When building blockchain applications, security is paramount, regardless what some fools say. Thankfully, many factors of how Starknet is designed and built contribute to it being the safest blockchain out there.
As the name suggests, Starknet is using STARKs as the proving technology. STARKs are superior than SNARKs. They require no trusted setup (!) and they are post-quantum secure (!!). To be honest, I only have a vague understanding of what the latter actually means, but my takeaway from conversations with people much smarter than myself is that it doesn’t matter until it does. Either way, Starknet is prepared.
Starknet’s validity proofs actually work, unlike proofs of alternative, optimistic rollups. They’ve been in production for years, securing transactions worth of billions of dollars. Starknet is not a network built on maybes but on mathematical rigor.
STARKs guarantee the integrity of the network. Integrity - a fancy word for “not getting rekt” - is a vital feature of a secure environment. But this integrity is tangible on the social layer as well. A lot of it stems from StarkWare, the creators of Starknet. They are true to their word and when they do make a mistake, they acknowledge it, listen to feedback and correct course. Now of course there will be rugs and bad actors, since Starknet is permissionless, but most of the people you encounter are good faith actors. Starknet is attracting good people.
Even memecoins on Starknet are safer than the norm. Unruggable.meme was built by the community for the benefit of all. It offers a way how to swiftly launch a safe memecoin, preventing a pump & dump scheme.
We have superior wallets. Every wallet is a smart wallet which gives it superpowers. We have multi-factor auth out of the box. This pretty much eliminates the need for a HW wallet and you should absolutely enable it on all your accounts. Just sign your transactions with Touch ID / Face ID. For the really paranoid, there’s also a way how to use an airgapped Ledger to maximize security.
Another benefit of smart wallets is that they support multicalls. It doesn’t just make for better UX, it’s also safer. There’s no need for unlimited token approvals. If an app requires a token transfer, it will just approves the exact amount it needs to operate with for that single interaction. One whole class of attacks eliminated.
Cairo, the programming language of Starknet, is one more factor contributing to the security of the whole ecosystem. It’s strongly typed, ergonomic, non-OO (I consider that to be a safety feature). Compiler enforces view vs. state-modifying functions. There’s no low-level assembly (often a source of bugs and exploits in the EVM world) - just leave the optimizations to the compiler. Naturally, there’s powerful testing tools - from basic unit testing to fuzz and fork testing, Cairo has it all.
One more technical aspect that improves security - ETH is treated just as another ERC20 token. To a user, there’s no tangible difference. To a developer, there’s no need for
msg.valueorpayablelike there is on the EVM. This results in cleaner, less complex code and again eliminates one whole class of attack vectors.Certik, the infamous factory of security audit stamps, does NOT offer Starknet auditing services. Instead, we have top tier auditing firms (Nethermind, Trail of Bits, OpenZeppelin, Zellic, ChainSecurity just to name a few) as well as competitive audit platforms like Code4rena. You can even get your contract formally verified.
Truthfully though, not every part of the stack is good enough. Until recently, there was no way how to verify deployed contracts - now there are two. The sequencer is still centralized - but there is work being done on decentralizing the network. It’s exactly this trajectory of the ecosystem that makes me so bullish on Starknet. Onwards and upwards.