L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!
Multichain
...
Choose token
USD Coin (USDC)
Alchemy (ACH)
Ether (ETH)
Frax Share (FXS)
Alchemix USD (alUSD)
Spell Token (SPELL)
Tether USD (USDT)
Request Token (REQ)
ChainLink Token (LINK)
Wrapped BTC (WBTC)
Orbs (ORBS)
Dai Stablecoin (DAI)
Wrapped Ether (WETH)
SushiToken (SUSHI)
Frax (FRAX)Milestones
fastMPC was introduced
2022 Sep 21st
It is an upgrade of the network that is used to check cross chain messages.
anyCall was introduced
2022 Apr 11th
This is the generic cross-chain mechanism that Multichain uses.
Contracts hacked for $3M
2022 Jan 18th
Multiple critical vulnerabilities were found in the contracts.
Description
Multichain is an externally validated bridge. It uses a network of nodes running SMPC (Secure Multi Party Computation) protocol. It supports dozens of blockchains and thousands of tokens with both Token Bridge and Liquidity Network.
If you find something wrong on this page you can submit an issue or edit the information.
Risk summary
Funds can be stolen if
Funds can be lost if
Funds can be frozen if
Users can be censored if
Technology
Principle of operation
Multichain (formerly AnySwap) is a Hybrid Bridge that, depending on a token, can act as a Token Bridge or as a Liquidity Network. It uses multiple escrows on a source chain (one per each destination) in addition to tokenized Liquidity Pools (anyToken contracts) - one anyToken contract per token. It uses an on-chain Router that, depending on the token/destination will choose either TokenBridge or Liquidity Network to bridge assets.
Transfers are externally verified
Outgoing transfers are being watched by external entities that - utilizing MPC (MultiParty Computation) - sign off token minting (for Token Bride) or token swap (for Liquidity Network). Incoming transfers work similarly - tokens burned on a source chain release tokens from escrow on a destination chain.
Funds can be stolen if MPC nodes decide to maliciously takeover them or there is an external exploit which will result in signing malicious transaction (CRITICAL).
Users can be censored if MPC nodes decide to censor certain transactions (CRITICAL).
Funds can be lost if MPC nodes lose the private key (CRITICAL).
Funds can be frozen if MPC nodes decide to stop processing transfers (CRITICAL).
Destination tokens
Type of the token received on the destination chain depends on the token. Users may receive wrapped Token, canonical Token or anyToken that can be considered to be an IOU for the canonical Token.
Funds can be stolen if destination token contract is maliciously upgraded or not securely implemented (CRITICAL).
Permissions
The system uses the following set of permissioned addresses:
Privileged account that received funds from Ethereum source escrow without corresponding burn on the destination chain. These funds were bridged to different chains and used to supply liquidity for various anyTokens. Users have to trust this account that it never tries to redeem held anyTokens for the underlying canonical token.
Account controlled by the MPC nodes. Can set minters for anyTokens. Can access liquidity in anyTokens.
Smart contracts
The system consists of the following smart contracts:
Multichain Liquidity Network Router V4.
Multichain Liquidity Network Router V6.
