TL;DR:
The independent assessment by Bgdlabs finds Polygon zkEVM, a Layer 2 Ethereum scalability solution, suitable for deploying the Aave protocol despite being in its Beta stage. The report highlights zkEVM's compatibility with Ethereum standards, support for Aave's oracles and multi-signature infrastructure, and its commitment to security and upgrades, while advising a conservative approach during the initial phase due to potential instability and the need for development resources.
The discussion revolves around the independent assessment conducted by Bgdlabs on the suitability of Polygon zkEVM for deploying an instance of the Aave protocol. Polygon zkEVM, a Layer 2 ZK/validity rollup and a decentralized Ethereum Layer 2 scalability solution, is still in its Beta stage. The evaluation methodology includes assessing each component important for Aave separately and assigning simplified “grades”.
The Aave protocol uses three types of oracles: prices, sequencer uptime, and Proof-of-Reserve. Polygon zkEVM has Chainlink price feeds available for the major assets on the network. However, it doesn't have Chainlink L2 Sequencer Uptime, but the Polygon zkEVM team has prioritized providing the equivalent of this oracle. The official blockchain explorer of the Polygon zkEVM network is a white-labeled instance of Etherscan, which is a fundamental component for Aave and other blockchain projects.
The report also highlights the importance of basic compatibility with the Ethereum nodes RPC de-facto standard (eth_, web3_) for Aave or any other protocol. Polygon zkEVM is fully compatible with the standard Ethereum account format, allowing existing account holders to use it without creating a new wallet. It provides reliable public RPC infrastructure, which is crucial for Aave. It offers public RPC endpoints and Node-as-a-Service providers like Alchemy or Ankr. However, some instability was noticed during testing, which the Polygon zkEVM team is working on improving.
Polygon zkEVM does not have any custom behavior affecting the execution model on the virtual machine. It has equivalence with Ethereum pre-1559 and is set to upgrade to post-1559 in early 2024. Polygon zkEVM is supported by the majority of chain-agnostic wallets, including Metamask, Ledger, and Coinbase Wallet. Some smart contract-based wallets may not support it, but this is expected for a young network.
Polygon zkEVM has an instance of the Gnosis Safe contracts on-chain, which is crucial for Aave's on-chain multi-signature infrastructure. The user interface and server infrastructure are not the official Safe, but a fork on zksafe.quickswap.exchange. An official Safe instance is expected to be live soon. Polygon zkEVM allows for transaction simulations on forked production networks, which is an important development experience component. It has been tested with Foundry and should be compatible with Hardhat. Integration with Tenderly is currently being worked on by the Polygon team.
The bridging infrastructure for Aave, which includes assets and generic messaging, is supported by Polygon zkEVM. The security of ERC20 smart contracts for bridged assets is also confirmed, with the main tokens sharing the same implementation. Polygon zkEVM has an Immunefi bug bounty campaign running and a sizeable in-house team of security experts. In case of any security incidents, Polygon has confirmed that it will act quickly to protect against damage, engage independent security experts, and communicate with the Aave community.
The security audits of zkEVM are available for review. Network upgrades or patches to Polygon zkEVM follow a multi-step procedure involving defined roles, participation of security researchers and engineers, audits in different steps, updates of open-sourced repositories, and a time lock for applying changes. The network has experienced significant upgrades and consequent downtimes, which risk providers should consider when recommending initial listing parameters.
The analysis concludes that Polygon zkEVM, despite being in an early stage, meets the technical requirements for the Aave v3 protocol. The community is advised to start with conservative caps during a 1-month warm-up period to prevent rapid liquidity growth. Expanding Aave to this network will require allocating development resources for setup, maintenance, and monitoring, similar to other networks. Despite the centralization, the validity-rollup nature of zkEVM is a strong aspect to consider. The next steps involve reporting from the risk side of the community (ChaosLabs and Gauntlet)), followed by a final Snapshot vote for the community to approve the deployment and activation of Aave v3 on zkEVM.
Posted 3 months ago
Last reply 3 months ago
Summary updated 2 months ago
Last updated 08/12 04:39