Stylus maturity assessment
A reference summary of Arbitrum Stylus as used by the PQ smart-account stack: what works well, what is rough, and what mitigations are in place.
What Stylus is
Arbitrum Stylus is a WASM-based execution layer that runs alongside the EVM on Arbitrum. A Stylus contract is a Rust crate compiled to wasm32-unknown-unknown and deployed under a regular contract address. From Solidity it looks like any other contract — call it with standard ABI encoding, get standard returns.
For on-chain ML-DSA verification, Stylus is the only economically viable platform today (~374K gas versus millions in pure EVM).
What works well
| Area | Detail |
|---|---|
| Native Rust crypto | The ml-dsa crate (RustCrypto) is used directly — no bindings, no translation layer |
| EVM interop | Solidity calls Stylus and Stylus calls Solidity via standard ABI |
| Cost | WASM execution is 10–100× cheaper than equivalent EVM for crypto-heavy workloads |
| Production status | Live on Arbitrum One since September 2024; part of the mainline Nitro stack |
Known issues
Pre-1.0 SDK
stylus-sdk-rs is pre-1.0. Two known issues affect common usage patterns:
- Testing framework segfaults with mappings (stylus-sdk-rs#261). The verifier is stateless by design, so mappings are not used — this issue does not apply here.
- Cross-contract return data loss (Nitro #4114). Affects scenarios where a Stylus contract initiates external calls and consumes return values. The Solidity → Stylus call direction is unaffected; the verifier does not initiate external calls.
The August 2024 OpenZeppelin audit of the Stylus SDK surfaced 2 Critical and 2 High findings, all addressed by the maintainers.
Contract auto-deactivation
Stylus contracts auto-deactivate after 365 days or on ArbOS upgrades. A deactivated contract requires reactivation or redeployment before it can be called again. No built-in monitoring or automatic reactivation exists.
Mitigation: scheduled reactivation tracked as a calendar task.
Size limits
| Metric | Value |
|---|---|
| Compressed size limit | 24 KB |
| Verifier gzipped size | ~7.8 KB |
| Raw headroom | ~3.3 KB |
Adding multi-level ML-DSA support, batch verification, or a second implementation for cross-checking would require monitoring the size budget.
Tracing gaps
cast run cannot trace Stylus transactions and returns OpcodeNotFound. For on-chain simulation use cast call; for EVM-side flows use forge test --fork-url.
Bundler simulation under ERC-7562
ERC-4337 bundlers enforce ERC-7562 storage access rules during simulation. The validator module accesses a per-account public key in storage — compatible with the standard rules, but bundlers may impose stricter heuristics. Validated against Alto; Pimlico hosted and other production bundlers are on the integration roadmap.
Mitigations applied
- Stateless verifier. Reduces exposure to cross-runtime storage bugs; keeps the contract a pure function.
- Pinned crate versions.
ml-dsaandstylus-sdkare pinned; upgrades require re-running ACVP vectors and the bundler compatibility suite. - Solidity module owns storage. Public keys live in the Solidity module's mapping. If a storage-related SDK issue surfaces, it does not reach key material.
- Cross-implementation tests. A test in the verifier suite uses
@noble/post-quantum(TypeScript) to sign and the Stylus verifier to verify. If either side drifts, the test fails before deploy. - Calendar discipline for reactivation. Until tooling exists, the 365-day lifecycle is a tracked operational task.
What this means for adoption
Stylus is mature enough to run a production cryptographic verifier. It is not mature enough to ignore the SDK changelog or skip the reactivation calendar. Build on Stylus, but plan for both.
Related
- Stylus ML-DSA-65 verifier — the verifier implementation
- ML-DSA library comparison — crate selection rationale
- Production limitations — full list of outstanding items before mainnet