Multichain

L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!

Description

In July 2021 millions of dollars of user funds from the Multichain escrow addresses were taken out by validators to supply liquidity to Any tokens on various chains. Multichain declares it as a shared liquidity managed by SMPC tool to promote the routing paths between chains and help reduce bridge fee for users. As a result there is more tokens minted (e.g. DAI on Fantom) than there are tokens directly backing them in escrow.

Multichain is an externally validated bridge. It uses a network of nodes running SMPC (Secure Multi Party Computation) protocol. It supports dozens of blockchains and thousands of tokens with both Token Bridge and Liquidity Network.

If you find something wrong on this page you can submit an issue or edit the information.

Risk summary

Note: This project's overview requires more research and might not present accurate information. If you want to contribute you can edit the information on Github. Alternatively you contact the project team on Twitter and encourage them to contribute a PR.

Technology

Principle of operation

Multichain (formerly AnySwap) is a Hybrid Bridge that, depending on a token, can act as a Token Bridge or as a Liquidity Network. It uses multiple escrows on a source chain (one per each destination) in addition to tokenized Liquidity Pools (anyToken contracts) - one anyToken contract per token. It uses an on-chain Router that, depending on the token/destination will choose either TokenBridge or Liquidity Network to bridge assets.

Transfers are externally verified

Outgoing transfers are being watched by external entities that - utilizing MPC (MultiParty Computation) - sign off token minting (for Token Bride) or token swap (for Liquidity Network). Incoming transfers work similarly - tokens burned on a source chain release tokens from escrow on a destination chain.

Funds can be stolen if MPC nodes decide to maliciously takeover them or there is an external exploit which will result in signing malicious transaction (CRITICAL).
Users can be censored if MPC nodes decide to censor certain transactions (CRITICAL).
Funds can be lost if MPC nodes lose the private key (CRITICAL).
Funds can be frozen if MPC nodes decide to stop processing transfers (CRITICAL).

Destination tokens

Type of the token received on the destination chain depends on the token. Users may receive wrapped Token, canonical Token or anyToken that can be considered to be an IOU for the canonical Token.

Funds can be stolen if destination token contract is maliciously upgraded or not securely implemented (CRITICAL).

Permissioned Addresses

The system uses the following set of permissioned addresses:

Multichain "Liquidity Tool" 0x5E58…6F00

Privileged account that received funds from Ethereum source escrow without corresponding burn on the destination chain. These funds were bridged to different chains and used to supply liquidity for various anyTokens. Users have to trust this account that it never tries to redeem held anyTokens for the underlying canonical token.

Multichain MPC 0x2A03…A869

Account controlled by the MPC nodes. Can set minters for anyTokens. Can access liquidity in anyTokens.