Description
Orbit Bridge is part of the Orbit Chain project. It is a cross-chain bridge that allows users to transfer tokens between supported blockchains. Tokens are deposited on the source chain and "representation tokens" are minted on the destination chain. Deposited tokens are not precisely locked and can be used in DeFi protocols by Orbit Farm. Accrued interest is not passed directly to token depositors. Bridge contract implementation and farm contract source code are not verified on Etherscan!
If you find something wrong on this page you can submit an issue or edit the information.
Risk summary
Funds can be stolen if
- validators relay a fake message to a destination chain to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL),
- validators relay a fake message to Ethereum chain allowing a user to withdraw tokens from Ethereum escrow when equivalent amount of tokens has not been deposited and burned on destination chain (CRITICAL),
- there's an exploit in contracts that invest user deposit (CRITICAL),
- a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
Funds can be frozen if
Users can be censored if
Technology
Principle of Operation
Orbit Bridge is a cross-chain bridge that allows users to transfer tokens between different blockchains. Tokens are deposited on the source chain and "representation tokens" are minted on the destination chain. When a user deposits tokens to an escrow contract on Ethereum, a message is relayed to a group o validators via Orbit Hub contract on Orbit chain to a minter contract on a destination chain, where "representation tokens" are minted. Deposited tokens are not locked and can be used in DeFi protocols by Orbit Farm. When a user deposits minted tokens on the destination chain, they are burned and a message is relayed to validators through Orbit Hub contract on Orbit chain to Ethereum vault, which releases the tokens if enough liquidity is available. Bridge contract implementation and farm contract source code are not verified on Etherscan.
Validation
Orbit Bridge actors include Operators and Validators. Operators relay data between Orbit Chain and supported chains, while Validators build multi-sig based consensus on validity of transactions.
Users can be censored if validators decide to not pass selected messages between chains (CRITICAL).
Funds can be stolen if validators relay a fake message to a destination chain to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).
Funds can be stolen if validators relay a fake message to Ethereum chain allowing a user to withdraw tokens from Ethereum escrow when equivalent amount of tokens has not been deposited and burned on destination chain (CRITICAL).
Funds can be stolen if there's an exploit in contracts that invest user deposit (CRITICAL).
Funds can be frozen if validators don't relay messages between chains.
Funds can be frozen if there's insufficient liquidity of requested token in escrow.
Permissioned Addresses
The system uses the following set of permissioned addresses:
Participants of Bridge Governance 6/9 Orbit MultiSig.
Smart Contracts
The system consists of the following smart contracts:
Bridge contract, Proxy, Escrow, Governance. Source code of implementation is not verified on Etherscan. This contract stores the following tokens: ETH, USDT, DAI, USDC, WBTC, MATIC.
This contract stores the following tokens: cUSDT.
This contract stores the following tokens: cDAI.
This contract stores the following tokens: cUSDC.
This contract stores the following tokens: cWBTC.
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
Website | bridge.orbitchain.ioorbitchain.io/about |
---|---|
Social media | @Orbit_ChainOrbitChainGlobaldiscord.gg |
App | bridge.orbitchain.io |
Documentation | bridge-docs.orbitchain.io |
Explorer | bridge.orbitchain.io/history/token/ALLexplorer.orbitchain.io |
Source code | github.com/orbit-chain |