L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!

Avalanche Bridge logoAvalanche Bridge




Avalanche Bridge is an externally validated bridge. It uses a set of Wardens using secure SGX Enclave to sign transfers. On Ethereum side it uses periodically rotated EOA address for an Escrow. In the announcement, 3 out of 4 Warden signatures are required, however the exact number is impossible to verify for an external observer.

If you find something wrong on this page you can submit an issue or edit the information.

Risk summary

Note: This project's overview requires more research and might not present accurate information. If you want to contribute you can edit the information on Github. Alternatively you contact the project team on Twitter and encourage them to contribute a PR.


Principle of operation

Avalanche Bridge is a Token Bridge that locks tokens in the escrow account and mints tokens on Avalanche network. When bridging back to Ethereum tokens are burned on Avalanche and transferred back to the receiver on Ethereum.

Transfers are externally verified

Note: This section requires more research and might not present accurate information.

Outgoing transfers on Ethereum side are being watched by external entity which informs Avalanche side of the bridge about incoming transfer. The mechanism in other direction works very similar, users can burn tokens signaling external entity intention to transfer, which later informs Ethereum Bridge Wardens about incoming transfer.

  • Funds can be stolen if wardens decide to maliciously takeover them or there is an external exploit which will result in signing malicious transaction (CRITICAL).

  • Users can be censored if wardens decide to censor certain transactions (CRITICAL).

  • Funds can be lost if wardens loose the private key (CRITICAL).

  • Funds can be frozen if wardens decide to stop processing transfers (CRITICAL).

Destination tokens are wrapped

Note: This section requires more research and might not present accurate information.

Tokens transferred end up as wrapped ERC20 proxies. The contract is named BridgeToken.

Permissioned Addresses

The system uses the following set of permissioned addresses:

Bridge Wardens 0x8EB8…ab28

Off-chain Multisig 6/8 using Intel SGX, which controls all the funds deposited to the bridge. There is no possibility to verify whether Intel SGX technology is being used.