Announcing successful audit completion of Starkway with Nethermind Security

ZKX x Nethermind Security

We are pleased to announce that we partnered with Nethermind Security to audit Starkway, our native bridge. The audit marks a step towards enhancing the security of Starkway, a bridge that facilitates the transfer of any ERC20 tokens between Ethereum and Starknet. The audit reviewed Solidity smart contracts on Ethereum and Cairo contracts on Starknet.

The bridge is active and has already been in use on Starknet mainnet for the ZKX account ensuring that users can seamlessly deposit funds from any Ethereum wallet.

Features of the bridge

• Trustless: Contract owners have no access to user funds, ensuring a secure and reliable environment
• Universal: Any ERC-20 compatible token can be bridged to Starknet
• Optimized to reduce Ethereum gas costs, by allowing messages from L1 to trigger actions on Starknet smart contracts
• “Message Attribution” feature for attaching custom payload messages to deposits, enabling greater flexibility
• Designed for upgradability without compromising on security, avoiding the use of proxies.

Deep Dive into Starkway Key Functionalities

Starkway takes user interaction to the next level with key distinction features such as message attribution and multi-token withdrawal from L2. Let’s delve into the details -

Cross Network Messaging and Attribution

When navigating fund transfers across different networks, transparent attribution becomes paramount, especially when transitioning between a chain and rollup. The absence of on-chain records for message senders presents challenges on inception or who has sent the message. Traditionally, bridges don’t maintain this state. Enter message attribution — a feature where you deposit along with a message that can be interpreted by the message handler and execute the code on the L2 side. This attribution offers transparency, lays a solid foundation for new use cases, and ushers in a new era of sophisticated cross-chain interactions.

How does it work?

StarkWay presents a variety of methods to transfer and process messages on Starknet, including push and pull methods, with and without contract calls. For example:

1. Send the required tokens along with arbitrary data (msg) and msg_handler address.
2. On the L1 side of the bridge, tokens are locked, similar to a vanilla deposit.
3. Transmit the message to the L2 side of the bridge, including arbitrary data and the msg_handler address.
4. On the L2 side, tokens are minted for the recipient, following the vanilla deposit approach.
5. Simultaneously, the msg_handler contract is invoked with the received data (msg).
6. The msg handler contract interprets the data and act accordingly

Vitaly, CTO and Co-Founder at ZKX shared insights on the Audit, multi -token withdrawal and its impact in the following statement -

“It’s always a fantastic experience to partner with Nethermind Security; this time, it’s for the auditing of our native bridge, Starkway. This audit is a strategic step towards enhancing Starkway’s security. Beyond ensuring secure asset transfers, the bridge tackles a significant challenge in the rollup landscape — asset fragmentation. Starkway eliminates the complexity of dealing with multiple versions of the same asset during withdrawals from Starknet. This not only resolves defragmentation issues on L2 but also leads to more cost-effective transactions. The intention behind building the bridge is to provide not only our users a seamless journey, and also benefit the Starknet ecosystem in the future”

Future of Starkway

At the core of Starkway, our vision is to see it transform into a community-driven public good. Picture a future where the community spearheads Starkway’s evolution, shaping its impact on the ecosystem. Beyond the ability to defragment assets on Starknet and facilitate cross-chain interactions via message attribution, our vision for Starkway extends to delivering not just a superb user experience but also injecting increased liquidity into the system. We foresee a future where Starkway’s can lead to an increase in activity within the ecosystem, setting the stage for evolution of DeFi.

You can refer to the full report here.