On-chain ZK Verifiers
How Axiom verifies ZK proofs on-chain.
To verify ZK proofs on-chain, Axiom uses specialized smart contracts which are programmatically generated for each SNARK. This was done with the
snark-verifierlibrary developed by the Privacy Scaling Explorations group at the Ethereum Foundation, which generates Yul code for verifying any given ZK circuit.
We record the Rust command using
snark-verifierwhich generates each of the on-chain ZK circuit verifiers below.
solc --yul <YUL FILE> --bin | tail -1 > <BYTECODE FILE>
0.8.19. For reproduceability, the deployed bytecodes on Etherscan and Yul contracts compiling to them are listed below.
AxiomV1Query, each of these verifiers is subject to a timelock upgrade guarantee as detailed in Guardrails. To ensure that this timelock guarantee cannot be bypassed by a metamorphic contract attack, users should verify on each upgrade that the bytecode for verifier contracts above does not contain
SELFDESTRUCTopcodes. Thanks to Zellic for pointing out this concern.
Verifying the absence of these potentially problematic opcodes is possible either directly from the bytecode view on Etherscan or using tools such as
metamorphic-contract-detectoror evmdis. For convenience, we have integrated the latter to perform this check automatically in our Github CI for the