Phala
Badges
About
Phala is cloud computing protocol which aims at offering developers a secure and efficient platform for deploying and managing AI-ready applications in a trusted environment (TEE). Phala rollup on Ethereum leverages the Op-Succinct stack, a... combination of OP stack contracts and Zero-Knowledge Proofs (ZK) using the SP1 zkVM.
Badges
About
Phala is cloud computing protocol which aims at offering developers a secure and efficient platform for deploying and managing AI-ready applications in a trusted environment (TEE). Phala rollup on Ethereum leverages the Op-Succinct stack, a... combination of OP stack contracts and Zero-Knowledge Proofs (ZK) using the SP1 zkVM.
Funds can be stolen if
- in non-optimistic mode, the validity proof cryptography is broken or implemented incorrectly,
- optimistic mode is enabled and no challenger checks the published state,
- the proposer routes proof verification through a malicious or faulty verifier by specifying an unsafe route id,
- the contracts or their dependencies (e.g. SuccinctGateway) receive a malicious code upgrade. There is no delay on upgrades.
Funds can be frozen if
MEV can be extracted if
Sequencer failure
Self sequenceState validation
ZK proofs (SN)SNARKs are zero knowledge proofs that ensure state correctness, but require trusted setup.
Exit window
NoneThere is no window for users to exit in case of an unwanted regular upgrade since contracts are instantly upgradable.
Proposer failure
Cannot withdrawOnly the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.
Phala is a Validity proofs ensure state correctness
Each update to the system state must be accompanied by a ZK proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. These proofs are then verified on Ethereum by a smart contract. Through the SuccinctL2OutputOracle, the system also allows to switch to an optimistic mode, in which no proofs are required and a challenger can challenge the proposed output state root within the finalization period.
Funds can be stolen if in non-optimistic mode, the validity proof cryptography is broken or implemented incorrectly.
Funds can be stolen if optimistic mode is enabled and no challenger checks the published state.
Funds can be stolen if the proposer routes proof verification through a malicious or faulty verifier by specifying an unsafe route id.
Funds can be frozen if the permissioned proposer fails to publish state roots to the L1.
Funds can be frozen if in non-optimistic mode, the SuccinctGateway is unable to route proof verification to a valid verifier.
Zero knowledge SNARK cryptography is used
Despite their production use zkSNARKs are still new and experimental cryptography. Cryptography has made a lot of advancements in the recent years but all cryptographic solutions rely on time to prove their security. In addition zkSNARKs require a trusted setup to operate.
All data required for proofs is published on chain
All the data that is used to construct the system state is published on chain in the form of cheap blobs or calldata. This ensures that it will be available for enough time.
The system has a centralized operator
The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system.
MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.
Regular exit
The user initiates the withdrawal by submitting a regular transaction on this chain. When the block containing that transaction is proven the funds become available for withdrawal on L1. Once funds are added to the withdrawal queue, operator must ensure there is enough liquidity for withdrawals. If not, they need to reclaim tokens from Yield Providers.
The system uses the following set of permissioned addresses:
Guardian is an actor allowed to pause deposits and withdrawals.
Used in:
- A Gnosis Safe with 4 / 9 threshold.
- Can act on behalf of ProxyAdmin.
- Can change the configuration of AddressManager (acting via ProxyAdmin) - set and change address mappings.
- Can change the configuration of OPSuccinctL2OutputOracle - can toggle between the optimistic mode and not optimistic (ZK) mode.
- Can change the configuration of SystemConfig - it can update the preconfer address, the batch submitter (Sequencer) address and the gas configuration of the system.
- Can upgrade the implementation of L1StandardBridge (acting via ProxyAdmin) - upgrading the bridge implementation can give access to all funds escrowed therein.
- Can upgrade the implementation of OptimismPortal, L1ERC721Bridge, OPSuccinctL2OutputOracle, SystemConfig, SuperchainConfig, OptimismMintableERC20Factory (acting via ProxyAdmin).
Participants (9):
0x5093…66280xA073…bda20xF331…647D0xF0B7…A4f00xa400…e6e40x3840…Fd5f0xa0C6…90380xefCf…dD5C0x4D80…5BAeUsed in:
- A Gnosis Safe with 2 / 2 threshold.
- Member of OpFoundationOperationsSafe.
Used in:
A Sequencer.
The system consists of the following smart contracts on the host chain (Ethereum):
Sends messages from host chain to this chain, and relays messages back onto host chain. In the event that a message sent from host chain to this chain is rejected for exceeding this chain’s epoch gas limit, it can be resubmitted via this contract’s replay function.
- Can be used to configure AddressManager - set and change address mappings.
- Can be used to upgrade implementation of L1StandardBridge - upgrading the bridge implementation can give access to all funds escrowed therein.
- Can be used to upgrade implementation of OptimismPortal, L1ERC721Bridge, OPSuccinctL2OutputOracle, SystemConfig, SuperchainConfig, OptimismMintableERC20Factory.
Legacy contract used to manage a mapping of string names to addresses. Modern OP stack uses a different standard proxy system instead, but this contract is still necessary for backwards compatibility with several older contracts.
The main entry point to deposit ERC20 tokens from host chain to this chain. This contract can store any token.
Upgrade delay: No delay
The main entry point to deposit funds from host chain to this chain. It also allows to prove and finalize withdrawals. This contract stores the following tokens: ETH.
Upgrade delay: No delay
Used to bridge ERC-721 tokens from host chain to this chain.
Upgrade delay: No delay
Contains a list of proposed state roots which Proposers assert to be a result of block execution. The SuccinctL2OutputOracle modifies the L2OutputOracle to support whenNotOptimistic mode, in which a validity proof can be passed as input argument to the proposeL2Output function.
Upgrade delay: No delay
This is NOT the shared SuperchainConfig contract of the OP stack Superchain but rather a local fork. It manages the PAUSED_SLOT, a boolean value indicating whether the local chain is paused, and GUARDIAN_SLOT, the address of the guardian which can pause and unpause the system.
Upgrade delay: No delay
A helper contract that generates OptimismMintableERC20 contracts on the network it’s deployed to. OptimismMintableERC20 is a standard extension of the base ERC20 token contract designed to allow the L1StandardBridge contracts to mint and burn tokens. This makes it possible to use an OptimismMintablERC20 as this chain’s representation of a token on the host chain, or vice-versa.
Upgrade delay: No delay
Value Secured is calculated based on these smart contracts and tokens:
The current deployment carries some associated risks:
Funds can be stolen if the contracts or their dependencies (e.g. SuccinctGateway) receive a malicious code upgrade. There is no delay on upgrades.