MixBytes team was engaged and has verified wstETH deployment on Scroll. Three security researchers checked the presented information according to the internal checklist. The results are as follows:
- Scroll aims to build a fully compatible zkEVM that will have all the features and precompiles that the standard EVM version does. This allows protocols to deploy as is, using contracts that were developed for the Ethereum blockchain. The current zkEVM version that is used by Scroll differs only for these opcodes, but these opcodes don’t affect the scope.
- Bridge architecture is simple and allows transfers of wstETH and governance decisions only. The wstETH token on Scroll has an unnecessary callback, which brings additional possible risks to token integration in the future. Protocols that will integrate wstETH on Scroll should be aware of this callback.
- All deployed contracts fully match the audited ones. All contracts are deployed from EOA, so there is no risk of a changeable contract code.
- All contracts were correctly deployed and initialized.
- All roles for the contracts are set as expected. ProxyAdmin for the
L1LidoGatewayshould be updated to this address; for theL2LidoGatewayandL2WstETHTokenProxyAdmin should be updated to this address. Currently, ProxiAdmins are controlled by the Scroll team, but this should be changed in the second stage of the deployment.