Trust model

ZUL v1 is a stage-0 rollup with a single trusted sequencer. This page states exactly what that means — what the operator can do, what they cannot do, and what is enforced by code versus by process. These are roadmap items stated openly rather than papered over.

What the sequencer can do

• Censor or reorder transactions. There is one block producer; inclusion is at its discretion.
• Post an invalid state root. Settlement is optimistic and the challenge window is procedural: all data needed to recompute the chain is public, so anyone can detect an invalid root and raise an alarm — but invalid roots are not yet rejected on-chain.

What the sequencer cannot do

• Forge ownership. Transactions require valid signatures; the SVM enforces the same authorization rules as Solana.
• See inside the shielded pool.Privacy holds against outside observers of public data — and the pool's contents (owners, amounts, the transfer graph) are not visible to the operator either. What the operator does see is what any observer sees: public edges and fee payers. See Privacy limits.
• Hide the chain. Full transaction data is posted to Solana as zstd batches; the chain can be reconstructed from L1 alone. See Data availability.

Enforced by code vs. by process

Roadmap

Planned hardening, in rough order: a relayer so shielded transfers do not need a public fee payer, fixed denominations at the pool's public edges, enforced fraud proofs for state roots, and a sequencer set. None of these change the protocol's data model — they tighten who must be trusted and for what.