Scaling
Bridges
SummaryValue LockedRisk summaryTechnologyPermissionsSmart contractsKnowledge Nuggets

L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!

Aptos (LayerZero) logoAptos (LayerZero)

Aptos Bridge is built on top of LayerZero protocol and is a token bridge for transferring assets from Ethereum to Aptos. It leverages an oracle and relayer for cross-chain security for the protocol.
  • Total value locked
    $17.31 M5.42%
  • Destination
    Aptos
  • Validated by
    Third Party
  • Type
    Token Bridge
    • Value Locked

    ...

    Risk summary
    This project includes unverified contracts. (CRITICAL)

    Funds can be stolen if

    1. oracles and relayers collude to submit fraudulent block hash and relay fraudulent transfer (CRITICAL),
    2. token bridge owner (currently EOA) enables emergency withdrawal and users do not exit with their funds within a week (CRITICAL),
    3. token bridge owner (currently EOA) sets WETH contract address to a malicious contract that will allow the owner to steal user's ETH (CRITICAL),
    4. a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL),
    5. the source code of unverified contracts contains malicious code (CRITICAL).

    Users can be censored if

    1. oracles or relayers fail to facilitate the transfer (CRITICAL).
    Note: This project's overview requires more research and might not present accurate information. If you want to contribute you can edit the information on Github. Alternatively you contact the project team on Twitter and encourage them to contribute a PR.
    Technology

    Principle of operation

    Aptos Bridge is a Token Bridge. It locks tokens in Ethereum escrow and mints tokens on Aptos.

    Oracles and Relayers

    Note: This section requires more research and might not present accurate information.

    Aptos Bridge is built on top of LayerZero protocol. LayerZero relies on Oracles to periodically submit source chain block hashes to the destination chain. Once block hash is submitted, Relayers can provide the merkle proof for the transfers. Token Bridge owner can withdraw all funds from the bridge escrow after placing the bridge in an emergency withdrawal mode that will allow them to transfer all tokens out after 1 week delay.

    • Users can be censored if oracles or relayers fail to facilitate the transfer (CRITICAL).

    • Funds can be stolen if oracles and relayers collude to submit fraudulent block hash and relay fraudulent transfer (CRITICAL).

    • Funds can be stolen if token bridge owner (currently EOA) enables emergency withdrawal and users do not exit with their funds within a week (CRITICAL).

    • Funds can be stolen if token bridge owner (currently EOA) sets WETH contract address to a malicious contract that will allow the owner to steal user's ETH (CRITICAL).

    Permissions

    The system uses the following set of permissioned addresses:

    Aptos Multisig 0x65bb…9705

    Bridge owner, can setup tokens, fees, WETH token address (potentially malicious). Can withdraw all the funds from the Escrow after unlocking emergency withdrawal with 1 week delay. This is a Gnosis Safe with 3 / 6 threshold.

    Aptos Multisig participants 0x2E10…d4370x565c…B0700x1D7C…e28d0x79e2…85230xF05F…3aA40xf02C…b0f0

    Those are the participants of the Aptos Multisig.

    LayerZero Relayer 0x902F…089E

    Contract authorized to relay messages and - as a result - withdraw funds from the bridge.

    LayerZero Relayer Admin owner 0x76F6…d6e5

    Can upgrade LayerZero relayer contract with no delay.

    LayerZero Oracle Admin owner 0x7B80…e6c8

    Can upgrade LayerZero oracle contract with no delay.

    LayerZero Multisig 0xCDa8…4C92

    The owner of Endpoint, UltraLightNode and Treasury contracts. Can switch to a new UltraLightNode for an Endpoint. Can switch proof library for an UltraLightNode and change Treasury. This is a Gnosis Safe with 2 / 5 threshold.

    LayerZero Multisig participants 0x9F40…F3270xe095…D6870xBb66…19360x73E9…0e1e0x67FC…d5aD

    Those are the participants of the LayerZero Multisig.

    Smart contracts
    Note: This section requires more research and might not present accurate information.

    The system consists of the following smart contracts:

    TokenBridge 0x5000…d907

    Aptos Token Bridge. This contract stores the following tokens: USDC, USDT, WETH.

    LayerZero Relayer 0x902F…089EImplementation (Upgradable)Admin

    The source code of some implementations is not verified on Etherscan.

    LayerZero Oracle 0x5a54…10B2Implementation (Upgradable)Admin

    The source code of some implementations is not verified on Etherscan.

    Endpoint 0x66A7…d675

    LayerZero Ethereum Endpoint.

    UltraLightNodeV2 0x4D73…78E2

    LayerZero UltraLight Node V2. Used by oracles to checkpoint source chain block hashes.

    TreasuryV2 0x3773…e34d

    LayerZero Treasury.

    LayerZero Proof Library 0x0724…df89

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

    • Funds can be stolen if the source code of unverified contracts contains malicious code (CRITICAL).

    Knowledge Nuggets

    Security models: isolated vs shared

    Learn more

    If you find something wrong on this page you can submit an issue or edit the information