Description
pNetwork aims to be a decentralized system facilitating cross-chain movement of assets. It is built as a simple Token Bridge that uses a single EOA address to move assets across. For a typical token transfer, "pToken" is minted on the destination chain.
If you find something wrong on this page you can submit an issue or edit the information.
Risk summary
Funds can be stolen if
- validators allow to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL),
- validators sign a fraudulent message allowing themselves to withdraw all locked funds (CRITICAL),
- destination token contract is maliciously upgraded (CRITICAL),
- a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
Users can be censored if
Technology
Principle of operation
This is a Token Bridge that locks tokens in the escrow contracts on Ethereum and mints "pTokens" on the destination network. The validation of cross-chain transactions is performed by a group of Validators running MPC protocol that control one EOA address on Ethereum.
Transfers are externally verified
External Validators observe events on pNetwork bridge and sign transfer requests on destination chain. On Ethereum a single EOA address controls such transfers.
Users can be censored if validators decide to stop processing certain transactions (CRITICAL).
Funds can be stolen if validators allow to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).
Funds can be stolen if validators sign a fraudulent message allowing themselves to withdraw all locked funds (CRITICAL).
Destination tokens
Tokens transferred end up as their wrapped representation (pTokens). Note: on November 2022, due to misconfiguration, control over pGALA token on BSC was taken over by an unknown attacker that could have resulted in minting unlimited amount of unbacked pGALA tokens.
Funds can be stolen if destination token contract is maliciously upgraded (CRITICAL).
Permissioned Addresses
The system uses the following set of permissioned addresses:
A set of EOA addresses (different ones for different Vault contracts) that can transfer tokens and perform admin functions. It is supposed to be controlled by a group of Validator nodes in a MPC network.
Proxy owner of ERC20Vault v2
2/4 MSig - owner of PProxyAdmin
Smart Contracts
The system consists of the following smart contracts:
pNetwork ERCVault v2 for ERC20 with special logic for handling inflation of PNT token. This contract stores the following tokens: GALA, PNT, USDT, USDC.
ERC20Vault for UOS token. This contract stores the following tokens: UOS.
ERC20Vault for other ERC20 tokens. This contract stores the following tokens: WETH, LRC, BAT, DAI, ZRX, PNT.
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
Website | p.network |
---|---|
Social media | pNetworkDefiprovablethings.medium.com@pNetworkDeFi |
App | dapp.ptokens.io |
Documentation | docs.p.network/en/home |
Source code | github.com/provable-things |
Milestones
pGALA token on BSC exploit
2022 Nov 5th
Due to the misconfiguration of pGALA token on BSC the exploiter took over the control of pGALA tokens.
Learn moreMainnet Launch of pNetwork v2
2022 Oct 18th
Whitelist got removed, there are no restrictions on who can transact with the network.
Learn morepBTC token on BSC exploit
2021 Sep 21st
Due to the the bug in the validators code, unauthorized token transfers were processed on BTC.
Learn morepNetwork rebranding
2020 Sep 16th
Provable Things, pTokens and Eidoo gets rebranded as pNetwork.
Learn more