How Does Paradex Work?

Stwo prover (Circle STARKs, M31 field) — first production deployment of Stwo

Paradex migrated from Stone prover to Stwo prover in November/December 2025, the first production deployment of Stwo's Circle STARK proof system using the M31 field. Stwo reduces proof generation from minutes to seconds. The novel cryptographic primitives (M31 field arithmetic) have no prior production track record — regression testing and formal verification are critical.

Encrypted state diffs on Ethereum EIP-4844 blobs with 3/3 Privacy Council decryption

Paradex posts encrypted state differences to Ethereum as blobs but requires all three Privacy Council members to provide decryption keys for the state to be reconstructable. No other major perp DEX uses this DA model. L2Beat rates this 'Bad': a small set of entities can collude with the proposer to finalize an unavailable state, causing fund loss.

Cross-margin, isolated-margin, and portfolio-margin (SCAN) perpetuals on 85+ pairs

Standard perpetual futures with funding rates. Cross-margin shares USDC collateral across all positions. Portfolio Margin (beta) uses SPAN/SCAN risk scenario methodology to reduce margin requirements. Only USDC accepted as collateral.

Off-chain matching engine + on-chain Paraclear settlement contract

Standard hybrid architecture: order book and matching run off-chain, final settlement occurs on-chain in the Paraclear contract. The executor role submits matched trade settlements; off-chain signature validation is in the process of migrating to SNIP-12 on-chain validation as of the May 2025 audit.

Single executor submitting EWMA mark prices for all liquidation and settlement calculations

Paradex's Oracle contract accepts price submissions from a single authorized executor. The May 2025 audit found a Critical oracle re-initialization vulnerability (fixed). The team acknowledged oracle centralization risk and described a 'long migration plan' to decentralize price feeds — as of the audit, no timeline was committed.

USDC insurance fund (~$4.1M) with socialized loss backstop

Insurance fund absorbs liquidation shortfalls before losses are socialized to profitable traders. No ADL (auto-deleveraging) — uses socialized loss model. Current insurance fund is $4.1M against $39.5M TVL and $32.3M open interest.

DIME native AppChain token (governance + fee utility)

DIME is the Paradex Chain native token. Launched early 2026, $4.7M market cap, 22.2% circulating. ATH $0.0722 (March 2026), current $0.0211 — down 71% from ATH. 77.8% of supply not yet circulating. Multisig governance with no upgrade delays on core contracts.

If the Privacy Council (3/3 threshold) and centralized sequencer collude or simultaneously fail, the L2 state becomes unrecoverable and all user USDC in the Paraclear contract can be permanently frozen. L2Beat explicitly rates this risk 'Bad' — there is no user-accessible exit mechanism that doesn't depend on the Privacy Council providing decryption keys.

Two multisigs controlling Paradex can upgrade the Paraclear contract (which holds all user USDC) with zero timelock. A compromised or malicious multisig key holder could upgrade the contract to drain funds before users can exit. The 3/6 threshold means 3 of 6 signers are sufficient — a targeted attack on 3 known multisig members.

The centralized executor submits mark prices used for all liquidation decisions across all 85+ markets. A malicious or compromised executor could submit manipulated prices triggering incorrect liquidations or preventing necessary liquidations, creating or hiding bad debt. The May 2025 audit found a Critical oracle re-initialization vulnerability that could have allowed arbitrary price manipulation.

Stwo's Circle STARK proof system using the M31 field is in its first-ever production deployment. If a proof validity bug exists in the new prover, invalid state transitions could be finalized on Ethereum L1, allowing incorrect settlement of trades, manipulation of position values, or fraudulent fund extraction without the attack being detectable by the L1 verifier.

The $4.1M insurance fund covers 10.4% of $39.5M TVL. A synchronized large-position liquidation event (e.g., major market shock causing multi-position insolvency) could exhaust the fund and trigger socialized losses across all profitable traders — a risk mechanism that can cause unexpected loss for uninvolved market participants.