Avalanche Bridge is an externally validated bridge. It uses a set of Wardens using secure SGX Enclave to sign transfers. On Ethereum side it uses periodically rotated EOA address for an Escrow. In the announcement, 3 out of 4 Warden signatures are required, however the exact number is impossible to verify for an external observer.
Funds can be stolen if
Funds can be lost if
Funds can be frozen if
Users can be censored if
Avalanche Bridge is a Token Bridge that locks tokens in the escrow account and mints tokens on Avalanche network. When bridging back to Ethereum tokens are burned on Avalanche and transferred back to the receiver on Ethereum.
Outgoing transfers on Ethereum side are being watched by external entity which informs Avalanche side of the bridge about incoming transfer. The mechanism in other direction works very similar, users can burn tokens signaling external entity intention to transfer, which later informs Ethereum Bridge Wardens about incoming transfer.
Funds can be stolen if wardens decide to maliciously takeover them or there is an external exploit which will result in signing malicious transaction (CRITICAL).
Users can be censored if wardens decide to censor certain transactions (CRITICAL).
Funds can be lost if wardens loose the private key (CRITICAL).
Funds can be frozen if wardens decide to stop processing transfers (CRITICAL).
Tokens transferred end up as wrapped ERC20 proxies. The contract is named BridgeToken.