Security of zkSync users’ assets is of paramount importance to us. We are following very strict development and DevOps security practices, have conducted thousands of transactions in load tests, and covered our code extensively with unit and integration tests.
Further, zkSync protocol, smart contracts, and zero-knowledge circuits have been audited by one of the most respected expert groups in the zero-knowledge space: ABDK Consulting (the team that co-authored Poseidon, Equihash and Argon2 hash functions and conducted the cryptanalysis of Jarvis cipher, STARK-friendly hash function Friday, AES, ALE, Catena, RC4, IDEA, and many other cryptographic schemes and protocols).
Despite the thorough audit, out of extra precaution we’ve decided to release zkSync v1.0 as a public beta. Practically this means one thing: contracts can be updated by Matter Labs after a shorter notice period, which allows us to quickly respond to any unexpected situation. Users will be notified about the planned upgrade via smart contracts events (an integration with spells.fyi service will soon be available). If users disagree with upcoming changes, they will have the notice period to submit an exit request on L1. By design, no upgrade will go through until all exit requests are processed. The upgrade authorization is secured by a multisig controlled with separate cold-wallets. We will gradually increase the notice period until, eventually, a pure opt-in upgrade mechanism is implemented to remove any potential risks of a mass exit and enact 100% passive security for zkSync accounts.
While zkSync UI will work with any Ethereum wallet, there is an important caveat. The SNARK-friendly signature scheme used in zkSync (a variant of Schnorr) is different from the ECDSA scheme used in Ethereum. We have a Metamask snap prototype with our signature scheme integrated (will be published as soon as snaps are ready for mainnet), as well as a partnership program underway to provide nat...