Scaling
Bridges
Gitcoin Grants 20!Donate here
SummaryValue LockedRisk summaryTechnologyPermissionsSmart contracts

L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!

Immutable zkEVM logoImmutable zkEVM

Immutable zkEVM is a sidechain focused on gaming and powered by Polygon stack. It plans to eventually transition to a ZK Rollup.
  • Total value locked
    $39.92 M2.45%
  • Destination
    Immutable zkEVM
  • Validated by
    Third Party
  • Type
    Token Bridge
    • Value Locked

    ...

    Risk summary

    Funds can be stolen if

    1. validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL),
    2. validators relay a withdraw request that wasn't originated on the source chain (CRITICAL),
    3. a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

    Users can be censored if

    1. validators on Axelar decide to not mint tokens after observing an event on Ethereum (CRITICAL).
    Technology

    Principle of Operation

    Immutable zkEVM bridge makes use of Axelar network to transfer assets between Ethereum and Immutable zkEVM. A deposit starts by a user depositing tokens on the Bridge contract and then the tokens are minted on the destination chain.

    Withdrawals to Ethereum can be delayed by a predefined time with a flow rate mechanism that controls outflows of the bridge escrow. The ProxyAdmin or an address with the rate_control role can define so-called buckets for each token: Each bucket has a capacity and a refill rate. All withdrawals that exceed the tokens bucket capacity trigger the withdrawal queue, which delays subsequent withdrawals of any of the bridges’ assets for a time defined in withdrawalDelay (currently 1d).

    Validators running PoS consensus

    Messages are verified by the Validators running the Axelar network which, technically, is a Cosmos chain. As in any standard Cosmos chain, Validators are bonded by staking tokens and can be slashed for misbehavior.

    • Users can be censored if validators on Axelar decide to not mint tokens after observing an event on Ethereum (CRITICAL).

    • Funds can be stolen if validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).

    • Funds can be stolen if validators relay a withdraw request that wasn't originated on the source chain (CRITICAL).

    Destination tokens are not upgradable

    Tokens on the destination end up as wrapped ERC20 proxies that are not upgradable, using EIP-1167.

    Permissions

    The system uses the following set of permissioned addresses:

    OwnerMultisig 0xD2C3…D192

    Multisig controlling the ProxyAdmin, potentially stealing all locked funds. This is a Gnosis Safe with 2 / 5 threshold.

    OwnerMultisig participants 0x5F1A…E6B50x8698…4Ac30xdAeD…8C360x5C40…5cD40xbD8D…9817

    Those are the participants of the OwnerMultisig.

    ProxyAdmin 0xdE2B…1Ec8

    Contract allowed to upgrade the Bridge, its flow rate control and the Axelar adaptor.

    Smart contracts
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    The system consists of the following smart contracts:

    Bridge 0xBa5E…3eB6Implementation (Upgradable)Admin

    Main escrow for tokens. This contract stores the following tokens: IMX, USDC, GOG.

    Can be upgraded by: ProxyAdmin

    Upgrade delay: No delay

    RootAxelarBridgeAdaptor 0x4f49…8932Implementation (Upgradable)Admin

    Axelar adaptor contract used by the bridge.

    Can be upgraded by: ProxyAdmin

    Upgrade delay: No delay

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).