L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!

Multichain logoMultichain

In July 2021 millions of dollars of user funds from the Multichain escrow addresses were taken out by validators to supply liquidity to Any tokens on various chains. Multichain declares it as a shared liquidity managed by SMPC tool to promote the routing paths between chains and help reduce bridge fee for users. As a result there is more tokens minted (e.g. DAI on Fantom) than there are tokens directly backing them in escrow.
  • Total value locked$159 M25.33%
  • Destination
    Various
  • Validated by
    Third Party
  • TypeHybrid

    • ...

    Tokens:

    Milestones

    fastMPC was introduced

    2022 Sep 21st

    It is an upgrade of the network that is used to check cross chain messages.

    Learn more

    anyCall was introduced

    2022 Apr 11th

    This is the generic cross-chain mechanism that Multichain uses.

    Learn more

    Contracts hacked for $3M

    2022 Jan 18th

    Multiple critical vulnerabilities were found in the contracts.

    Learn more

    Anyswap rebrands to Multichain

    2021 Dec 16th

    Learn more
    Show more

    Knowledge Nuggets

    Multichain deep dive

    Learn more

    Multichain escrow problem

    Learn more

    Description

    In July 2021 millions of dollars of user funds from the Multichain escrow addresses were taken out by validators to supply liquidity to Any tokens on various chains. Multichain declares it as a shared liquidity managed by SMPC tool to promote the routing paths between chains and help reduce bridge fee for users. As a result there is more tokens minted (e.g. DAI on Fantom) than there are tokens directly backing them in escrow.

    Multichain is an externally validated bridge. It uses a network of nodes running SMPC (Secure Multi Party Computation) protocol. It supports dozens of blockchains and thousands of tokens with both Token Bridge and Liquidity Network.

    If you find something wrong on this page you can submit an issue or edit the information.

    Risk summary

    Funds can be stolen if

    1. MPC nodes decide to maliciously takeover them or there is an external exploit which will result in signing malicious transaction (CRITICAL),
    2. destination token contract is maliciously upgraded or not securely implemented (CRITICAL).

    Funds can be lost if

    1. MPC nodes lose the private key (CRITICAL).

    Funds can be frozen if

    1. MPC nodes decide to stop processing transfers (CRITICAL).

    Users can be censored if

    1. MPC nodes decide to censor certain transactions (CRITICAL).
    Note: This project's overview requires more research and might not present accurate information. If you want to contribute you can edit the information on Github. Alternatively you contact the project team on Twitter and encourage them to contribute a PR.

    Technology

    Principle of operation

    Multichain (formerly AnySwap) is a Hybrid Bridge that, depending on a token, can act as a Token Bridge or as a Liquidity Network. It uses multiple escrows on a source chain (one per each destination) in addition to tokenized Liquidity Pools (anyToken contracts) - one anyToken contract per token. It uses an on-chain Router that, depending on the token/destination will choose either TokenBridge or Liquidity Network to bridge assets.

    Transfers are externally verified

    Outgoing transfers are being watched by external entities that - utilizing MPC (MultiParty Computation) - sign off token minting (for Token Bride) or token swap (for Liquidity Network). Incoming transfers work similarly - tokens burned on a source chain release tokens from escrow on a destination chain.

    • Funds can be stolen if MPC nodes decide to maliciously takeover them or there is an external exploit which will result in signing malicious transaction (CRITICAL).

    • Users can be censored if MPC nodes decide to censor certain transactions (CRITICAL).

    • Funds can be lost if MPC nodes lose the private key (CRITICAL).

    • Funds can be frozen if MPC nodes decide to stop processing transfers (CRITICAL).

    Destination tokens

    Type of the token received on the destination chain depends on the token. Users may receive wrapped Token, canonical Token or anyToken that can be considered to be an IOU for the canonical Token.

    • Funds can be stolen if destination token contract is maliciously upgraded or not securely implemented (CRITICAL).

    Permissions

    The system uses the following set of permissioned addresses:

    Multichain "Liquidity Tool" 0x5E58…6F00

    Privileged account that received funds from Ethereum source escrow without corresponding burn on the destination chain. These funds were bridged to different chains and used to supply liquidity for various anyTokens. Users have to trust this account that it never tries to redeem held anyTokens for the underlying canonical token.

    Multichain MPC 0x2A03…A869

    Account controlled by the MPC nodes. Can set minters for anyTokens. Can access liquidity in anyTokens.

    Smart Contracts

    Note: This section requires more research and might not present accurate information.

    The system consists of the following smart contracts:

    AnyswapV4Router 0x6b7a…1522

    Multichain Liquidity Network Router V4.

    AnyswapV6Router 0xBa8D…0705

    Multichain Liquidity Network Router V6.