The Role of the Sequencer

Similar to miners in Bitcoin or validators in Ethereum, the sequencer in zkTrue-up is responsible for collecting usersโ€™ transactions, batching them, and sending them to Ethereum.

Once transactions are batched, a zero-knowledge proof verifying their correct execution will be created and then submitted to Ethereum. Note that this proving role does not need to be carried out by the sequencer: it could be designed as an open marketplace for provers. In our early stages however, the same sequencer will be responsible for proof generation and submission. Afterward, this role will be gradually decentralized.

In spite of the centralized role of the sequencer in the early stage, the security of the system as a whole is not impacted. Our rollup remains fully non-custodial: the sequencer can not take away users' funds or act on users' behalf. The only way a user can operate within zkTrue-up is to sign transactions with their own private key. Any invalid state originating from invalid transactions would result in an invalid proof, which would be rejected by the smart contract verifier.

Admittedly, the sequencer has the following potential impacts listed below:

Transaction Ordering

We do note that the sequencer can choose not to maximize a userโ€™s profit in the order-matching process by giving the userโ€™s borrow order a lower priority in the order queue. Just like validators in Ethereum or sequencers in other rollups, our sequencer could potentially maximize its benefits by ordering transactions in its favor.

However, zkTrue-up is not a general-purpose rollup that is applied to AMM-based and peer-to-pool lending protocols. Our sequencer earns nothing from re-arranging users' orders and transactions. Additionally, in order to make the auction process fair, our sequencer hides the order amount from all users before the orders are matched in an auction round.


While our sequencer censoring users' orders poses a risk, it is our policy to allow the sequencer to cancel specific users' orders at its own discretion. It is not possible to match all orders with insignificant bid amounts or ridiculous interest rates. Accepting all of these orders would invite a DDoS attack vector.

Of course, it would be possible to set up rules for reasonable orders on the L1 contract and have all users submit their orders directly to the L1 contract. This way the orders would be public and there would be no way for censorship. But such approach would worsen the user experience and inflict huge costs on them.

If some users find their transactions being censored by the sequencer, they can always perform a forced withdrawal to move their funds back to the L1 directly.

Shutdown Scenario

Lastly, the sequencer can become inactive due to a bad network connection or server shutdown. If the sequencer does not post new transactions and proofs to the zkTrue-up contract for a certain period of time, users can initiate self-withdrawal by generating zero-knowledge proofs of their own to prove they hold funds on Term Structure, and withdraw them back to Ethereum. This is called evacuation mode. We will provide users with the tools and SDKs needed to perform this action easily.

Last updated