GRVT uses a Web3 self-custody model, similar to DeFi projects.
To take Uniswap, or USDC as examples, the trust boundary that users have to extend are limited to:
The correct functioning and decentralisation of Ethereum
The correct functioning of the Uniswap/USDC smart contracts
The safe self-custody of user private keys
At GRVT, the trust boundary is not much different. Trust is extended to four components:
Ethereum
ZKSync L1 Smart Contracts (including bridge)
GRVT L2 Smart Contracts
User Private Keys
GRVT also collaborates with Spearbit DAO for smart contract audits to ensure high security levels.
As for the security of ZKSync, it has been securing on average 500M TVL since March 2023 (zkSync Era - TVL), demonstrating strong evidence that ZKSync’s smart contracts are highly secure. No significant compromises have been observed to date.