Aptos (LayerZero)
About
Aptos Bridge is built on top of LayerZero protocol and is a token bridge for transferring assets from Ethereum to Aptos. It leverages an oracle and relayer for cross-chain security for the protocol.
About
Aptos Bridge is built on top of LayerZero protocol and is a token bridge for transferring assets from Ethereum to Aptos. It leverages an oracle and relayer for cross-chain security for the protocol.
2024 May 06 — 2025 May 06
Funds can be stolen if
- oracles and relayers collude to submit fraudulent block hash and relay fraudulent transfer ,
- token bridge owner (currently EOA) enables emergency withdrawal and users do not exit with their funds within a week,
- token bridge owner (currently EOA) sets WETH contract address to a malicious contract that will allow the owner to steal user's ETH,
- a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL),
- the source code of unverified contracts contains malicious code (CRITICAL).
Users can be censored if
Oracles and Relayers
Aptos Bridge is built on top of LayerZero protocol. LayerZero relies on Oracles to periodically submit source chain block hashes to the destination chain. Once block hash is submitted, Relayers can provide the merkle proof for the transfers. Token Bridge owner can withdraw all funds from the bridge escrow after placing the bridge in an emergency withdrawal mode that will allow them to transfer all tokens out after 1 week delay.
Users can be censored if oracles or relayers fail to facilitate the transfer.
Funds can be stolen if oracles and relayers collude to submit fraudulent block hash and relay fraudulent transfer .
Funds can be stolen if token bridge owner (currently EOA) enables emergency withdrawal and users do not exit with their funds within a week.
Funds can be stolen if token bridge owner (currently EOA) sets WETH contract address to a malicious contract that will allow the owner to steal user's ETH.
Ethereum
Actors:
A Multisig with 3/6 threshold. Bridge owner, can setup tokens, fees, WETH token address (potentially malicious). Can withdraw all the funds from the Escrow after unlocking emergency withdrawal with 1 week delay.
Used in:
Contract authorized to relay messages and - as a result - withdraw funds from the bridge.
Used in:
Can upgrade LayerZero relayer contract with no delay.
Used in:
Can upgrade LayerZero oracle contract with no delay.
Used in:
A Multisig with 3/5 threshold. The owner of Endpoint, UltraLightNode and Treasury contracts. Can switch to a new UltraLightNode for an Endpoint. Can switch proof library for an UltraLightNode and change Treasury.
Used in:
Ethereum
Aptos Token Bridge. This contract stores the following tokens: USDC, USDT, WETH.
The source code of this contract is not verified on Etherscan.
Proxy used in:
The source code of this contract is not verified on Etherscan.
Proxy used in:
Proxy used in:
Proxy used in:
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
Funds can be stolen if the source code of unverified contracts contains malicious code (CRITICAL).