L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!

Omnibridge logoOmnibridge

Omnibridge is the official bridge of Gnosis Chain.
  • Total value locked
    $652.52 M0.56%
  • Destination
    Gnosis Chain
  • Validated by
    Third Party
  • Type
    Token Bridge
  • ...

    Tokens

    Choose token

    Bridged Tokens (Top 15)

    Gnosis Token (GNO)
    Wrapped liquid staked Ether 2.0 (wstETH)
    Trace Token (TRAC)
    Wrapped Ether (WETH)
    USD Coin (USDC)
    Tether USD (USDT)
    Wrapped BTC (WBTC)
    Balancer (BAL)
    ChainLink Token (LINK)
    Graph Token (GRT)
    Curve DAO Token (CRV)
    Dai Stablecoin (DAI)
    Rocket Pool ETH (rETH)
    Matic Token (MATIC)
    Liquid staked Ether 2.0 (stETH)
    Detailed description

    Omnibridge is the official bridge of Gnosis Chain.

    It uses a set of trusted validators to confirm deposits for a Lock-Mint swap. Tokens sent to the bridge escrow can be further sent to yield generating contracts (e.g. AAVE) to accrue interest for external recipient, although this functionality has been disabled at the time of Ethereum Merge.

    Risk summary
    Technology

    Principle of operation

    This is a Lock-Mint bridge that takes ownership of tokens in escrow contracts on Ethereum and mints “representation tokens” on the Gnosis Chain. When bridging back to Ethereum, tokens are burned on the Gnosis Chain and then released from the escrow on Ethereum. Tokens in Ethereum escrow are not effectively locked, as deposited tokens can be invested to generate yield (interest is intended to go to GnosisDAO). Bridge contract enables its owner (BridgeGovernance) to specify or disable a separate external contract with investment logic. Currently investment contracts have been disabled around the time of the Ethereum Merge. Previously used investment contract sent part of deposited USDC and USDT to Aave. A special care needs to be taken when bridging xDai token that is native to Gnosis Chain.

    Incoming transfers are externally verified

    Incoming messages to Ethereum are managed by the Arbitrary Message Bridge (AMB), a trusted message relaying mechanism currently validated by a 4 / 8 Validator MultiSig. The GovernanceMultisig is used for updating validator set, signature thresholds, bridge parameters and bridge contracts. For Omnibridge, messages are passed between “Mediator” contracts deployed on both chains. When user deposits a token to Mediator escrow on Ethereum, an AMB message is passed to Mediator on Gnosis chain, which mints a “representation token”, optionally deploying a necessary token contract on Gnosis chain if this is the first time this token is transferred. Transfers from Gnosis chain to Ethereum use the same mechanism in the opposite direction but tokens on Gnosis are burned and tokens on Ethereum are released from escrow. Outgoing messages are verified on the Gnosis chain using a ZK Ethereum light client.

    • Users can be censored if validators decide to not pass selected messages between chains (CRITICAL).

    • Funds can be stolen if validators relay a fake message to Gnosis chain to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).

    • Funds can be stolen if validators relay a fake message to Ethereum chain allowing a user to withdraw tokens from Ethereum escrow when equivalent amount of tokens has not been deposited and burned on Gnosis chain (CRITICAL).

    • Funds can be stolen if there's an exploit in contracts that invest user deposit (CRITICAL).

    • Funds can be frozen if validators don't relay messages between chains.

    • Funds can be frozen if there's insufficient liquidity of requested token in escrow and Aave.

    1. Omnibridge documentation

    Destination tokens

    Users receive wrapped ERC677 tokens on Gnosis Chain. There’s a separate bridge for xDai and Omnibridge should not be used, as it mints non-native “representation version” of xDai.

    Permissions

    The system uses the following set of permissioned addresses:

    BridgeGovernance 0x42F3…A3F6

    Can update the contracts and parameters of the bridge. This is a Gnosis Safe with 8 / 16 threshold.

    List of actors that can validate incoming messages.

    Smart contracts

    The system consists of the following smart contracts on the host chain (Ethereum):

    Arbitrary Message Bridge validated by the BridgeValidators. The contract is pausable by BridgeGovernance.

    Can be upgraded by: BridgeGovernance

    Upgrade delay: No delay

    Mediator contract and escrow. This contract can store any token.

    Can be upgraded by: BridgeGovernance

    Upgrade delay: No delay

    Bridge validators contract, acts as a 4 / 8 multisig.

    Can be upgraded by: BridgeGovernance

    Upgrade delay: No delay

    AAVEInterestERC20 0x87D4…e729

    Contract that was used to invest token deposits to Aave.

    Can be upgraded by: BridgeGovernance

    Upgrade delay: No delay

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).