Forced operations overview
In order to guarantee self custody of funds, thereby preventing censorship, StarkEx enables a user to perform a forced request at any point in time. The user initiates a forced request with an on-chain transaction. If you, the operator, do not serve the request within a specified period of time, the user can freeze the contract, and thus the exchange, and withdraw directly from the frozen contract.
Full withdrawal
The only forced operation that StarkEx Spot Trading supports is Full withdrawal, which fully withdraws all of a user’s funds, with or without the operator’s approval. The full withdrawal operation guarantees that the off-chain application cannot block users from accessing their funds.
The
fullWithdrawalRequest
function is an anti-censorship mechanism that enables a user to withdraw their funds without the application’s permission. This function consumes a lot of gas and is expected to be used only as an anti-censorship mechanism.
To avoid a potential denial of service (DoS) attack on the application by a flood of full withdrawal requests, the cost of such requests must be limited. So the request’s cost exceeds 1M gas, and a single batch can include a maximum of only ten full withdrawal requests.
For information on regular withdrawals, see The withdrawal flow and Withdrawing funds from the StarkEx contract.
Forced operation flows
There are two possible flows, based on how you, the operator, respond to the forced operation request:
The operator serves the forced operation request
-
The user sends the forced operation to the contract.
-
The operator sends the forced operation to StarkEx.
-
StarkEx decides whether the on-chain request is valid based on the identity of the exact request and the business logic involved.
-
Alice sends an on-chain full withdrawal request to withdraw 1,000 USDC from a specific off-chain vault that she claims to own.
-
The operator sends the forced operation to StarkEx.
The operator determines the order in which it processes transactions, and can place the forced operation anywhere in the transaction queue as long as they process it within the grace period.
-
StarkEx determines if the forced operation is valid.
Valid request 1,000 USDC is deducted from Alice’s off-chain balance, and registered on-chain as belonging to Alice.
Invalid request If either of the following is true, StarkEx proves the request is not valid, and does not move any funds on-chain:
-
Alice has less than 1,000 USDC.
-
Alice’s public Stark key does not match the public Stark key registered with the vault .
After the proof for this request is submitted, whether the request is valid or invalid, the request is removed from the pending forced operations area in the StarkEx contract. If the request is invalid, the operator does not need to serve the request, and Alice cannot freeze the contract. If Alice wants to try again, she must submit a new request.
-
The operator does not serve the forced operation request
-
The user sends the forced operation to the contract.
-
The operator does not send the forced operation to StarkEx.
When the freeze grace period has passed and the forced operation is still in the pending forced operations area, any user can call the freezeRequest function, with the public Stark key and the
vault
ID they used in the ignored forced operation.
As a result, the exchange becomes frozen, and it can accept no further state updates. Withdrawals of on-chain funds are still possible.