L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!
pNetwork
| Website | p.network |
|---|---|
| App | dapp.ptokens.io |
| Docs | docs.p.network/en/home |
| Repository | github.com/provable-things |
| Social | pNetworkDefiprovablethings@pNetworkDeFi |
...
Choose token
Gala (GALA)
pNetwork Token (PNT)
Tether USD (USDT)
USD Coin (USDC)
0x Protocol Token (ZRX)
LoopringCoin V2 (LRC)
Basic Attention Token (BAT)
Dai Stablecoin (DAI)
Ultra Token (UOS)
Wrapped Ether (WETH)pGALA token on BSC exploit
2022 Nov 5th
Due to the misconfiguration of BSC the exploiter took over the control of pGALA tokens.
Mainnet Launch of pNetwork v2
2022 Oct 18th
Whitelist got removed, there are no restrictions on who can transact with the network.
pBTC token on BSC exploit
2021 Sep 21st
Due to the bug in the validators code, unauthorized token transfers were processed on BTC.
pNetwork rebranding
2020 Sep 16th
Provable Things, pTokens and Eidoo gets rebranded as pNetwork.
pNetwork aims to be a decentralized system facilitating cross-chain movement of assets.
It is built as a simple Token Bridge that uses a single EOA address to move assets across. For a typical token transfer, “pToken” is minted on the destination chain.
Funds can be stolen if
- validators allow to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL),
- validators sign a fraudulent message allowing themselves to withdraw all locked funds (CRITICAL),
- destination token contract is maliciously upgraded (CRITICAL),
- a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
Users can be censored if
Principle of operation
This is a Token Bridge that locks tokens in the escrow contracts on Ethereum and mints “pTokens” on the destination network. The validation of cross-chain transactions is performed by a group of Validators running MPC protocol that control one EOA address on Ethereum.
Transfers are externally verified
External Validators observe events on pNetwork bridge and sign transfer requests on destination chain. On Ethereum a single EOA address controls such transfers.
Users can be censored if validators decide to stop processing certain transactions (CRITICAL).
Funds can be stolen if validators allow to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).
Funds can be stolen if validators sign a fraudulent message allowing themselves to withdraw all locked funds (CRITICAL).
Destination tokens
Tokens transferred end up as their wrapped representation (pTokens). Note: on November 2022, due to misconfiguration, control over pGALA token on BSC was taken over by an unknown attacker that could have resulted in minting unlimited amount of unbacked pGALA tokens.
Funds can be stolen if destination token contract is maliciously upgraded (CRITICAL).
The system uses the following set of permissioned addresses:
A set of EOA addresses (different ones for different Vault contracts) that can transfer tokens and perform admin functions. It is supposed to be controlled by a group of Validator nodes in a MPC network.
A voting contract that controls the inflation withdrawal logic of PNT token.
Can upgrade ERC20 Vault V2. This is a Gnosis Safe with 2 / 4 threshold.
Those are the participants of the pNetwork Multisig.
The system consists of the following smart contracts:
Has special logic for handling inflation of PNT token. This contract stores the following tokens: GALA, PNT, USDT, USDC.
This contract stores the following tokens: WETH, LRC, BAT, DAI, ZRX, PNT.
This contract stores the following tokens: UOS.
Proxy owner of ERC20 Vault v2.
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).