Search

Search for projects by name

Kinto logoKinto

Badges

About

Kinto is an Orbit stack L2 with account abstraction and KYC enabled for all users, supporting both modern financial institutions and decentralized protocols.


Value secured
$30.14 M20.9%
Canonically Bridged
$326.03 K
Natively Minted
$0.00
Externally Bridged
$29.81 M

  • Tokens
  • Past day UOPS
    0.06245%
  • 30D ops count
    61.59 K
  • Gas token
    ETH

  • Stage
  • Type
    Optimistic Rollup
  • Purpose
    KYC-ed DeFi
  • Sequencer failureState validationData availabilityExit windowProposer failure

    Badges

    About

    Kinto is an Orbit stack L2 with account abstraction and KYC enabled for all users, supporting both modern financial institutions and decentralized protocols.

    Stages changes

    116d
    11h
    52m
    17s
    The project will be downgraded to
    Stage 0
    because it does not satisfy an upcoming Stage 1 principle.

    The project will move to Stage 0 because:

    Compromising ≥75% of the Security Council should be the only way (other than bugs) for a rollup to indefinitely block an L2→L1 message (e.g. a withdrawal) or push an invalid L2→L1 message (e.g. an invalid withdrawal).
    Learn more about the new requirements
    Value Secured

    2024 Apr 03 — 2025 Apr 03


    Total value securedTotal
    $30.14 M20.9%
    Canonically BridgedCanonically Bridged ValueCanonical
    $326.03 K1.10%
    Natively MintedNatively Minted TokensNative
    $0.000.00%
    Externally BridgedExternally Bridged ValueExternal
    $29.81 M21.1%
    Activity

    2024 Apr 03 — 2025 Apr 02

    Onchain costs

    The section shows the operating costs that L2s pay to Ethereum.


    2024 Apr 03 — 2025 Apr 02


    1 year total cost
    $27.52 K
    Avg cost per L2 UOP
    $0.039408
    1 year data posted
    232.00 MiB
    Avg size per L2 UOP
    396.95 B

    Milestones & Incidents

    Appchain Stage 1

    2025 Mar 27th

    Users can exit the L2 in case of unwanted upgrades by actors other than the Security Council.

    Learn more

    Security Council Governance

    2024 Nov 3rd

    Kinto gives the ownership of all L1 system contracts to a Security Council that is properly set up.

    Learn more
    Risk summary
    Fraud proof system is fully deployed but is not yet permissionless as it requires Validators to be whitelisted.
    Risk analysis
    Fraud proof system is fully deployed but is not yet permissionless as it requires Validators to be whitelisted.
    Sequencer failureState validationData availabilityExit windowProposer failure
    Sequencer failure
    Self sequence

    In the event of a sequencer failure, users can force transactions to be included in the project’s chain by sending them to L1. There can be up to a 1d delay on this operation.

    State validation
    Fraud proofs (INT)

    Fraud proofs allow 5 WHITELISTED actors watching the chain to prove that the state is incorrect. At least 5 Challengers are external to the Operator. Interactive proofs (INT) require multiple transactions over time to resolve. There is a 6d 8h challenge period.

    Data availability
    Onchain

    All of the data needed for proof construction is published on Ethereum L1.

    Exit window
    None

    There is no exit window for users to exit in case of unwanted regular upgrades of the L1 as they are initiated by the Security Council with instant upgrade power and without proper notice. Upgrades initiated by actors other than the Security Council (e.g. KYC providers) on Layer 2 guarantee at least a 7d exit window to the user.

    Proposer failure
    Self propose

    Anyone can become a Proposer after 12d 17h of inactivity from the currently whitelisted Proposers.

    Rollup stageKintoKinto is a
    Stage 1
    Appchain
    Optimistic Rollup.
    In scope

    Ability to deposit, spend, and withdraw the gas token (ETH)

    Derivation logic spec

    Upgradability of standard Orbit stack L1 and L2 core contracts

    Upgradability of Kinto-specific L2 contracts: KintoAppRegistry, KintoWalletFactory, KintoID, AccessManager, KintoWallet, EntryPoint

    Signer policies and recovery process for the KintoWallet

    Forced transaction mechanism via L1 through the EntryPoint and the KintoWallet

    Not in scope

    Non-gas tokens

    Source code to program hash mapping

    Upgradability of other whitelisted L2 contracts, including Socket bridge infrastructure

    Crosschain DeFi applications

    Rollup operators cannot compromise the system, but being application-specific might bring additional risk.

    Kinto enforces the use of smart wallets and KYC. A valid state transition in Kinto disallows all transactions by EOAs and new contracts creation, unless specifically whitelisted. This setup effectively enforces smart wallet use because the auxiliary contracts of the standard KintoWallet smart wallet (like the EntryPoint and the KintoWalletFactory) are whitelisted. The KYC validation is part of the KintoWallet signature verification. Since all users must use the same implementation of this smart wallet, all user transactions on Kinto check for an up-to-date KYC flag, and are dropped in case the check fails. The system ensures that KYC can be revoked only if the Security Council proactively agrees to a proposed status change by a KYC provider. The Security Council has been historically following KYC provider decisions and it is explicitly tasked to do so. The KintoWallet implementation supports different signer thresholds with a maximum of 4 signers. The first signer for each users smart wallet though is enforced to be held by Turnkey in a TEE. Users can make transactions using this first signer only through Kinto's frontend. Authenticated by a passkey, the Turnkey TEE then signs the transaction for them and submits it to the L2. The user can still choose to not trust Turnkey by adding 2 EOA signers to their wallet and setting their signer policy to 2/3 during wallet creation. Contracts outside of the ones necessary to interact with the smart wallet and to withdraw the gas token are out of scope for the stage assessment and might present additional risks.

    Note:
    We're still in the process of formalizing how to properly integrate appchains in the Stages framework.

    New requirements coming soon

    116d
    11h
    52m
    17s
    The project will be downgraded to
    Stage 0
    because it does not satisfy an upcoming Stage 1 principle.
    Compromising ≥75% of the Security Council should be the only way (other than bugs) for a rollup to indefinitely block an L2→L1 message (e.g. a withdrawal) or push an invalid L2→L1 message (e.g. an invalid withdrawal).
    Learn more about the new requirements

    Learn more about Rollup stages
    Please keep in mind that these stages do not reflect rollup security, this is an opinionated assessment of rollup maturity based on subjective criteria, created with a goal of incentivizing projects to push toward better decentralization. Each team may have taken different paths to achieve this goal.
    Data availability

    All data required for proofs is published on chain

    All the data that is used to construct the system state is published on chain in the form of cheap blobs or calldata. This ensures that it will be available for enough time.

    1. Sequencing followed by deterministic execution - Arbitrum documentation
    2. SequencerInbox.sol - source code, addSequencerL2BatchFromOrigin function
    Learn more about the DA layer here: Ethereum logoEthereum
    State validation
    A diagram of the state validation
    A diagram of the state validation

    Updates to the system state can be proposed and challenged by a set of whitelisted validators. If a state root passes the challenge period, it is optimistically considered correct and made actionable for withdrawals.


    State root proposals

    Whitelisted validators propose state roots as children of a previous state root. A state root can have multiple conflicting children. This structure forms a graph, and therefore, in the contracts, state roots are referred to as nodes. Each proposal requires a stake, currently set to 0.1 ETH, that can be slashed if the proposal is proven incorrect via a fraud proof. Stakes can be moved from one node to one of its children, either by calling stakeOnExistingNode or stakeOnNewNode. New nodes cannot be created faster than the minimum assertion period by the same validator, currently set to 15m. The oldest unconfirmed node can be confirmed if the challenge period has passed and there are no siblings, and rejected if the parent is not a confirmed node or if the challenge period has passed and no one is staked on it.

    • Funds can be stolen if none of the whitelisted verifiers checks the published state. Fraud proofs assume at least one honest and able validator (CRITICAL).

    1. How is fraud proven - Arbitrum documentation FAQ
    Challenges

    A challenge can be started between two siblings, i.e. two different state roots that share the same parent, by calling the startChallenge function. Validators cannot be in more than one challenge at the same time, meaning that the protocol operates with partial concurrency. Since each challenge lasts 6d 8h, this implies that the protocol can be subject to delay attacks, where a malicious actor can delay withdrawals as long as they are willing to pay the cost of losing their stakes. If the protocol is delayed attacked, the new stake requirement increases exponentially for each challenge period of delay. Challenges are played via a bisection game, where asserter and challenger play together to find the first instruction of disagreement. Such instruction is then executed onchain in the WASM OneStepProver contract to determine the winner, who then gets half of the stake of the loser. As said before, a state root is rejected only when no one left is staked on it. The protocol does not enforces valid bisections, meaning that actors can propose correct initial claim and then provide incorrect midpoints.

    1. Fraud Proof Wars: Arbitrum Classic
    Operator

    The system has a centralized sequencer

    While forcing transaction is open to anyone the system employs a privileged sequencer that has priority for submitting transaction batches and ordering transactions.

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

    1. Sequencer - Arbitrum documentation

    Users can force any transaction

    Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly. After a delay of 1d in which a Sequencer has failed to include a transaction that was directly posted to the smart contract, it can be forcefully included by anyone on the host chain, which finalizes its ordering.

    1. SequencerInbox.sol - source code, forceInclusion function
    2. Sequencer Isn't Doing Its Job - Arbitrum documentation
    Sequencing

    Delayed forced transactions

    To force transactions from the host chain, users must first enqueue “delayed” messages in the “delayed” inbox of the Bridge contract. Only authorized Inboxes are allowed to enqueue delayed messages, and the so-called Inbox contract is the one used as the entry point by calling the sendMessage or sendMessageFromOrigin functions. If the centralized sequencer doesn’t process the request within some time bound, users can call the forceInclusion function on the SequencerInbox contract to include the message in the canonical chain. The time bound is hardcoded to be 1d.

    Withdrawals

    Regular messaging

    The user initiates L2->L1 messages by submitting a regular transaction on this chain. When the block containing that transaction is settled, the message becomes available for processing on L1. The process of block finalization usually takes several days to complete.

    1. Transaction lifecycle - Arbitrum documentation
    2. L2 to L1 Messages - Arbitrum documentation
    3. Mainnet for everyone - Arbitrum Blog

    Autonomous exit

    Users can (eventually) exit the system by pushing the transaction on L1 and providing the corresponding state root. The only way to prevent such withdrawal is via an upgrade.

    Other considerations

    Enforced smart wallets and KYC

    The Kinto L2 node is a fork of Arbitrum’s geth implementation with notable changes to the state transition function. A valid state transition in Kinto disallows all transactions by EOAs and new contract creation, unless specifically whitelisted. The current whitelist is sourced directly from the KintoAppRegistry smart contract on Kinto L2, and can be modified by the L2 governance. This setup effectively enforces smart wallet use because the auxiliary contracts of the standard KintoWallet smart wallet (like the EntryPoint and the KintoWalletFactory) are whitelisted.

    The KYC validation is part of the KintoWallet signature verification. Since all users must use the same implementation of this smart wallet, all user transactions on Kinto check for an up-to-date KYC flag, and are dropped in case the check fails.

    • Users can be censored if a KYC provider changes the users' KYC status and the Security Council confirms it.

    • Funds can be lost if the user interacts with a compromised whitelisted contract.

    1. User Owned KYC - Kinto documentation
    Upgrades & Governance
    A diagram of the upgrades and governance
    A diagram of the upgrades and governance

    All critical system smart contracts are upgradeable (can be arbitrarily changed). This permission is held by the 6/8 Kinto Security Council on Layer 1 and can be executed without any delay. On the Kinto Layer 2, critical permissions are mostly guarded by an AccessManager contract, and then passed down with configurable delays to both the Security Council and the 2/4 Kinto Multisig 2.

    The Appchain designation of Kinto is mainly due to a modified L2 node, which queries a special censoring contract on L2 (called KintoAppRegistry) for a whitelist to filter transactions. This makes the KintoAppRegistry contract a critical system contract and any change to its configuration equivalent to an upgrade of the Layer 2 system. The KintoAppRegistry contract is also governed via the AccessManager by the Security Council or the Kinto Multisig 2 with a 11d delay.

    Another critical contract on the Appchain is called KintoID. Permissioned actors with the ‘KYC provider’ role in the KintoID contract can ‘sanction’ (freeze) user smart wallets, preventing them from transacting. To protect users from this role which is mostly held by EOAs, a sanction expires if not confirmed by the Security Council within 3d. An expired sanction guarantees the user a 7d cooldown window during which they cannot be sanctioned again.

    The canonical (enforced) smartwallet for users on Kinto can be upgraded via the KintoWalletFactory, using the same path via the AccessManager. Additionally, each smart wallet must use a recoverer address custodied by Turnkey. This allows users to reset the wallet signers via their email in case they lose their passkey. It also necessitates a recovery delay to prevent turnkey from maliciously using their recoverer permission. During this period of 7d, the user can cancel the recovery process with any transaction in their smart wallet.

    The permissioned sanctions logic by KYC providers necessitates at least an 11d delay on all upgrades that aren’t executed by the Security Council, allowing the user at least 7d to exit.

    Permissions

    Ethereum

    Roles:

    Sequencer 0xe27f…6a39

    Can submit transaction batches or commitments to the SequencerInbox contract on the host chain.

    Can propose new state roots (called nodes) and challenge state roots on the host chain.

    Actors:

    Kinto Security Council 0x17Eb…3B7d
    • A Multisig with 6/8 threshold.
    • Can act on behalf of UpgradeExecutor.
    • Is allowed to interact with RollupProxy - Pause and unpause and set important roles and parameters in the system contracts: Can delegate Sequencer management to a BatchPosterManager address, manage data availability, DACs and the fastConfirmer role, set the Sequencer-only window, introduce an allowList to the bridge and whitelist Inboxes/Outboxes - acting via UpgradeExecutor.
    • Can upgrade the implementation of RollupProxy - acting via UpgradeExecutor.
    • Can upgrade the implementation of RollupEventInbox, UpgradeExecutor, ChallengeManager, Outbox, ERC20Gateway, Bridge, Inbox, GatewayRouter, SequencerInbox - acting via ProxyAdmin, UpgradeExecutor.
    1. Security Council members - Kinto Docs
    Kinto Multisig 0xf152…5D82
    • A Multisig with 3/5 threshold.
    • Can upgrade the implementation of Bridger.

    Used in:

    Turnkey Multisig 0xD98B…40e1

    Kinto

    Actors:

    Kinto Multisig 2 0x2e2B…337a
    • A Multisig with 2/4 threshold.
    • Is allowed to interact with NioGuardians - mint Nio Guardian NFTs to any address, inheriting the permissions of the NFT.
    • Is allowed to interact with AccessManager - upgrade the implementation of the core contracts KintoID, KintoAppRegistry and KintoWalletFactory with 7d delay.
    • Is allowed to interact with AccessManager - change the configuration of all AccessManager permissions. The total delay can depend on the target of the configuration with 11d delay.
    • Is allowed to interact with KintoID - manage the KYC status of any user (sanction status and KYC metadata) and mint/burn KintoID NFTs.
    • Can upgrade the implementation of Faucet, SponsorPaymaster.
    KintoSecurityCouncil_L2Alias 0x28fC…4c8e
    • Is allowed to interact with AccessManager - change the configuration of all AccessManager permissions. The total delay can depend on the target of the configuration with 7d delay.
    • Is allowed to interact with AccessManager - manage the whitelisted addresses in the KintoAppRegistry which affects censorship on the entire rollup with 11d delay.
    • Is allowed to interact with AccessManager - upgrade the implementation of the core contracts KintoID, KintoAppRegistry and KintoWalletFactory with 11d delay.

    Is allowed to interact with KintoID - manage the KYC status of any user (sanction status and KYC metadata) and mint/burn KintoID NFTs.

    Is allowed to interact with KintoID - manage the KYC status of any user (sanction status and KYC metadata) and mint/burn KintoID NFTs.

    Is allowed to interact with KintoID - manage the KYC status of any user (sanction status and KYC metadata) and mint/burn KintoID NFTs.

    Is allowed to interact with KintoID - manage the KYC status of any user (sanction status and KYC metadata) and mint/burn KintoID NFTs.

    Is allowed to interact with KintoID - manage the KYC status of any user (sanction status and KYC metadata) and mint/burn KintoID NFTs.

    Smart contracts
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    Ethereum

    Central contract for the project’s configuration like its execution logic hash (wasmModuleRoot) and addresses of the other system contracts. Entry point for Proposers creating new Rollup Nodes (state commitments) and Challengers submitting fraud proofs (In the Orbit stack, these two roles are both held by the Validators).

    Contract that allows challenging state roots. Can be called through the RollupProxy by Validators or the UpgradeExecutor.

    Escrow contract for the project’s gas token (can be different from ETH). Keeps a list of allowed Inboxes and Outboxes for canonical bridge messaging. This contract stores the following tokens: ETH.

    Implementation used in:

    A sequencer (registered in this contract) can submit transaction batches or commitments here.

    • Central contract defining the access control permissions for upgrading the system contract implementations.
    • Can act on behalf of ProxyAdmin.
    • Can be used to interact with RollupProxy - Pause and unpause and set important roles and parameters in the system contracts: Can delegate Sequencer management to a BatchPosterManager address, manage data availability, DACs and the fastConfirmer role, set the Sequencer-only window, introduce an allowList to the bridge and whitelist Inboxes/Outboxes.
    • Can be used to upgrade implementation of RollupProxy.

    Implementation used in:

    Facilitates L2 to L1 contract calls: Messages initiated from L2 (for example withdrawal messages) eventually resolve in execution on L1.

    Implementation used in:

    Escrows deposited ERC-20 assets for the canonical Bridge. Upon depositing, a generic token representation will be minted at the destination. Withdrawals are initiated by the Outbox contract.

    Implementation used in:

    Facilitates sending L1 to L2 messages like depositing ETH, but does not escrow funds.

    This routing contract maps tokens to the correct escrow (gateway) to be then bridged with canonical messaging.

    Implementation used in:

    Bridger gateway that can swap assets to ‘L2 final assets’ defined by the admin before bridging them to the L2. It does not have a function to bridge via the canonical bridge and uses the external socket bridge by default.

    Can be upgraded by:
    ValidatorUtils 0x2b0E…66aF

    This contract implements view only utilities for validators.

    Proxy used in:

    OneStepProver0 0x2C1e…3C59

    One of the modular contracts used for the last step of a fraud proof, which is simulated inside a WASM virtual machine.

    Helper contract sending configuration data over the bridge during the systems initialization.

    Implementation used in:

    OneStepProverHostIo 0x551E…93b7

    One of the modular contracts used for the last step of a fraud proof, which is simulated inside a WASM virtual machine.

    ProxyAdmin 0x74C7…00df

    Can be used to upgrade implementation of RollupEventInbox, UpgradeExecutor, ChallengeManager, Outbox, ERC20Gateway, Bridge, Inbox, GatewayRouter, SequencerInbox.

    OneStepProverMemory 0x778c…40A6

    One of the modular contracts used for the last step of a fraud proof, which is simulated inside a WASM virtual machine.

    OneStepProverMath 0xacED…d38e

    One of the modular contracts used for the last step of a fraud proof, which is simulated inside a WASM virtual machine.

    OneStepProofEntry 0xEd69…40d1

    One of the modular contracts used for the last step of a fraud proof, which is simulated inside a WASM virtual machine.

    Kinto

    Central system contract defining addresses that are allowed to be called by EOAs. The modified Kinto node reads this configuration and drops all other transactions from EOAs (enforced by a modified state transition function). As a result, users can only transact using a canonical smart wallet.

    • Deploys new KintoWallet smartwallets for users upon passing KYC checks. Also manages the beacon implementation for all KintoWallets and their recovery logic. KintoWallets can be funded with ETH via this contract.
    • Can be used to upgrade implementation of Kinto Multisig 2.

    Manages Kinto’s KYC system: The KYC_PROVIDER roles responsible for managing the KYC status and KYC metadata of user wallets. Each KintoWallet checks the KYC status of its user in this contract as part of the signature check.

    AccessManager 0xacC0…4739
    • Standard OpenZeppelin AccessManager contract: Serves as a proxy contract defining the roles, permissions and delays to call functions in target contracts.
    • Can be used to interact with KintoAppRegistry - manage addresses that are callable by EOAs and other white-/blacklists that are enforced globally on the Kinto L2.
    • Can be used to interact with KintoWalletFactory - update the central KintoWallet implementation of all users on Kinto L2 and approve specific wallets for recovery via the turnkey recoverer.
    • Can be used to interact with KintoID - manage the KYC status of any user (sanction status and KYC metadata) and mint/burn KintoID NFTs.
    • Can be used to interact with KintoID - permissioned to call confirmSanction(), which makes a temporary sanction by a KYC_PROVIDER permanent and does not grant an exit window to the affected wallet.
    • Can be used to interact with KintoID - transfer KYC NFTs to a different address.
    • Can be used to upgrade implementation of KintoAppRegistry, KintoWalletFactory, KintoID.

    Central contract for bridging via the external socket bridge.

    EntryPoint 0x2843…70cb

    Used as entrypoint to transact using smartwallets and UserOps.

    BeaconKintoWallet 0x87f0…0828

    Beacon proxy for the KintoWallet smartwallet implementation that is used for all users.

    Value Secured is calculated based on these smart contracts and tokens:

    Contract managing Inboxes and Outboxes. It escrows ETH sent to L2.

    Can be upgraded by:

    Implementation used in:

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).