we just finished reviewing the project, so here's a short thread on @Lighter_xyz 🧵
the first big difference between lighter and the recent wave of perp chains is the use of zk proofs. the bridge holding over $1B only allows withdrawals that have been proven by a fixed program. because of this, validators cannot simply sign an invalid withdrawal to steal funds.
bad news is that the program being proven by the zk proofs is not source available, so it's currently not possible to check whether the chain correctly implements its business logic. the team has communicated with us that it's working to make it public in 1 or 2 weeks.
assuming that the program is good, zk proofs alone are not enough to prevent loss of funds. for example, the centralized sequencer could censor your withdrawal requests, or your requests to cancel an order. luckily, @Lighter_xyz implements forced transactions through L1.
if some user cannot get their transaction included by sending it to the sequencer, they can force it through L1, inheriting full censorship resistance. the sequencer now has two options: either it includes the tx and everyone is happy, or the project is forced to shut down.
yes, you read that correctly: the sequencer now has a strong incentive to include all requests, otherwise the system can be put in "desert mode", i.e. shut down. forced txs that the sequencer cannot ignore include: withdrawals, deposits, order creation and cancellation.
but how can users exit if the system is shut down? here's where the escape hatch comes in: since lighter is a rollup and ensures data availability with blobs, users can reconstruct the latest state and prove their balances to exit. all open orders are settled using latest price.
the project is currently upgradable with a 21 days delay, but such delay can be reduced to zero by a "security council" formed by a 3/5 multisig. this alone already prevents the system from being considered stage 1. the team has communicated plans to improve this setup.
another concern arises from index prices. external oracles used by the project are currently not properly authenticated and the sequencer is fully trusted to report them correctly. this is a critical vulnerability that the team has expressed plans to address.
lastly, it's quite clear from the contracts that the team took heavy inspiration from the old @zksync lite, which is good! zksync lite, together with dYdX v3, have always been recognized as app-specific rollups with very good security models.
49.02K
250
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.