Important
This project has not been audited.
On-chain RISC Zero proof verification for Stellar. The contract architecture mirrors the version-management pattern from risc0-ethereum.
- Verify a proof: integrate from your Soroban contract or verify via CLI
- Deploy & operate: deploy the verifier stack, manage roles, delays, emergency stop
- Upgrade Groth16 parameters: deploy a new verifier version when RISC Zero params change
- Architecture: how it all fits together
More in the docs index.
┌─────────────────────┐
│ TimelockController │──── proposer / executor / canceller
│ (owns the router) │
└──────────┬──────────┘
│ owner
┌──────────▼──────────┐
│ VerifierRouter │──── routes verify() by 4-byte selector
└──────────┬──────────┘
│ selector lookup
┌──────────────────────────────────┐
│ │
┌──────────▼──────────┐ ┌──────────▼──────────┐
│ EmergencyStop │ │ EmergencyStop │
│ (wraps verifier) │ │ (wraps verifier) │
└──────────┬──────────┘ └──────────┬──────────┘
│ │
┌──────────▼──────────┐ ┌──────────▼──────────┐
│ Groth16Verifier │ │ (other verifiers) │
└─────────────────────┘ └─────────────────────┘
- TimelockController: governance; all router mutations go through a delay
- VerifierRouter: routes
verify()by the first 4 bytes of the proof seal - EmergencyStop: per-verifier circuit breaker, permanently disables a verifier
- Groth16Verifier: verifies RISC Zero Groth16 (BN254) proofs
See architecture for the full design.
Please read CONTRIBUTING.md before opening a PR.
To report a vulnerability, see SECURITY.md.