Swivel Community Update
Testnet Feedback Program & Community Review
A month into our testnet, we felt it was a good time to give a review of it’s performance as well as acknowledge the users that contributed valuable feedback!
If you contributed feedback, check your zkSync wallet, or check our list of rewarded addresses!
Testnet Feedback Program
While we initially committed to paying out $5000 USDC in an initial round of feedback incentives, with the significant amount of donations received in Gitcoin Grants Round 9, we will be continuing these incentives perpetually.
That said, we will be deprecating/ending our typeform based rewards and instead rewarding community members directly through our discord!
With this small change, all of our community’s feedback and criticism can be a bit more public. In the process we hope to foster a more inclusive medium for discussion within the community.
Feedback / Bug Bounty Results:
Over the past month we received around 400 typeform responses for our feedback program, each response being rewarded $10-75 USDC.
About ~100 were something along the lines of “Wow, really great, no flaws” which has been great to pass along to the team.
An additional ~100 we’re related to a specific on-chain “DOS” issue (If you can call it that) which is discussed below.
The rest were split roughly even between minor visual bugs, UI latency, or general UI/UX suggestions.
Issues Identified:
We identified a number of minor issues, including one that while non-critical, nonetheless bottlenecked our orderbook.
No critical issues have been identified, and all contract execution performed as expected.
Minor Issues:
Kovan ETH and DAI supply shortages
Infura subscription timeouts
Orderbook pruning from incorrect PoV
Sybil attacks on rewards
Orderbook pruning speed allowed on-chain "DOS"
“DOS” Bottleneck:
While this really isn’t any conventional form of Denial of Service, and it might not be proper to call it such, we sustained attacks that were intentionally meant to prevent market orders from settling.
Effectively, a user can place an order, and then remove approvals, or move their balance within 1 block, leaving their placed order insolvent.
Our engine checks for this insolvency, but in many cases, it will not be quick enough in within that 1 block to prevent users from attempting to fill the insolvent order, leading to a bottleneck.
That said, we’ve now optimized our engine and mitigated this issue to the utmost degree possible.
Given this is an economically expensive attack with no economic benefit, this sort of attack is unlikely in a live environment, however we are happy to have identified the issue nonetheless!
Why ZKSync
With the many layer-2 solutions out there, we’ve been asked, why did we choose ZKSync for our rewards program?
With costs lower on other layer-2 solutions, and security not paramount for the use case, it might seem ridiculous to use ZKSync over alternatives. However our bottom line isn’t cost, our bottom line is community.
That said, by distributing our rewards using ZKSync, we are suggesting that those receiving rewards pay them forward in Gitcoin Grants Round 10. With Gitcoin’s native ZKSync integration, distributing funds through ZKSync’s rollup solution reduces the costs for users donating by ~90%.
With this sort of self-sustaining model, not only can our community grow organically, all of the open-source community.
Website | Substack | Discord | Twitter | Github | Gitcoin
0x595823F9D3980520DA19dec31D81530Ca91d8b5a
0x595823F9D3980520DA19dec31D81530Ca91d8b5a