Back to Blogresearch
ZK-Rollup Security: Current Landscape and Risks
Security analysis of zero-knowledge rollup implementations and their trust assumptions.
ExVul Research Team
Security Researchers
November 202414 min
#ZK-Rollup#Layer 2#Zero Knowledge
ZK-Rollup Landscape
ZK-rollups promise trustless scaling through validity proofs. However, current implementations have various trust assumptions that users should understand.
Security Considerations
- Trusted setup ceremonies and their implications
- Upgradeability and admin key risks
- Sequencer centralization
- Prover availability and censorship resistance
- Bridge security and withdrawal delays
Most ZK-rollups currently have upgrade keys that could theoretically drain all funds. Check the security council structure before depositing significant value.
Trust Assumptions
Understand what you're trusting
Upgrade Keys
Check admin key controls
Escape Hatches
Verify withdrawal mechanisms