. The hash of the root node of the state tree after the state update is sent to the ZKSwap contract together with the corresponding proof of added liquidity.
To remove liquidity, first, the user initiates a request to remove liquidity on layer-2. After receiving the user’s request, the ZKSwap server will find the account of the corresponding requester and burn the corresponding amount of LP tokens. At the same time, the token pair account will return the two tokens to the requester’s account in proportion to the amount of burned LP tokens. The hash of the root node of the state tree after the state update is sent to the ZKSwap contract together with the corresponding proof of liquidity removal operation.
Finally, there is also withdraw liquidity on ZKSwap. It does not remove liquidity but withdraws LP tokens from the liquidity pool in layer-2 to layer-1. The steps are consistent with the withdrawal of other tokens from layer-2 to layer-1. But the difference is that the layer-1 contract needs to “mint” the corresponding amount of LP tokens and send to the user’s layer-1 account.
ZKSwap Release Plan
When will ZKSwap be launched?
According to ZKSwap, it will be launched on the Ethereum testnet on October 10, 2020, supporting the creation of liquidity pools, token swap, adding, and removing liquidity on layer-2. It will officially launch on Ethereum mainnet on October 30, 2020, supporting core Uniswap functions. By December 30, 2020, ZKSwap will realize the circuit optimization of the Plonk proof system and the GPU optimization of the proof performance.
The Future of Layer 2 and DEX
DEX is not only an important component for DeFi but also one of the largest developments in the entire crypto industry. In crypto, by far CEX has been the biggest value capturer. But DEX has gradually evolved into a substantial competitor of CEX.
However, the current DEX still has bottlenecks in terms of scalability, transaction fees, transaction speed, and user experience, etc., and cannot reach the level of the smooth transaction as CEX. With the launch of Layer 2 solutions, especially the launch of zk-Rollup technology, DEX will gradually resolve its bottlenecks. Once these technical shortcomings are resolved, DEX has the opportunity to move towards large-scale crowd adoption, and become a true opponent of CEX.
— — —
Risk warning: All articles of Blue Fox Note are not investment advice. Investment is risky. Do your own research and verify it.
ZKSwap Official Website: https://zks.org/en
ZKSwap APP: https://zkswap.app
ZKSwap Twitter: https://twitter.com/ZKSwapOfficial
ZKSwap Discord: https://discord.gg/ZRxS8fYTDv
ZKSwap Github page: https://github.com/l2labs
ZKSwap Official Telegram group: https://t.me/zkswapofficial
ZKSwap Official WeChat Account Admin:
