Omnibridge – L2BEAT

Website	omni.gnosischain.com
App	omni.gnosischain.com
Docs	docs.gnosischain.com/bridges/tokenbridge/omnibridge
Explorer	gnosisscan.io explorer.anyblock.tools/ethereum/poa/xdai blockscout.com/xdai/mainnet beacon.gnosischain.com xdai.tokenview.io
Repository	github.com/omni github.com/gnosischain
Social	@gnosischain Discord gnosischain

Omnibridge is the official bridge of Gnosis Chain.

It uses a set of trusted validators to confirm deposits for a Lock-Mint swap. Tokens sent to the bridge escrow can be further sent to yield generating contracts (e.g. AAVE) to accrue interest for external recipient, although this functionality has been disabled at the time of Ethereum Merge.

Risk summary

Principle of operation

This is a Lock-Mint bridge that takes ownership of tokens in escrow contracts on Ethereum and mints “representation tokens” on the Gnosis Chain. When bridging back to Ethereum, tokens are burned on the Gnosis Chain and then released from the escrow on Ethereum. Tokens in Ethereum escrow are not effectively locked, as deposited tokens can be invested to generate yield (interest is intended to go to GnosisDAO). Bridge contract enables its owner (BridgeGovernance) to specify or disable a separate external contract with investment logic. Currently investment contracts have been disabled around the time of the Ethereum Merge. Previously used investment contract sent part of deposited USDC and USDT to Aave. A special care needs to be taken when bridging xDai token that is native to Gnosis Chain.

Incoming transfers are externally verified

Incoming messages to Ethereum are managed by the Arbitrary Message Bridge (AMB), a trusted message relaying mechanism currently validated by a 4 / 8 Validator MultiSig. The GovernanceMultisig is used for updating validator set, signature thresholds, bridge parameters and bridge contracts. For Omnibridge, messages are passed between “Mediator” contracts deployed on both chains. When user deposits a token to Mediator escrow on Ethereum, an AMB message is passed to Mediator on Gnosis chain, which mints a “representation token”, optionally deploying a necessary token contract on Gnosis chain if this is the first time this token is transferred. Transfers from Gnosis chain to Ethereum use the same mechanism in the opposite direction but tokens on Gnosis are burned and tokens on Ethereum are released from escrow. Outgoing messages are verified on the Gnosis chain using a ZK Ethereum light client.

Users can be censored if validators decide to not pass selected messages between chains (CRITICAL).
Funds can be stolen if validators relay a fake message to Gnosis chain to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).
Funds can be stolen if validators relay a fake message to Ethereum chain allowing a user to withdraw tokens from Ethereum escrow when equivalent amount of tokens has not been deposited and burned on Gnosis chain (CRITICAL).
Funds can be stolen if there's an exploit in contracts that invest user deposit (CRITICAL).
Funds can be frozen if validators don't relay messages between chains.
Funds can be frozen if there's insufficient liquidity of requested token in escrow and Aave.

Omnibridge documentation

Destination tokens

Users receive wrapped ERC677 tokens on Gnosis Chain. There’s a separate bridge for xDai and Omnibridge should not be used, as it mints non-native “representation version” of xDai.

Permissions