On-chain ZK Verifiers

How Axiom verifies ZK proofs on-chain.

To verify ZK proofs on-chain, Axiom uses specialized smart contracts which are programmatically generated for each SNARK. This was done with the snark-verifier library developed by the Privacy Scaling Explorations group at the Ethereum Foundation, which generates Yul code for verifying any given ZK circuit.

Compiling ZK Circuits to On-Chain Verifiers

We record the Rust command using snark-verifier which generates each of the on-chain ZK circuit verifiers below.

VerifierYul Generation Command

AxiomV1 Verifier

AxiomV1 Historical Verifier

AxiomV1Query Verifier

Deployed Verifier Contracts

The Yul source code for each verifier contract deployed in production is listed on Github. To generate bytecode for deployment, we used the command

solc --yul <YUL FILE> --bin | tail -1 > <BYTECODE FILE>

using solc Version: 0.8.19. For reproduceability, the deployed bytecodes on Etherscan and Yul contracts compiling to them are listed below.

Checking Verifiers are not Metamorphic

In AxiomV1and AxiomV1Query, each of these verifiers is subject to a timelock upgrade guarantee as detailed in Guardrails. To ensure that this timelock guarantee cannot be bypassed by a metamorphic contract attack, users should verify on each upgrade that the bytecode for verifier contracts above does not contain DELEGATECALL or SELFDESTRUCT opcodes. Thanks to Zellic for pointing out this concern.

Verifying the absence of these potentially problematic opcodes is possible either directly from the bytecode view on Etherscan or using tools such as metamorphic-contract-detector or evmdis. For convenience, we have integrated the latter to perform this check automatically in our Github CI for the axiom-v1-contracts repo.

Last updated