We are pleased to announce that we partnered with Nethermind for an audit of the ZKX Protocol. The audit was performed on the Layer 1 and Layer 2 contracts written in Solidity and Cairo. The codebase is composed of 261 lines of Solidity code and 9200 lines of Cairo, the biggest Cairo smart contract audit by Nethermind.
About Nethermind
Nethermind is a team of world-class builders and researchers that focuses on building blocks for a decentralized infrastructure. The team consists of engineers who work in collaboration across disciplines to realize the Ethereum roadmap, conducting research and building tools. They offer a range of services including EIP implementations, node operation, code audits in Cairo and Solidity, development of the StarkNet block explorer (Voyager), and recently released WARP in June, a star product that converts Solidity into Cairo Code.
Nethermind* ZKX
We are building a permissionless protocol for derivatives built on StarkNet, StarkWare’s ZK Rollup. Nethermind assessed the code and the underlying architecture of ZKX Protocol over a course of 7 weeks and the result of the in-depth audit was shared in a report on September 28th, 2022.
Auditing Process
The Nethermind team review process covered the following:
- Reviewed code line-by-line, documenting any issues discovered.
- Checked if the documentation and code comment matched in logic and behavior.
- Shared recommendations and comments on best practices, technical improvements, and other aspects of code readability.
- Tested contract logic against known and potential vulnerabilities.
Highlight of the Audit
An auditor usually spends six weeks in isolation reviewing the code, sharing feedback with the client, and preparing a response. The team at ZKX suggested a new line of audit processes that covered the following:
- Semi-weekly meetings between the ZKX engineering team and the Nethermind team
- The ZKX team would walk the Nethermind team through the code and respond to any question in real-time.
- It enabled the auditor to address every question and get an explanation and logical response.
- As a result, the nethermind team had a comprehensive understanding of the code, and the team at ZKX resolved all issues in real-time without compromising the timeline and quality.
Vitaly, CTO and Co-Founder at ZKX, “We’re happy to announce that we crossed over 9200 lines of Cairo code in our audit. Thanks to the team at Nethermind, who made our experience engaging and seamless, but also were open to a new practice introduced by us, which resulted in a collaborative communication, efficient, faster, secure, and logic-driven audit process. It was a critical milestone bringing us closer to delivering an innovative and advanced architecture, and I hope the process benefits the larger StarkNet ecosystem in the future as well”.
Audit Summary
- Distribution of Issues: Best Practices (30), High (17), Low (17), Informational (9), Critical (8), Medium (7), Undetermined (3).
- Distribution of Status: Fixed (87), Mitigated (3), Acknowledged (1), Unresolved (0)
According to Nethermind, “Auditing the ZKX codebase was a fantastic experience. The development team and the CTO (@Vitaly) are highly competent and innovative. We were able to carry out the audit in a format that has become a reference point for Nethermind. The development and audit teams worked as a cohesive group with ongoing communication, and fixes and code changes were performed in real-time.”
StarkNet Development
Recently, StarkNet announced its plan for the regenesis of Cairo (Cairo 1.0) through a state reset in Q4 2022 up through Q1 2023. The StarkNet regenesis will upgrade the efficiency of the network for users, DEVs (builders), and the community. As a result, we will have a second round of audit in Q4 where the smart contracts will be updated to Cairo 1.0 with the logic largely remaining the same.
About ZKX
ZKX is a permissionless protocol for derivatives built on StarkNet, with a decentralized order book and a unique way to offer complex financial instruments as swaps. The protocol is powered by a DAO and will provide an elevated trading experience with gamified leaderboards and unique liquid governance. ZKX’s mission is to democratize access to global yields through its offerings to anyone, anywhere.