Forced operations overview
In order to guarantee self custody of funds, thereby preventing censorship, StarkEx enables a user to perform a forced request at any point in time. The user initiates a forced request with an onchain transaction. If the operator does not serve the request within a specified period of time, the user can freeze the contract, and thus the exchange. Once the exchange is frozen, any user can withdraw directly from the frozen contract.
Full withdrawal
The only forced operation that StarkEx Spot Trading supports is Full withdrawal, which fully withdraws all of a user’s funds, with or without the operator’s approval. The full withdrawal operation guarantees that the offchain application cannot block users from accessing their funds.
The
fullWithdrawalRequest
function is an anti-censorship mechanism that enables a user to withdraw their funds without the application’s permission.
|
A potential attacker could attempt a denial of service (DoS) attack on the application with a flood of
full withdrawal requests.
To limit the number of such requests, thereby preventing such an attack, the
|
For information on regular withdrawals, see The withdrawal flow and Withdrawing funds from the StarkEx contract.
Forced operation flows
There are two possible flows, based on how the operator responds to the forced operation request:
The operator serves the forced operation
-
The user sends the forced operation to the contract on L1.
-
The operator sends the forced operation to StarkEx.
-
StarkEx validates the onchain request, based on the identity of the exact request and the business logic involved.
Example: Serving the forced operation
-
Alice sends an onchain full withdrawal request to withdraw 1,000 USDC from a specific offchain vault that she claims to own.
-
The operator sends the forced operation to StarkEx.
The operator determines the order in which it processes transactions, and can place the forced operation anywhere in the transaction queue as long as they process it within the grace period.
-
StarkEx determines if the forced operation is valid.
Valid request 1,000 USDC is deducted from Alice’s offchain balance, and registered onchain as belonging to Alice.
Invalid request If either of the following is true, StarkEx proves the request is not valid, and does not move any funds onchain:
-
Alice has less than 1,000 USDC.
-
Alice’s public Stark key does not match the public Stark key registered with the vault .
After the proof for this request is submitted, whether the request is valid or invalid, the request is removed from the pending forced operations area in the StarkEx contract. If the request is invalid, the operator does not need to serve the request, and Alice cannot freeze the contract. If Alice wants to try again, she must submit a new request.
-
The operator does not serve the forced operation
-
The user sends the forced operation to the contract.
-
The operator does not send the forced operation to StarkEx.
When the freeze grace period has passed and the forced operation is still in the pending forced operations area, any user can call the freezeRequest function, with the public Stark key and the
vault
ID they used in the ignored forced operation.
As a result, the exchange becomes frozen, and it can accept no further state updates. Withdrawals of onchain funds are still possible.