Search

Search for projects by name

L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our Discord to suggest improvements!

Gnosis Bridge logoGnosis Bridge

About

Gnosis Bridge unites the former token bridges Omnibridge and xDai bridge as the official bridge between Gnosis Chain and Ethereum.


  • Total value secured
  • Destination
    Gnosis Chain
  • Validated by
    Multisig (4/7)
  • Type
    Single-chain

  • About

    Gnosis Bridge unites the former token bridges Omnibridge and xDai bridge as the official bridge between Gnosis Chain and Ethereum.

    Value Secured

    2024 May 08 — 2025 May 08

    Detailed description

    Gnosis Bridge unites the former token bridges Omnibridge and xDai bridge as the official bridge between Gnosis Chain and Ethereum.

    It uses a set of trusted validators to verify deposits for lock-mint bridging. Tokens sent to the bridge escrow can be further sent to yield generating contracts (e.g. AAVE, Spark) by permissioned actors to accrue interest.

    Risk summary
    Technology

    Principle of operation

    The Gnosis bridge is comprised of two standard multisig-validated token bridges (Omni and xDAI) with similar architecture and validators. While the xDAI bridge is only used for bridging DAI-related tokens (xDAI is Gnosis Chains gas token), the Omni bridge can be used to bridge many other ERC-20 tokens. Both bridges on ethereum are served by external validators that sign bridge messages via custom multisigs. Assets that are locked in one of the escrows on ethereum can be ‘invested’ by permissioned actors to generate yield. In the case of DAI / sDAI (Spark protocol), the yield is handed down to sDAI users on Gnosis Chain. The addition of Hashi (EVM Hash Oracle Aggregator) and light clients for message validation is being tested but remains optional for now.

    Incoming transfers are externally verified

    Incoming messages to Ethereum are validated by Multisigs with publicly known entities as their signers. The DAI bridge validators are validated by the 4/7 BridgeValidators_DAI Multisig and the Omni bridge by the 4/7 BridgeValidators_Omni Multisig. Only messages signed by at least the threshold amount of validators from the respective multisig are accepted for releasing funds from the escrow contract or for executing messages.

    • Users can be censored if validators decide to not pass selected messages between chains.

    • Funds can be stolen if validators sign a malicious message to mint or release tokens that they did not burn or lock on the other side.

    • Funds can be frozen if validators don't relay messages between chains.

    1. Gnosis bridge documentation

    Destination tokens

    Users receive wrapped ERC677 tokens on Gnosis Chain. There’s a separate bridge for Dai.

    Other considerations

    Rehypothecation

    User assets in the bridge escrow are not locked and can be moved by permissioned actors. This is usually done to generate yield, which can then be forwarded to the users.

    • Funds can be stolen if there's an exploit in external contracts that are used to invest user deposits.

    • Funds can be frozen if there are not enough tokens in the escrow to service withdrawals due to investing.

    Permissions

    Ethereum

    Roles:

    Permissioned to sign crosschain messages, attesting to their validity.

    Actors:

    Gnosis Bridge Multisig 0x42F3…A3F6
    • A Multisig with 8/16 threshold.
    • Is allowed to interact with DaiForeignBridge - change all critical configurations like fees, yield farming for escrowed funds, limits, validating contract references.
    • Is allowed to interact with ForeignAMB - change external validation logic refered to by this contract (e.g. Hashi).
    • Is allowed to interact with ForeignOmnibridge - change all critical configurations like yield farming for escrowed funds and limits.
    • Is allowed to interact with BridgeValidators_DAI, BridgeValidators_Omni - change the threshold and manage signers.
    • Can upgrade the implementation of DaiForeignBridge, ForeignAMB, ForeignOmnibridge, BridgeValidators_DAI, BridgeValidators_Omni.
    BridgeValidators_DAI 0xe157…201E
    • A Multisig with 4/7 threshold.
    • Custom multisignature contract for Validator addresses.
    • A Validator.
    BridgeValidators_Omni 0xed84…4064
    • A Multisig with 4/7 threshold.
    • Custom multisignature contract for Validator addresses.
    • A Validator.
    Hashi Multisig 0x670a…0957
    • A Multisig with 2/4 threshold.
    • Is allowed to interact with HashiManager_Omni, HashiManager_DAI - change critical configurations of the Hashi protocol like the validation contract addresses.

    Can upgrade the implementation of HashiManager_Omni, HashiManager_DAI.

    Smart contracts
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    Ethereum

    Token bridge implementation and escrow for DAI-related tokens. Escrowed Dai can be invested in the Spark protocol for sDai. This contract stores the following tokens: cDAI, DAI, sDAI.

    Arbitrary Message Bridge validated by the BridgeValidators. Can be used for token bridges or any other cross-chain messaging.

    Token bridge implementation and escrow for ERC-20 tokens. This contract can store any token.

    Contract handling inbound messages for the Hashi protocol.

    TokenFactory 0x71d5…0424
    LayerZeroAdapter 0x7606…E418
    PermittableToken 0x7c24…54b3

    A hub contract for the Hashi protocol, an EVM Hash Oracle Aggregator.

    Can be upgraded by:

    A hub contract for the Hashi protocol, an EVM Hash Oracle Aggregator.

    Can be upgraded by:

    Contract handling outbound messages for the Hashi protocol.

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).