bartek.eth
@bkiepuszewski
Followers
15K
Following
4K
Media
620
Statuses
4K
Ethereum. DeFi. L2s. @_token_flow @l2beat
The world with no borders
Joined December 2009
0/ Here's what you should ask yourself (or the community) before putting millions of $$$ into an Ethereum Rollup: π.
15
55
241
If you are confused how the hacker managed to drain $EMN contract, hereβs the exact mechanics of what happened:.
23
151
593
If you are interested in gaining a deeper understanding of the @StarkWareLtd L2 ecosystem, I have prepared a series of threads explaining how can an independent observer by inspecting L1 contracts can be assured of L2 security properties and how STARKs on L1 are actually built π.
12
106
532
Big congrats to @0xPolygonLabs (@0xPolygon) for launching Polygon zkEVM. Here are few things that you may assume about zkRollups but you will find here different and should be aware of: π§΅π
13
97
475
So, it seems like a while ago @arbitrum has updated its Rollup implementation on L1 in a way that, IMO, dramatically increased its decentralisation. Funny, they kind of forgot to inform public about it, let's have a quick look: ππ§΅.
15
92
468
1/ Surprised to see lot of takes trying to argue superiority of zkRollups over Optimistic Rollups or otherwise. We might end up in a multi-rollup ecosystem where both play slightly different role and will co-exist, here's why: π§΅π.
14
92
461
Data Availability is by far the most confusing term we ever came up with. Data Publishing + Data Storage are better terms that are more intuitive. DA = Data Publishing, not Data Storage. Here are few facts that you may be unaware of: π§΅π.
24
91
409
By now you must have heard that Rollups derive their security from Ethereum. Even Rollups that have a centralised Sequencer. So why would you want to decentralise Sequencers ? Surely it adds complexity and can slow down the L2 block production ? π§΅π.
22
97
394
Ooof, looks like dYdX is no longer comfortable running a centralised order book for reasons easy to guess. So now your funds, instead of being secured by Ethereum will be secured by dYdX token holder majority? (brb, checking who still has 33% of the supply).
Weβre excited to announce that dYdX V4 will be developed as a standalone Cosmos-based blockchain! ππ.
19
30
389
Rollups put tx data on L1 chain. This is costly now (note: fees will go down after EIP 4844). Let's see what can go wrong if data is not posted on-chain π§΅.
12
76
380
1/ The biggest confusion about Optimistic Rollups on Ethereum is notion of 7-day fraud proof window and the fear that transactions may be "rolled back" during that time. Let's try to explain why this is not the case and look step-by-step at what happens behind the scenes π§΅π.
11
97
381
The @dYdX v3 is frozen. There is no operator. And yet, people are withdrawing funds using L1 - this is what we mean by Stage2 non-custodial systems. What's most amazing is that this is (was ?) one of the first rollups ever launched on Ethereum with tech from @StarkWareLtd
14
62
394
16M$ already in Aptos bridge from Ethereum to @Aptos_Network built on top of @LayerZero_Labs. Who cares that half of the contracts are NOT VERIFIED including crucial proof validation lib. Who cares that owner of the Aptos TokenBridge is EOA. Apes will be apes π¦π€·ββοΈ
17
49
358
TPS is a very faulty metric to measure blockchain throughput. And it's going to get worse in the future. One of the potential alternatives is to measure UOPS - User Ops per second. But what are they, how they relate to AA and is it really a feasible alternative ? π§΅π
33
75
310
Seeing is believing. Have a look at how @worldcoin does the zk magic and decide for yourself if it preserves privacy. This transaction is their server registering on-chain a set of "identity commitments": π§΅π
30
72
312
1/ With @arbitrum Sequencer down for an hour, Arbitrum chain effectively reduced itself to L1 Ethereum wrt to cost and speed, but it never stopped working. How is it possible ? And why @l2beatcom claims that users should propose blocks when operator is down ? π§΅π
4
74
302
This is @arbitrum governance in one picture (from their documentation). Confused ? Overwhelmed ? Let me simplify /1
14
77
270
Now that the @soneium censorship drama is making rounds in CT, let me show you a more complex example of interplay between Ethereum and the sequencer of one of its Rollup. I will show you how Ethereum provides censorship resistance to a "permissioned" rollup π§΅.
7
48
305
This, IMO, is the most important rollup classification from the end-user perspective today. Everything else, while seemingly important, is a potential nuance that will likely converge in a future
13
61
280
So @ZircuitL2 ("the first zkEVM built on Optimism Bedrock") launched on mainnet so clearly we are all interested in their proof system. However looking at proofs, this is not exactly what I expected. I assume this is temporary, for how long though ?
11
32
291
Given that Optimistic Rollups should all post L2 tx data as calldata on-chain, how come there is significant price difference between @arbitrum @bobanetwork @optimismPBC and @MetisDAO on ? π
10
50
260
Now that @zksync 2.0 is officially launched on the mainnet it is possible to do the deep dive into their message passing mechanism. There are some very interesting and cool ideas there. In part1 let's have a look at L1 -> L2 message passing π§΅π.
9
87
243
Immutable smart contracts are holy grail of DeFi - there is hardly anyone who would disagree. Back in 2015-2016 most smart contracts were immutable and tons of time and money were spent to make sure they are bug free before they were launched π§΅π.
27
48
254
Are you confused by the recent @samczsun thread regarding Binance Bridge hack ? I will explain this in the simplest terms possible: π§΅π
Five hours ago, an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge. During that time, I've been working closely with multiple parties to triage and resolve this issue. Here's how it all went down.
11
65
249
What does it mean that the L2 "derives its security from Ethereum" ? On ETH you can run unstoppable smart contracts with transparent and verifiable logic. These can act as independent courts that will resolve a potential dispute. Examples: ππ§΅.
7
59
241
$DAI is coming to @arbitrum very soon. Similarly to @optimismPBC it will be using a custom Gateway so that in the future goodies like fast withdrawals and minting $DAI directly on L2 will be supported
5
34
218
TVL of Blast over 1B$, Manta with STONE over 0.5B$. Think what is going to happen once restaking is finally enabled. How much ETH will chase highest yield aping into riskiest operators ? . Terra/UST collapse was dramatic but isolated. We need risk-first culture for real.
23
25
205
1/ Let's explore differences between L2 -> L1 message passing between @optimismPBC and @StarkWareLtd. It's not just about 7-day "withdrawal window" or lack of thereof, there are some important architectural considerations that you should be aware of π§΅.
2
51
221
Both @starknet and @0xPolygon zkEVM are STARK-based zkRollups on Ethereum. If you are put off by moon-math explaining how they actually work but would like to build some intuition and understand some fundamental differences, here's some hints: ππ§΅.
7
48
208
Did you know that @safe , apart from "public" owners can have "shadow" owners ? It's not a new information to the security researchers, but if your goal is to find out who is authorised to execute transaction from a given safe or move assets out of it, then it's a problem π§΅π.
12
36
222
One of the most common questions from DeFi users, especially after seeing so many bridge hacks is "Once I received my tokens on a destination chain, am I still at risk ?". The answer to this question is surprisingly hard but it is important that we get it right π§΅π.
13
62
209
It is somewhat uncomfortable that Rollup can simply stop being a Rollup by stopping posting data to Ethereum and few would even notice as there is no L1 state change / event / nothing. Compare L1 data of @Optimism and @MantaNetwork
16
27
217
@optimismPBC + @MakerDAO = fast withdrawals. They are coming, be ready. Super excited for what's to come.
5
35
216
If you are still confused by the AA despite tons of articles (why they are all so dense and technical ?) and wonder what is the difference between, say, EIP-4337 AA Ethereum standard, @StarkWareLtd and @zksync enshrined AA and, say, Gnosis Safe accounts, read on ππ§΅.
12
55
212
Optimism does not have any fraud proofs since Nov 2021. Reading old documentation can be very misleading, this is why we are only reading and monitoring deployed, mainnet code at @l2beat #donttrustverify.
17/ Arbitrum vs Optimism. The main technical difference between the two chains is that Optimism uses single-round fraud proofs while Arbitrum uses multi-round fraud proofs.
14
24
208
We have updated most smart contracts descriptions and included architecture diagrams for most of the major rollups at @l2beatcom . Check @optimismPBC @arbitrum @bobanetwork @MetisDAO @dYdX @Sorare @Immutable @deversifi @zksync 1/4
7
27
206
As it stands, @0xMantle is:.- old pre-Bedrock @optimismFND code.- threshold sigs module.- FraudProof from @SpecularL2, but not fully deployed.- DA based on @eigenlayer , contracts not verified.This is my best shot to try to capture all this in one pic. TL/DR - it's centralised
18
20
196
1/ What is your favourite analogy to explain blockchain and crypto to "normies" that are completely new to the space and are non-technical ? Here's mine π.
12
50
198
Looks like people are literally throwing money into a smart contract that literally has no functionality rn but to take their deposits. The owner of a contract (3/5 MSig) can do whatever they want with funds. Over 30M$ already in the contract π.
Introducing Blast: The only Ethereum L2 with native yield for ETH and stablecoins. Weβve raised $20m from @Paradigm and @StandardCrypto to build the L2 that helps you earn more. Details on how to get early access at the end of the threadπ
16
37
195
I have seen a lot of bad takes on @eigenlayer and yes - it can be confusing. Let's try to simplify it somewhat and look at what is actually deployed right now on mainnet π§΅π.
10
42
188
Everything you can do on private/consortium/centralised blockchains you can do cheaper and faster on centralised databases. If you are not trying to disintermediate trusted third parties you are simply trying to ride blockchain hype for no good reason.
7
24
188
When you go to a casino, as you enter you buy chips to play inside. Imagine after winning big on a roulette that the cashier is closed and nobody wants to exchange your chips for cash. Wouldn't that be a shame ? With L2s you are guaranteed to cash your chips. It is that simple π.
9
22
186
Here's the summary of the upcoming Bridges Risk Framework that I plan to propose for @l2beatcom . I would welcome broad community feedback cc: @stonecoldpat0 @arjunbhuptani @_prestwich π§΅
15
38
182
The easier it gets to launch a rollup, the more we will see rollups of very poor quality or with outright malicious intents. Small systems will get less scrutiny than big ones, it's unavoidable. Be aware aping into them, dyor, ask questions.
9
22
163
1/ In the fourth and final thread on @Starkware internals I will try to build some intuition for STARK math and the implementation of the Verifier on L1 by dumbing it down, hopefully w/out making @EliBenSasson cringe ππ.
6
37
184
Why @DefiLlama and @l2beat show significantly different numbers for TVL such as with @arbitrum ? π§΅π
12
29
169
Tokens like $STONE from @Stake_Stone are an example of what is wrong with this industry - it is being advertised as "secure omnichain LST using LayerZero". But when you are trying to independently find out how it works and eg check who is minter:
19
32
174
So you might have heard that it is time to learn about KZG commitments. Maybe you even looked at the "gentle" intro by @dankrad but you were put off by not-so-gentle math there. Let me try to ELI5 KZG in this thread π§΅π
10
37
178
It looks like @immutable launched the first zkEVM without a prover ? I mean, it's fine to launch anything, but saying it's "Ethereum security" seems to be another example of marketing way before the actual product .
14
18
181
I used to have an immense esteem and respect for Emin but this cheap and completely false dunk is a proof that it takes years to work on your reputation while it can take one tweet to destroy it (Nomad's hack had nothing to do with its optimistic architecture).
Nomad uses a similar design principle as optimistic rollups. This hack proves that the claim that optimistic rollups are inherently more secure is just plain old wrong.
14
15
179
The world of L2s got much greener with many other OpStack chains to follow soon. Big congrats to @Optimism team. There are still a lot of nuances to be discussed when comparing different fault proof systems, we are open for any feedback 1/3
4
20
178
A long thread on why, when you use external DA, you need a "DA bridge", which is why - using @sreeramkannan words - external DA looks like DAC (Data Availability) to Ethereum, and why we are complaining that projects using @CelestiaOrg are not using Blobstream bridge π§΅π.
8
33
158
"But the best Validium can be way more secure than really bad Rollup !" π‘. Absolutely. However since @l2beat has started tracking this space, the security of the launched L2s deteriorated significantly to the point that it is abysmal for the vast majority of them. All early.
21
28
180
1/ When thinking about different bridges and risks associated with them it is useful to consider the worst case scenarios. Letβs see how such risk framework could be constructed π§΅ππ.
5
43
167
In one of the biggest recent news from L2 Land @taikoxyz enabled not just one but two different zk provers from @RiscZero and @SuccinctLabs . So why @l2beat keeps insisting that it's an Optimistic Rollup and its State Validation Pizza slice is still red ? π§΅.
8
17
177
Let's have a look at how @StargateFinance, recent darling of DeFi, a dapp build on top of @LayerZero_Labs works, what are the current security assumptions and what are the potential concerns π§΅π.
3
28
167
My pledge to the community is that @l2beat remains credibly neutral. We obviously need support from the community, including L2s themselves, but no L2 will ever directly influence our best judgement.
8
12
169
If you bridge your funds somewhere, your mental model should be - will I be able to reclaim my assets if I disappear for 10 years, and when I am back the bridge operator is long gone.
8
21
158
A friendly reminder that even the most secure Stage 2 rollup does not guarantee that your assets on that Rollup are secure - you need to look at each individual asset to see how it is bridged and minted. Rollups are permissionless, anyone can deploy a token bridge
12
47
151
Can anyone enlighten me on how keeping the source code closed makes the project "more secure" ?.
Hyperliquid is constantly iterating and improving, all in service of its mission to bring all finance onchain. The community has played a crucial role in the ecosystemβs growth, and feedback is taken seriously. Recently, some misconceptions have emerged regarding validators.
39
9
171
My Grow.Up @EFDevcon talk is available if you missed it. We need to stop launching L2s.- with no proof system .- with small admin MSigs.- with small anon DACs. Every rollup should have a clear path to Stage1. We need to do better .
12
17
168
As other L1 leaders give up on decentralization, Ethereum may be the only decentralized computing platform left out there.
10
18
157
If your mental model of 4844 is that "transactions with blobs" are similar to "emails with attachments" - it's only partially true. It's more nuanced, let me give you perhaps a slightly better mental model ππ§΅.
1
39
164
I have published on the @l2beat forum a proposal for a Bridge Risk Framework. We would love the community input for this before it is implemented. It is impossible for me to tag every single bridge here, if anyone can help out, I would appreciate π
7
30
149
2018 - contracts should be formally verified and immutable .2020 - contracts should be audited.2022 - contracts should have source code verified.2024 - whatever, take my money and gib me yield.
9
18
135
One of the feedback on the UI that @l2beat got was that it looks like a dating site and logo should be changed. Hopefully the new design is more professional
26
16
157
I think we, as a community, are missing the right incentives for teams that are actually doing it right. Early Rollups launched with working proof systems. Once people realised that users don't care, projects started launching with nothing . How can we change that?.
20
13
163
On 1st of Aug 4,880 ETH was manually removed from @modenetwork ETH bridge by the bridge owner. It was part of a "rescue" operation for funds stuck on L2, but it does raise some important questions π§΅.
9
17
157
You may not understand technicalities of the scalability debate, but if you care about shifting power from corporations to the weakest users, you should value decentralized networks over centralised ones.
2
26
153
1/ With @optimismPBC and @arbitrum likely destined to attract massive TVL soon, we must address the elephant in the room and ask ourselves how safe is the the fraud proof system for any optimistic rollup π§΅π.
4
27
154
So you have heard about zkProofs, how cool they are and how using them Ethereum can verify computational integrity of some off-chain programs (ranging from custom apps to full-blown Layer2 zkEVMs). But how do we know what is that program that is being verified ? π§΅π.
7
38
152
What is L2 transaction finality ? It's simply when your L2 transaction cannot be reverted - it became part of the blockchain. For rollups that submit L2 txs blocks to L1, it's when these L2 blocks finalize on L1. It's easy to check on L1 when it is, just have a look: π§΅π.
6
39
145
Probably the toughest part of a job at @l2beat is to understand the difference between "now" and "in the future". Too often documentation talks about the future state while code reflects a very different reality. I get that for some features we need to wait, but docs should
14
17
158
1/ Funds on a Rollup should be as safe and censorship resistant as on L1. If you have $DAI on Ethereum, you own a coin that can only be minted by supplying collateral to MakerDAO. There is no other way. Let's explore a @0xPolygon side-chain to see the difference π.
4
26
145
There's this big misconception that Plasma = Fraud-Proofs + external DA (similarly to Validiums = Validity Proofs + external DA). The misconception stems from the fact that Plasma is using fraud proofs *and* does not use Ethereum as DA. But it does not work as Validiums ππ§΅.
8
33
129
1/ So you have heard about @worldcoin and it's iris-scannning Orb, but have you noticed that they plan to launch their network on Ethereum Optimistic Rollup called Hubble ? How Hubble differs from other optimistic rollups such as @optimismPBC or @arbitrum ? π
10
38
139
The upcoming shutdown of @dYdX v3, once >1B$ rollup is IMO one of the most significant events in the Ethereum rollup space. Operators will simply stop working and users will have to remove their funds using L1 escape hatch if they haven't done that already . .
5
21
140
On @l2beat Risk Tab you can learn about the Data Availability Layer used by each L2. To call yourself a Rollup you *must* use L1 Ethereum ("On chain" in this column). But what data exactly is being "made available" and why it matters ? π§΅π
6
38
125
Why we, at @l2beat, are so critical of current Validiums/Optimiums ? It's mainly because of their current setup - even though they may use alt-DAs such as @celestia, most don't use DA bridge. Pick any one of them as an example and let me explain the trust assumptions
Can you spot the odd one in this list ? Looks like we screwed big time with Validiums/Optimiums. I hope most teams will fix that in coming months, otherwise it will be a very lonely category
4
21
139
If you follow @_prestwich & @LayerZero_Labs debate you might find it interesting to know that on Ethereum out of 185 x-chain apps using L0 only 10 cared to change any default security parameter. These apps do not care about the security or they simply chose to trust L0 ?.
Hello, today we are disclosing two critical trusted-party vulnerabilities in the LayerZero smart contracts. These issues allow the LayerZero team to completely bypass the Oracle and Relayer for most applications (including stargate).
9
15
125
10
7
120
Counting TPS is tricky. For example all txs on @Starknet with native account abstraction are multicalls so real TPS there should perhaps be 3-4x of what's typically reported. But coming up with fair metric for all systems is very hard.
People (understandably) are excited to compare tps of different chains. How multicall transactions such eg this one should be handled though ?.
7
19
123
1/ I cannot overstate the significance of this announcement for @dydxprotocol and the whole Ethereum Rollup space - why this is important and why should you care ? ππ§΅
We're happy to announce that we'll be building a State Explorer for dYdX in collaboration with @dydxprotocol and @StarkWareLtd π 1/5.
4
24
125
The fact that Rollups can be operated by a centralised Sequencer giving users massive improvement in usability (instant confs), and yet, we don't need to trust the Sequencer i.e. our funds our safe even if it turns evil, may be one of the most under-appreciated facets of real L2s.
4
17
124
EVM Equivalence = EVM is run on L2. EVM Compatibility = custom VM is run on L2, you can port L1 contracts to this custom VM. Custom VMs can be made better/more efficient than EVM but add more friction. Both approaches make sense and will coexist.
1
24
128
1/ In the third instalment of the @Starkware deployment deep dive we will have a look at the data availability part. You will see, by looking at on-chain trace, if we have a Rollup or Validium L2 system. Hopefully some myths about data availability will be debunked. π.
4
20
126
How many Validators are running @HyperliquidX, the "permissionless, decentralized exchange running a novel HyperBFT consensus protocol" ? Are these the same 4 (four) that are on the 3/4 multisig which is validating the withdrawals or more ? Asking for a friend. .
9
5
129
1/ After seeing so much confusion about upcoming data sharding in Ethereum, here's my take on why you will soon see massive increase in tx throughput on Ethereum and how this is achieved ππ§΅
5
29
123
Many OpStack chains that used to post data to Ethereum seem to have started posting it elsewhere. Now to fetch full history you have to source data from more than one place. Do you think this trend will reverse with 4844 when posting data will be significantly cheaper ?
25
15
120
New Aztec Connect Rollup (@aztecnetwork) has decided to use UpgradableProxy for its main contract and it is owned right now by 1/2 MultiSig. It is interesting as the old Aztec was one of the very few Rollups that were not upgradable (although owner could swap the Verifier) . .
4
16
120
With the lock-mint bridge you normally expect that the amount of locked tokens in a bridge is greater than amount of tokens minted on a destination chain. That's true for *most* bridges, but not all. Let's have a closer look at @MultichainOrg ππ§΅.
4
34
107
$DAI address on @optimismPBC is 0xda10009cbd5d07dd0cecc66161fc93d7c9000da1 - how cool is that ? π€―π
Watch for this $DAI to get some superpowers soon(tm) π.
4
13
118