L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!

Omni Bridge logoOmni Bridge


...


Tokens:

Description

Omni Bridge is the official bridge of Gnosis Chain. It uses a set of trusted validators to confirm deposits for a Lock-Mint swap. Tokens sent to the bridge escrow can be further sent to yield generating contracts (e.g. AAVE) to accrue interest for external recipient, although this functionality has been disabled at the time of Ethereum Merge.

If you find something wrong on this page you can submit an issue or edit the information.

Risk summary

Note: This project's overview requires more research and might not present accurate information. If you want to contribute you can edit the information on Github. Alternatively you contact the project team on Twitter and encourage them to contribute a PR.

Technology

Principle of operation

This is a Lock-Mint bridge that takes ownership of tokens in escrow contracts on Ethereum and mints "representation tokens" on the Gnosis Chain. When bridging back to Ethereum, tokens are burned on the Gnosis Chain and then released from the escrow on Ethereum. Tokens in Ethereum escrow are not effectively locked, as deposited tokens can be invested to generate yield (interest is intended to go to GnosisDAO). Bridge contract enables its owner (currently 7/16 Multisig) to specify or disable a separate external contract with investment logic. Currently investment contracts have been disabled around the time of the Ethereum Merge. Previously used investment contract sent part of deposited USDC and USDT to Aave. A special care needs to be taken when bridging xDai token that is native to Gnosis Chain. There's a separate bridge for xDai and Omni bridge should not be used, as it mints non-native "representation version" of xDai.

Transfers are externally verified

Omni bridge is built on top of Arbitrary Message Bridge (AMB), a trusted cross-chain message relaying mechanism currently validated by a 4/6 Validator MultiSig. A separate Governor 7/16 Multisig is used for updating validator set, signature thresholds, bridge parameters and bridge contracts. For Omni bridge, messages are passed between "Mediator" contracts deployed on both chains. When user deposits a token to Mediator escrow on Ethereum, an AMB message is passed to Mediator on Gnosis chain, which mints a "representation token", optionally deploying a necessary token contract on Gnosis chain if this is the first time this token is transferred. Transfers from Gnosis chain to Ethereum use the same mechanism in the opposite direction but tokens on Gnosis are burned and tokens on Ethereum are released from escrow.

  • Users can be censored if validators decide to not pass selected messages between chains (CRITICAL).

  • Funds can be stolen if validators relay a fake message to Gnosis chain to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).

  • Funds can be stolen if validators relay a fake message to Ethereum chain allowing a user to withdraw tokens from Ethereum escrow when equivalent amount of tokens has not been deposited and burned on Gnosis chain (CRITICAL).

  • Funds can be stolen if there's an exploit in contracts that invest user deposit (CRITICAL).

  • Funds can be frozen if validators don't relay messages between chains.

  • Funds can be frozen if there's insufficient liquidity of requested token in escrow and Aave.

  1. Omnibridge documentation

Permissioned Addresses

The system uses the following set of permissioned addresses:

Bridge Governance 7/16 MultiSig 0x42F3…A3F6

Can update bridge contracts, validator set, signature thresholds and bridge parameters

Bridge Validators

Smart Contracts

The system consists of the following smart contracts:

Arbitrary Message Bridge (behind custom upgradeable proxy).

ForeignOmnibridge (Mediator Contract, Escrow) 0x88ad…5671Implementation (Upgradable)Admin

Mediator Contract and Escrow. This contract stores the following tokens: GNO, LINK.

Validator Management Contract, acts as 4/6 MultiSig.

AAVEInterestERC20 0x87D4…e729

Recently used investment contract which sends specified amount of deposited USDC & USDT tokens to Aave. Governed by 7/16 Bridge Governance Multisig.

The current deployment carries some associated risks:

  • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).