SummaryChartDescriptionRisk summaryTechnologyPermissionsSmart contracts

L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!

deBridge logodeBridge

  • Total value locked
    $243 K2.31%
  • Destination
    Various
  • Validated by
    Third Party
  • Type
    Token Bridge

    • Chart

    ...

    Tokens

    Choose token

    Bridged Tokens (Top 15)
    USD Coin (USDC)
    Wrapped Ether (WETH)
    Ether (ETH)
    Tether USD (USDT)
    Frax (FRAX)
    Wrapped BTC (WBTC)
    Matic Token (MATIC)
    Dai Stablecoin (DAI)
    Rai Reflex Index (RAI)

    Description

    deBridge is an interoperability layer that enables messaging between various blockchains. For the typical token transfer, “deToken” is minted on the destination chain.

    If you find something wrong on this page you can submit an issue or edit the information.

    Risk summary

    Funds can be stolen if

    1. destination token contract is maliciously upgraded or not securely implemented (CRITICAL),
    2. a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

    Users can be censored if

    1. nodes decide not to transfer tokens after observing an event on the supported chain (CRITICAL).

    Technology

    Principle of operation

    deBridge leverages cross-chain messaging to transfer tokens from Ethereum to other chains and vice-versa. The validation of cross-chain transactions is performed by a network of oracles signing the transaction, which would be later evaluated by the smart contract.

    Transfers are externally verified

    External validators observe events on deBridge supported chains and transfer signed messages to other chains. Message is considered valid when it contains at least minimum amount of signature, currently set to 8.

    • Users can be censored if nodes decide not to transfer tokens after observing an event on the supported chain (CRITICAL).

    Destination tokens

    Tokens transferred end up a their wrapped representation (deTokens).

    • Funds can be stolen if destination token contract is maliciously upgraded or not securely implemented (CRITICAL).

    Permissions

    The system uses the following set of permissioned addresses:

    Admin Multisig 0x6bec…92D5

    Admin for all upgradable proxy smart contracts. It can change the implementations of all proxies through the ProxyAdmin contract. This is a Gnosis Safe with 5 / 8 threshold.

    Admin Multisig participants 0xbA7c…09B50xC351…8c2D0xD4Aa…dA2C0x874B…c6E10xE966…56B70x6f57…2FBD0xd725…e5440x24C0…7c96

    Those are the participants of the Admin Multisig.

    Oracles 0x4bC1…75260x1c07…f2050x573F…9ff50x59CE…42140xbCF5…D4DC0xf27A…3fe80x6436…A4260x874f…240E0xDD52…23e00x83f8…42bF0x4CA2…677D0xebec…3c54

    Accounts permitted to sign the message coming from other chain. Currently at least 8 of them are need to sign the message.

    Smart contracts

    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    The system consists of the following smart contracts:

    DeBridgeGate 0x43dE…98aAImplementation (Upgradable)Admin

    The main point of cross-chain interactions, this contract allows user to send message to other chain and claim funds when bridging back to Ethereum. This contract stores the following tokens: USDC, WETH, FRAX, ETH, USDT, WBTC, DAI, MATIC, RAI.

    SignatureVerifier 0x949b…8A8cImplementation (Upgradable)Admin

    Contract responsible for checking off-chain signatures performed by the oracles, currently there are needed at least 8 confirmations.

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).