Architecture
Transaction validation

Transaction validation#

Once the batches have been successfully aggregated on layer 1, all ZKEVM nodes can verify their local layer 2 state by directly retrieving and validating consolidated roots from the layer 1 Consensus Contract (ZkEVM.sol). This marks the achievement of a consolidated layer 2 state.

Batch rollup verifier#

The rollupVerifier is an external contract featuring a critical function known as verifyProof. This function takes a proof (proofA, proofB, proofC) and an input value called inputSnark. It then returns a Boolean value, which is true if the proof is valid and false`` if it is not. Verification of the proof successfully attests to the computation’s integrity. However, it does not guarantee the use of correct inputs or the production of accurate output values. To address this, public arguments are employed to openly disclose crucial aspects of computation under scrutiny. This disclosure proves that the computation was executed using the correct inputs and reveals the outputs. In the process of proof verification, the layer 1 smart contract configures these public arguments to confirm that the state transition being proven aligns with the execution of batches committed by the trusted sequencer.

Batch inputSnark#

The inputSnark serves as a 256-bit unique cryptographic representation of a specific layer 2 state transition. It is utilized as a public argument. To calculate it, we take the sha256 modulo % _RFIELD hash of a byte string referred to as snarkHashBytes. The modulo operator is essential due to the mathematical primitives employed in SNARKs. The snarkHashBytes array is computed through a smart contract function known as getInputSnarkBytes. It is an ABI-encoded packed string encompassing the following values:

Variable nameDescription
msg.senderThe address of the trusted aggregator
oldStateRootThe layer 2 state root representing the layer 2 state before the state transition being proven
oldAccInputHashThe accumulated hash of the last batch that was aggregated
initNumBatchThe index of the last batch that was aggregated
chainIDA unique chain identifier
newStateRootThe layer 2 state root represents the layer 2 state after the state transition being proven
newAccInputHashThe accumulated hash of the last batch in the sequence being aggregated
newLocalExitRootThe root of the bridge’s layer 2 Exit Merkle tree at the conclusion of sequence execution
finalNewBatchThe number of the final batch within the execution range

inputSnark encapsulates all the layer 2 transactions associated with a specific layer 2 state transition, executed in a specific order, on a specific layer 2 (chainID), and validated by a specific trusted aggregator (msg.sender). The trustedVerifyBatches function not only verifies the validity of the zero-knowledge proof but also validates that the value of inputSnark corresponds to a pending layer 2 state transition scheduled for aggregation. If the internal call to _verifyAndRewardBatches returns true, it signifies the successful verification of the sequence of batches. Consequently, the newStateRoot argument is added to the batchNumToStateRoot mapping. The index of the last batch within the sequence is employed as the key for the entry. Finally, an event named TrustedVerifyBatches is emitted:

event TrustedVerifyBatches (
  uint64 indexed numBatch,
  bytes32 stateRoot,
  address indexed aggregator
);