Off-chain state
Balances tree
The first element in the off-chain state of StarkEx is the Balances tree. The Balances tree is a Merkle Tree, whose leaves are StarkEx Vaults. Each vault contains a unique Stark key, which identifies the user in the off-chain state. Other elements in the vault are defined according to the business logic.
Orders tree
The Orders tree is a Patricia tree, which is easier to update and search than a Merkle tree. The Orders tree prevents the operator from replaying transactions in the system. To prevent this attack, StarkEx does the following:
-
A leaf in the Orders tree represents an order. Each leaf has a key and a value. The leaf key,
i
, serves as the id of the leaf. The key value includes the already fulfilled amount of the limit order with the hashi
. For example, if Alice signed a transfer request for 1000 USDC, with a hash value0xdeadbeef
, StarkEx stores 1000 quantized USDC in leaf index0xdeadbeef
in the Orders tree. -
If the Operator tries to resubmit Alice’s order, then when validating a transfer, StarkEx checks that this transfer was not previously executed by checking that the value in leaf number
0xdeadbeef
is zero. Because the value is not zero, the on-chain Cairo Verifier cannot accept this order. -
StarkEx uses the Orders tree to keep track of assets that were previously minted.
The Orders tree also supports partial fulfillment of limit orders. |
Enforcing consistency in the on-chain state
The StarkEx smart contract stores the root of the Balances tree and the root of the Orders tree, which are a commitment to the off-chain state. The off-chain state is the tuple of roots. The state is updated when the contract receives a new proof that there exists a valid sequence of transactions that, when executed, changes the current state to a new state.
Vault Structure
The vault contains the following fields:
-
starkKey
- the public key of the vault’s owner. Transfers and trades from this vault must be signed with this key. -
The
assetId
that this vault contains (only one type per vault). -
The
amount
, quantized, that this vault contains.
An empty vault has a balance of 0.
An empty vault has no owner. You can reassign it.
Every vault contains one asset type. So limit orders have two vaults as input, as follows:
|