The first element in the off-chain state of StarkEx is the Balances tree. The Balances tree is a Merkle Tree, whose leaves are StarkEx Vaults. Each vault contains a unique Stark key, which identifies the user in the off-chain state. Other elements in the vault are defined according to the business logic.
The Orders tree is a Patricia tree, which is easier to update and search than a Merkle tree. The Orders tree prevents the operator from replaying transactions in the system. To prevent this attack, StarkEx does the following:
A leaf in the Orders tree represents an order. Each leaf has a key and a value. The leaf key,
i, serves as the id of the leaf. The key value includes the already fulfilled amount of the limit order with the hash
i. For example, if Alice signed a transfer request for 1000 USDC, with a hash value
0xdeadbeef, StarkEx stores 1000 quantized USDC in leaf index
0xdeadbeefin the Orders tree.
If the Operator tries to resubmit Alice’s order, then when validating a transfer, StarkEx checks that this transfer was not previously executed by checking that the value in leaf number
0xdeadbeefis zero. Because the value is not zero, the on-chain Cairo Verifier cannot accept this order.
StarkEx uses the Orders tree to keep track of assets that were previously minted.
The Orders tree also supports partial fulfillment of limit orders.
The StarkEx smart contract stores the root of the Balances tree and the root of the Orders tree, which are a commitment to the off-chain state. The off-chain state is the tuple of roots. The state is updated when the contract receives a new proof that there exists a valid sequence of transactions that, when executed, changes the current state to a new state.
The vault contains the following fields:
starkKey- the public key of the vault’s owner. Transfers and trades from this vault must be signed with this key.
assetIdthat this vault contains (only one type per vault).
amount, quantized, that this vault contains.
An empty vault has a balance of 0.
An empty vault has no owner. You can reassign it.
Every vault contains one asset type. So limit orders have two vaults as input, as follows: