By Alaukik Pant, Lead Product Engineer at GRVT

Original article published at: https://lowkeyanp.substack.com/p/the-speed-of-wall-street-the-trust

When we started building GRVT, we asked a simple but important question:

“What would it take for an exchange to offer the performance of a centralized platform like Binance, while ensuring that users never have to give up control of their keys?”

At the time, in 2022, FTX and Celsius proved that “proof-of-assets” is not enough when a CEX operator can still misuse funds. What if the exchange operator could not steal funds even if they wanted to? GRVT makes that “what if” real. By fusing CEX-class performance with zero-knowledge Validium, we strike out the oldest compromise in crypto, speed vs. self-custody. Trad-fi levels of throughput, private order flow, proofs pinned to Ethereum: it’s the first trading venue where you keep control, regulators get clarity, and latency stays under 5 ms. Welcome to finance that can’t be evil.

In this essay, we define what makes GRVT an exchange that can’t be evil.

Validium Execution, ZK Finality

The fundamental failure of custodial exchanges isn’t technological, it’s architectural. If users must trust an operator not to steal funds, the system has already failed. A better design is one in which theft is not just unlikely, but impossible.

Validium is a design in the ZK-rollup family that prioritizes performance and privacy by separating execution integrity from data availability. Unlike rollups, which post all transaction data on Ethereum, Validiums execute off-chain and prove correctness via zero-knowledge proofs, while keeping the data itself private and off-chain. This separation yields three key advantages: scalability, latency, and privacy.

1. Performance
On-chain data publication is expensive and slow. For high-frequency systems like exchanges, this becomes a bottleneck. Validium eliminates the need to publish every order, balance update, and position change, allowing GRVT to support 600k trades per second without incurring prohibitive gas costs or Ethereum congestion delays. Execution happens near-instantly, with settlement proofs posted periodically.

2. Privacy
All trade data - order size, price, position, timing - remains off-chain. This means strategies are not exposed to competitors, and market participants can trade without revealing position changes to a public mempool or chain history. This is especially important for institutional players executing bespoke strategies.

3. Custody Integrity
Even though data is off-chain, the validity of all transactions is enforced through zk proofs. GRVT cannot forge trades, reorder finalized history, or fabricate balances. Every state transition is validated against the smart contract logic of the GRVTExchange contract, and then finalized on Ethereum L1.

How GRVT Runs a Validium

GRVT operates its own zkSync-based AppChain, a private Validium chain deployed using the ZK Stack. The architecture works as follows:

1. Application (Execution Environment): Trades are matched and risk-evaluated in GRVT’s backend. Each accepted intent is converted into a transaction for GRVT’s private L2.
2. GRVT L2 (includes GRVTExchange Contract): A smart contract on GRVT L2 defines all valid state transitions. All transactions are deterministic and auditable. All user trades are submitted to the GRVT L2 smart contract.
3. Prover (ZK Proof Generation): This component aggregates batches of L2 transactions and generates a succinct zero-knowledge proof of their correctness.
4. Verifier and GRVT Contracts (L1 Finality): This proof is submitted to Ethereum and verified by the zkSync verifier. Once accepted, the new state is finalized. Once a batch reaches the Executed stage, the new state is considered final and cannot be reverted. For clarity, a Layer 2 batch progresses through four stages in its lifecycle:
   1. Sealed – No more transactions can be added to the batch.
   2. Committed – The batch is submitted to Ethereum L1 without a proof.
   3. Proven – A zero-knowledge proof is submitted and verified on L1.
   4. Executed – The batch is finalized and becomes immutable from this point.
      

Diagram 1: GRVT’s architecture

This stack allows GRVT to run a fast, private, and secure trading system without ever taking custody of user funds. Sequencing is modified for high-frequency trading execution, and settlement is trustless and verifiable. The operator is necessary for liveness, but not for correctness.

GRVT on the Trust Spectrum

We begin with a simple premise: trust should not be assumed but cryptographically minimized. On the classic spectrum of “don’t be evil” to “can’t be evil,” GRVT is a non-custodial exchange. It can sequence trades, but it cannot move funds. Users sign every transaction with a key they control. Execution is deterministic and enforced by smart contracts. Theft is structurally ruled out.

Diagram 2: GRVT on Vitalik’s “Don’t be evil” vs “Can’t be evil” scale

GRVT explicitly positions itself closer to the “can’t be evil” end of the trust spectrum. It’s important to recognize that many leading DEXs, particularly those utilizing off-chain orderbooks, operate under similar trust assumptions, even if not always transparently acknowledged. Take Hyperliquid, for example, which is widely regarded as a decentralized exchange, it nonetheless retains significant administrative privileges. Most notably, its bridge infrastructure for Bitcoin deposits is custodial: BTC is held by a multisig setup controlled by Hyperliquid validators.

Smart Contract Controls

The GRVTExchange smart contract defines a strict execution boundary. All funds, permissions, and trades are mediated by the contract. GRVT only sequences what users authorize. The smart contract has the following properties to ensure self-custody. Accounts support permission-based access control and multisig thresholds on-chain. Session keys allow seamless, short-term trading without compromising security, while never being visible to GRVT. Withdrawals are restricted to pre-approved L1 addresses, and account recovery is possible via designated fallback signers.

Three pillars of self-custody

Summarized differently, GRVT achieves self-custody in three ways:

1. State integrity lives in zero-knowledge proofs, not reputations.
2. Execution liveness is provided by an operator, but correctness no longer depends on that operator behaving.
3. User control flows from key ownership and recoverability paths, so even governance failures cannot confiscate funds.

When these three pillars align, an exchange stops being a bank you hope is honest, but one that can not be evil.