StarkEx STARK Verifier¶
-
contract
IDexStatementVerifier
¶ -
function
verifyProofAndRegister
(uint256[] calldata proofParams, uint256[] calldata proof, uint256[] calldata publicInput)¶
external
¶ Verifies that a STARK proof for an exchange state update is valid (see
UpdateState
).The state update with respect to a batch of transactions is defined by a transition from a previous Merkle root to a new Merkle root as calculated over a series of off-chain vaults. It is considered to be valid as long as:
The transactions in the batch result in an update of the vault and order Merkle roots as they appear in the publicInput.
The transactions are valid.
For ramping transactions (deposits, withdrawals, full withdrawals), the proof is consistent with the transaction parameters that appear in the publicInput
The submitted STARK proof is accepted based on a set of valid proof parameters.
The transactions currently supported include ramping transactions, token transfers (from one off-chain vault to another) and exchange settlements pairing two valid orders.
If a state update is accepted, this is registered under the following claim hash that may later be queried for validity:
claimHash = keccak256(abi.encodePacked(publicInput))
For a high level overview of the system state, see this StarkWare blog post.
- Parameters
proofParams –
In the format as follows (each row represents a 256-bit word):
Blowup factor
Number of PoW bits
Log last FRI layer degree bound
Number of FRI steps (S)
FRI step 0 size
…
FRI step S-1 size
The number of queries to meet the verifier’s security parameter will be derived from the blowup factor and number of PoW bits.
The sum of the FRI steps and the log of the last layer degree should equal the log of the expected STARK proof trace length.
Additional restrictions on the FRI step sizes may also be enforced by the verifier.
publicInput –
In the format as follows (each row represents a 256-bit word):
Batch size
Number of transactions
Global expiration timestamp
Intial vault root
Final vault root
Intial order root
Final order root
Vault Merkle tree height
Order Merkle tree height
Ramping operation 0 Stark Key
Ramping operation 0 Token ID
Ramping operation 0 Additional Info
…
Ramping operation N Stark Key
Ramping operation N Token ID
Ramping operation N Additional Info
Three words per ramping operation should be provided where Additional Info has the following format (numbers indicate field sizes in bits):
Amount
before (64)
Amount
after (64)
Vault ID (32)
Row (16)
Reserved (80)
The Row parameter refers to the index of the ramping operation within the batch.
proof – The binary STARK proof. It’s exact description is beyond the scope of this documentation.
-
function