Scaling
Bridges
Gitcoin Grants 20!Donate here
SummaryValue LockedMilestonesRisk summaryTechnologyPermissionsSmart contracts

L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!

Connext logoConnext

Connext is a multilayered system that aggregates various native AMBs in an Hub-and-Spoke architecture with Ethereum being the Hub receiving messages from other domains. It implements a liquidity network on top of its Hub-and-Spoke architecture.
  • Total value locked
    $827.78 M12.40%
  • Destination
    Various
  • Validated by
    Various AMBs
  • Type
    Liquidity Network
    • Value Locked

    ...

    Milestones

    Bacco Upgrade

    2023 Dec 7th

    Learn more

    Connext Amarok mainnet deployment

    2023 Feb 2nd

    Connext Amarok mainnet deployment.

    Learn more

    Connext Amarok announced

    2022 May 11th

    The new, modular architecture for Connext Amarok has been announced.

    Learn more
    Risk summary

    Funds can be stolen if

    1. native AMBs that Connext uses allow for passing forged messages and this is not caught by Watchers,
    2. connectors to optimistic rollups (Optimism, Arbitrum) receive a fraudulent message within 7-day fraud-proof window (CRITICAL),
    3. a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

    Users can be censored if

    1. watchers disconnect certain connectors or pause the whole bridge for no reason.
    Technology

    Principle of operation

    The bridge can operate in one of two modes, Optimistic or Slow. They differ in how the messages are sent between chains. In Optimistic Mode the messages are sent through the Connext Sequencer. In this mode the Connext sequencer or any permissioned actor periodically submits an aggregate root. This triggers a 120 blocks window where any watcher can turn the system back into Slow Mode thus invalidating the proposed root. Only the owner can set the system back into Optimistic Mode. In Slow Mode messages from various domains are aggregated into one message root and are periodically sent to Ethereum using native AMBs. Note that for Optimistic Rollups (Arbitrum, Optimism) the AMB is only used as a transport layer, but 7-day delay is being ignored. Upon being delivered to Ethereum these message roots are subsequently aggregated again into a root-of-root of messages before being delivered to their destination domains. Each message can be optimistically fast-forwarded by a network of Routers that will front liquidity (if the message is a token transfer) or post a bond (if the message is a xChain call). Upon receiving the message root via native AMBs Connext bridge will reconciles messages and return bond to the Routers. There is a configurable delay programmed into the RootManager contract and the SpokeConnectors receiving messages. During the delay period a whitelisted set of Watchers can pause the bridge if the fraudulent message passed via AMB is detected.

    Validation via Native AMBs

    Messages on the source chain are send perdiodically to the Ethereum chain via native AMB. Once they arrive on Etherum, they can be send from Ethereum, again via native AMB, to the destination chain. Token transfers can be fronted by Routers providing liquidity. Similarly arbitrary messages can be sped up. Watchers provide additional protection in case native AMB gets compromised and forges the message. For optimistic rollups (Optimism, Arbitrum) their native AMB is used but 7-day dispute window is ignored. For BSC (Binance Chain) MultiChain AMB is used.

    • Users can be censored if watchers disconnect certain connectors or pause the whole bridge for no reason.

    • Funds can be stolen if native AMBs that Connext uses allow for passing forged messages and this is not caught by Watchers.

    • Funds can be stolen if connectors to optimistic rollups (Optimism, Arbitrum) receive a fraudulent message within 7-day fraud-proof window (CRITICAL).

    Permissions

    The system uses the following set of permissioned addresses:

    Connext Multisig 0x4d50…6625

    Owner of the main Connext Bridge Diamond Proxy. Can upgrade the functionality of any system component with no delay. Maintains the list of Watchers. This is a Gnosis Safe with 8 / 12 threshold.

    Connext Fee Multisig 0x7bE9…2b6A

    Collects fees from the bridge. Can manage Routers through its RouterAdmin role. This is a Gnosis Safe with 1 / 5 threshold.

    Connext Fee Multisig participants 0x9b90…8C3f0xade0…181e0x7fB1…23150xb71C…e9360xD7a8…130b

    Those are the participants of the Connext Fee Multisig.

    Watchers 0x56dD…8f4d0x151E…56b0

    Permissioned set of actors who can pause certain bridge components. On Ethereum L1 Watchers can pause RootManager and MainnetSpokeConnector, i.e. modules receiving messages. They can also remove connector from the RootManager. List of watchers is maintained by the Connext MultiSig.

    Sequencers 0x4fFA…82E7

    Permissioned set of actors that sequence routers request to forward liquidity.

    Smart contracts

    The system consists of the following smart contracts:

    ConnextBridge 0x8898…63C6

    The main Connext contract. Following Diamond design pattern, it contains multiple Facets that implement various parts of the bridge functionality. This contract stores the following tokens: USDC, WETH, USDT, DAI, Metis, alUSD.

    RootManager 0x523A…9B3A

    Contract responsible for maintaining list of domains and building root-of-roots of messages. It keeps tracks of all hub connectors that connect to specific domain.

    WatcherManager 0x79e6…417d

    Contract maintaining a list of Watchers able to stop the bridge if fraud is detected.

    MainnetSpokeConnector 0x02fd…a1Cc

    Contract that receives messages from other Domains on Ethereum.

    PolygonHubConnector 0xE8cF…d116

    Contract for sending/receiving messages from mainnet to Polygon via Polygon FxChannel AMB.

    PolygonZkHubConnector 0x7ed4…26b1

    Contract for sending/receiving messages from mainnet to PolygonZKEVM via PolygonZKEVM AMB.

    GnosisHubConnector 0xF1c7…020d

    Contract for sending/receiving messages from mainnet to Gnosis via Gnosis AMB.

    OptimismHubConnector 0x5c21…bb2A

    Contract for sending/receiving messages from mainnet to Optimism via Optimism AMB transport layer. Note that it reads messages from Optimism as soon as Optimism state root is recorded on Ethereum w/out waiting for the 7-day fraud proof delay window.

    NewOptimismHubConnector 0x23b7…9a94

    Contract for sending/receiving messages from mainnet to Optimism, duplicate of OptimismHubConnector.

    MantleHubConnector 0x5B0E…1e24

    Contract for sending/receiving messages from mainnet to Mantle via Optimism AMB.

    OptimismV0HubConnector 0x9Ba7…19Fa

    Contract for sending/receiving messages from mainnet to pre-bedrock Optimism based projects via Optimism AMB.

    ArbitrumHubConnector 0x8309…Eb82

    Contract for sending/receiving messages from mainnet to Optimism via Arbitrum AMB transport layer. Note that it reads messages from Arbitrum as soon as Arbitrum state root is recorded on Ethereum w/out waiting for the 7-day fraud proof delay window.

    WormholeHubConnector 0xae6B…99DA

    Contract for sending/receiving messages using Wormhole.

    NewWormholeHubConnector 0xf5a3…626b

    Contract for sending/receiving messages using Wormhole, duplicate of WormholeHubConnector.

    LineaHubConnector 0x56Ab…6255

    Contract for sending/receiving messages from mainnet to Linea via Linea AMB.

    ModeHubConnector 0x7b2b…663E

    Contract for sending/receiving messages from mainnet to Mode Network via Optimism AMB.

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).