OpenZeppelin’s Continuous Audit model enables a monthly release schedule for zkSync Era and allowed the team to shave four months off their launch schedule and overcome the limitations of longer release cycles in blockchain.
The developer team at Matter Labs sought to revolutionize Ethereum's scalability while maintaining security by creating zkSync Era, an Ethereum layer 2 (L2) scaling solution using zero-knowledge rollup technology. They aimed to achieve low transaction fees, high throughput, and EVM compatibility. However, the project faced challenges in the traditional security audit process due to its complexity and the increasing competition for audit services in the crypto space. Matter Labs set a new security standard for Web3 by collaborating with OpenZeppelin to power their security from development to deployment and beyond.
Continuous Audits for a Rapid Release Schedule
With top-tier security audits in high demand, the process of scheduling and completing multiple audits for a complex project can be time-consuming. The OpenZeppelin Secure Audit played a crucial role in supporting Matter Labs' accelerated release schedule. As estimated by Head of Security at Matter Labs, Anton Astafiev, without having OpenZeppelin on retainer, the path to mainnet would have taken at minimum ten months. By reserving audit slots in advance and aligning them with the development schedule, Matter Labs could rapidly iterate on its codebase while maintaining the highest security standards and was able to accomplish this feat in six months, leading to a massive time savings. This approach eliminated the need for ad hoc audits and the associated setup costs and time delays. It also ensured that auditors familiar with Matter Labs' infrastructure and codebase were readily available, providing a seamless experience similar to having the OpenZeppelin team in-house.
Extensive Auditing and Ongoing Support
The OpenZeppelin Secure Audit is streamlined, enabling developers and the audit team to work together, clearly tracking all issues and comments. Any request for clarification will receive a prompt and thorough response from the team behind OpenZeppelin Contracts, ensuring a coherent flow of communication between teams.
To date, OpenZeppelin has performed multiple audits for zkSync’s layer 1 contracts on a recurring basis along with the bootloader as well as the fee and token bridge model and will continue to provide check-ups of Matter Labs’ codebases as the team continues to innovate.
- 60 unique contracts audited
- 10+ contracts on L1, including bridge and rollup contracts
- 15+ system contracts on L2, including the Bridge contracts and Bootloader, a complex piece of software written in Yul that handles parts of the protocol logic
- Full audits of on-chain components and a novel account abstraction system embedded into the protocol
- ~2,500 auditor hours since September, across 8 Security Researchers
- 50+ issues found in Q1 of 2023 (2 Critical and 5 High severity)
- Monthly diff audits to ensure that a rapid pace of development can be achieved without sacrificing security
OpenZeppelin’s Expertise and Reputation
OpenZeppelin has established itself as a trusted leader in blockchain security, having conducted over 200 security audits for prominent blockchain projects, including Coinbase, the Ethereum Foundation, and Compound. The company's security researchers possess extensive experience in various programming languages and in-depth knowledge of distributed payment networks, financial structures, and governance systems. Leveraging proprietary audit tools and employing multiple reviewers, OpenZeppelin meticulously analyzes smart contract code line-by-line, ensuring audited projects receive the highest level of quality and security.
Since its inception in 2015, OpenZeppelin has secured and supported the builders throughout many shifts in the ecosystem. If you are interested in adopting a continuous audit model with OpenZeppelin for your community or project, fill out our request form today.