L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!
Optics is a general messaging bridge that uses optimistic verification to validate cross-chain bridging transactions. Version 2 of the bridge was deployed after Celo governance lost control over the governors MultiSig keys.
Optics Bridge is a Token Bridge with ability to facilitate fast transfers via additional LP-provided liquidity. For deposits, it locks tokens in the escrow contracts on Ethereum and mints a “representation token” on the destination network. When bridging back to Ethereum tokens are burned and then released from the escrow on Ethereum.
Messages on the source (home) chain are periodically signed by Updater. Updater cannot censor messages and if it refuses to attest them, it can be changed by the governance. Once message batch is attested, it is relayed to the destination (replica) by the permissionless Relayers. After the 3h fraud proof window messages can be delivered to the destination contract. During the fraud proof window, if malicious Updater tries to relay invalid message batch, anyone can submit a fraud proof to the source (home) chain slashing Updater and stopping home contract. On the destination messages cannot be stopped, so receiving contracts have to be independently notified to not process messages. Currently this mechanism is not implemented.
Users can be censored if updater fails to attest messages and governance does not change the Updater.
Funds can be stolen if updater manages to relay a fraudulent message batch.
Funds can be stolen if destination contract does not block receiving fraudulent messages.
Tokens transferred end up as “representation tokens” some of them may be upgradable.
Funds can be stolen if destination token contract is maliciously upgraded (CRITICAL).
Manages Optics V1 bridge components via GovernanceRouter contract. This is a Gnosis Safe with 3 / 7 threshold.
Manages Optics V1 bridge recovery via GovernanceRouter contract. This is a Gnosis Safe with 4 / 7 threshold.
Permissioned account that can update message roots.
Watchers can unenroll, i.e. stop receiving messages, from a given Replica.
Contract managing list of connections to other chains (domains) and list of watchers.
Contract allowing Home to slash Updater. Currently does nothing, intended for future functionality.
Contract managing Beacons.
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).