Running EVM inside SGX

I have heard from two different people working on Flashbots ( that they have been able to run EVM inside SGX for over a year now.

For those of you who do not know Flashbots, they work on the Miner (Maximum) Extractable Value problem. Miner Extractable Value means that validators / miners who create blocks can sequence transactions at their benefits (front-run TXs etc.).

Running an EVM inside an SGX sounds like it would be a huge improvement for Secret Network, as it would potentially allow Ethereum / EVM applications to be deployed to Secret Network. This can be a huge growth lever for the network.

@assafmo @Cashmaney this may be something interesting to validate / look into

Hey Can,

Hope you have been keeping well. Flashbots announced their roadmap going forward yesterday (The Future of MEV is SUAVE | Flashbots) which makes clear mention of SGX, although they do not plan to have it used for generalised smart contracts.

Obviously, Oasis is also planning to do the same with their Cipher Paratime as well.

I guess it always comes down to a matter of resourcing, but I wonder if this would become easier for us by being able to leverage the Ethermint module.

I guess there’s also a question of whether it makes sense to try to pack in EVM into the existing Secret Network chain and risk issues stemming from having both in one.

Kava is running their EVM chain separately from their main chain.

@cankisagun, I wonder if you have read the SCRT 2.0 proposal. It makes me wonder if it would be more practical to have a private EVM chain as one of the first consumer chains that leverage Interchain Security with SCRT. We would also be able to use SCRT entirely on that chain for gas so would accrue entirely to us.


A privacy EVM consumer chain on SCRT2.0 actually seems ideal to me.

Better scale, focus, and a spotlight chain for the constellation.

1 Like

I believe it’s important to focus on adoption and build a robust application ecosystem. As users have more options to interact with the chain, the more gas they spend and the more value the base layer provides. Some chains like Optimism treat fees as base layer revenue - this is an easy metric to communicate for value creation.

If an EVM based privacy chain is going to bring a more robust dApp ecosystem, then this is an effort I would prioritize. The growth of the dApp ecosystems on Layer 2s and EVM based scaling options (BSC, AVAX, MATIC etc.) is an obvious case-study. However, I don’t know how easy it would be to deploy an existing EVM contract Secret EVM (if it existed) given the privacy properties. I remember that we couldn’t just deploy the TerraSwap code and run that as SecretSwap given the private nature of the smart contract. It would be more appropriate for someone more qualified on this to map the developer journey to deploy an EVM based contract on a possible Secret EVM chain.

I like the idea of interchain security and how it allows for the base layer to rent out it and monetize it’s security. It’s a win win for both chains. There are advantages to building a permissioned application chain like Osmosis. Allowing teams to fully focus on building, rather than building a validator ecosystem is valuable. I would love to see the ecosystem get to a point where there are tens of dApps running on secret network or on dapp chains that leverage secret network security via interchain security

@tor on a different note, the flashbot roadmap is articulated extremely beautifully. It’s an elegant piece of value-oriented communication. Take a look, it may be helpful

1 Like


Its a cool idea for which various versions have been discussed.

The most easily obtainable is running an ICS chain with public EVM that is tightly integrated with Privacy as a service feautures.

Another option would be enabling EVM on secret itself as well, this is something that was ralked about but i have no clue how hard the lift would be. Same counts for running a private evm ICS chain as it would be similar.

Evmos code has made a lot of these things easier but i wonder how much easier. Metamask is already integrated for Secret so that is cool at least (just need them to actually add the network as well).

I think the issue with a public EVM chain using PaaS would be that while you reduce the dev lift to deploy code, it won’t be able to cover all bases - so I wouldn’t really call it generalised for privacy smart contracts.

seems like they call this sapphire paratime and have some guides to port regular EVM contracts into confidential EVM contracts. As I suspected, it takes some effort to ensure the contract logic doesn’t leak info.

@ertemann what you mention as running an ICS based public EVM that leverages Secret validators would be very cool for the Cosmos ecosystem. This would likely to require close interaction with devs who want to use secret network as a privacy layer for their dApps. It seems like such devs would need to have a significant reason to deploy at a Secret EVM ICS rather than Evmos - either their dApp really needs privacy (like a game) or they have some financial incentive. I also like this model because there’s a direct feedback into SCRT.

What I like about the Oasis approach is that they try to target already existing Ethereum devs/dApps to offload certain functions that would require privacy to their confidential contract layer. I don’t know whether there’s a lot of demand for this from existing dApps, but it seems like a larger market to target all else equal. I don’t fully understand how this model captures value for their token.

I feel the goal here is to grow the dApp ecosystem on Secret and make Secret a more attractive place for developers. Maybe the bizdev committee can talk to devs to understand which effort would create the highest value and therefore attract more developers.

For example;

  • would an existing dApp deployed on Ethereum consider using private votes or do they mostly not care about it?
  • Is it better to target people who haven’t deployed their apps yet (xSwap with private governance), rather than trying to add a privacy feature for the next version of the app (uniswap v4 with private governance)? What would each effort take…
  • what are some high impact contracts besides governance where privacy is helpful? dApps that require margin calls can be an interesting area b/c once you know the liquidation price of different assets, then you can try to manipulate the market - especially if the prices are coming from an oracle, to close certain positions etc.
  • how much work would these developers be ok with putting in, in order to have certain functions run privately (i.e. governance)?
  • is there a way to streamline this?

Happy to help if anyone needs thinking through this process

Thanks to @Avret there is actually an application called Snakepath that can do this trustlessly on Secret network. It is deployed on testnet currently but could be deployed on mainnet if the right application comes along.

I think launching a public chain with Cosmwasm/EVM makes sense and is still being considered (if the right team comes along). I think making this both Cosmwasm and EVM instead of 2 separate ICS chains would be really cool.