The full article can be found here.
zkSync Current Centralization and Risks
There’s currently strong centralization around the zkSync team and the Security Council in the zkSync ecosystem. The zkSync Security Council is meant to be a check on the zkSync team (checks-and-balances approach) and in a nutshell, the Core team can propose a time-locked upgrade while the council can bypass it in the case of emergency. Matter Labs has stated it intends to eventually decentralize the security council with a future governance token (airdrop). zkSync’s on record that there’ll be a token in the future and ~67% of the supply will be distributed to the community.
Although the zkSync multi-signers have shared economic interests in the project’s success, contracts can be upgraded anytime via the 9/15 multi-sig. Matter Labs claims “the probability of bugs is significantly higher than a malicious collusion between the Matter Labs team and 9/15 members of the security council.”
zkSync Security Council 2.0. Source: CollectiveShift.io
Roadmap and token
*Update from 10/31/22: zkSync 2.0's "baby alpha has been released. The "Baby Alpha" release of zkSync includes a zkEVM architecture upgrade, dynamic fees, proof creation, and proof validation on the mainnet. During this initial phase, no external projects or users will be permitted to interface with mainnet so that the development team can conduct "a series of real-money stress tests" to ensure that zkSync is functioning as intended. During this time, the zkSync team will stress-test the system, including conducting security audits, completing technical documentation, running bug bounty programs,and providing SDKs for a variety of programming languages.
After zkSync 2.0 launches in earnest sometime in H1 2023, it will look to onboard users and dApps. This has already begun, as in October 2022, Uniswap announced its intentions to deploy on the zkEVM whenever the rollup is ready.
As of Q1 2023, there are approximately ~490,000 unique zkSync addresses, of which 17% are Argent wallets. Argent is an Ethereum L2 wallet that offers consumers speed and minimal transaction fees.
While there's a lot of promise and enthusiasm surrounding zkSync, plenty remains ahead for the team. Per the zkSync roadmap, Matter Labs is working to decentralize zkSync 2.0 by implementing its independent proof-of-stake (PoS) consensus mechanism. However, as a reminder, the overall security of zkSync won't be solely reliant on this new consensus mechanism since the final verification of state transition proofs is still done on the L1.
The zkSync team has outlined a four-stage plan to decentralize the project over time, stating:
"PHASE 1: Ignition
- Initial audits have been completed
- Code 4rena contest for L1 has been completed
- Code is open-sourced
- Bug bounties are available
- The team can immediately upgrade contracts
- Deposits of up to 10 ETH are allowed for whitelisted users
- 2FA via whitelisted sequencer is at 2/10
PHASE 2: Ascent This phase will begin with the Full Launch Alpha.
- Code 4rena contest for L2 has been completed
- The team can still immediately upgrade contracts
- Withdrawals are capped at 10% of the total token value per day; larger amounts require manual approval at 3/10
PHASE 3: Apex This phase will start after months of stable operation.
- Secondary audits have been completed
- Instant upgrades require the Security Council
- Permissionless priority queue is on
- 2FA via whitelisted sequencer is off if priority operations are censored
- The "Alpha/Beta" label is removed at 4/9
PHASE 4: Outer Space
- 2FA is switched to PoS-secured consensus
- The Security Council is replaced with a fully trustless mechanism
- The priority queue is fully permissionless at 5/9"
To release this new PoS system, Matter Labs must introduce a new zkSync token and two new specialized roles: Validators and Guardians. Validators produce the blocks and generate the proofs, while the Guardians’ role is to ensure the rollup remains censorship-resistant.
To do this, Guardians will maintain the state on zkPorter by confirming the data availability of zkPorter accounts. If there's any failure of data availability, the Guardians will get slashed (economic penalty). Users in a Guardian-led system can always exit the system with their data, so long as at least one-third of participating validators remain honest.
A critical feature of the zkSync PoS system is that, unlike in alt-L1s or sidechains, Guardians can't steal funds, only freeze the zkPorter state. And in doing so, they freeze their stake. Even if this were to occur, due to the ZKR design, users would still be able to withdraw their funds. Conversely, ORs that are successfully attacked can lose user funds. This is a significant advantage of the zkPorter system.
