pNetwork aims to be a decentralized system facilitating cross-chain movement of assets. It is built as a simple Token Bridge that uses a single EOA address to move assets across. For a typical token transfer, "pToken" is minted on the destination chain.
Funds can be stolen if
- validators allow to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL),
- validators sign a fraudulent message allowing themselves to withdraw all locked funds (CRITICAL),
- destination token contract is maliciously upgraded (CRITICAL),
- a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
Users can be censored if
This is a Token Bridge that locks tokens in the escrow contracts on Ethereum and mints "pTokens" on the destination network. The validation of cross-chain transactions is performed by a group of Validators running MPC protocol that control one EOA address on Ethereum.
External Validators observe events on pNetwork bridge and sign transfer requests on destination chain. On Ethereum a single EOA address controls such transfers.
Users can be censored if validators decide to stop processing certain transactions (CRITICAL).
Funds can be stolen if validators allow to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).
Funds can be stolen if validators sign a fraudulent message allowing themselves to withdraw all locked funds (CRITICAL).
Tokens transferred end up as their wrapped representation (pTokens). Note: on November 2022, due to misconfiguration, control over pGALA token on BSC was taken over by an unknown attacker that could have resulted in minting unlimited amount of unbacked pGALA tokens.
Funds can be stolen if destination token contract is maliciously upgraded (CRITICAL).
The system uses the following set of permissioned addresses:
Proxy owner of ERC20Vault v2
2/4 MSig - owner of PProxyAdmin
The system consists of the following smart contracts:
ERC20Vault for UOS token. This contract stores the following tokens: UOS.
ERC20Vault for other ERC20 tokens. This contract stores the following tokens: WETH, LRC, BAT, DAI, ZRX, PNT.
The current deployment carries some associated risks:
Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).
pGALA token on BSC exploit
2022 Nov 5th
Due to the misconfiguration of pGALA token on BSC the exploiter took over the control of pGALA tokens.Learn more
Mainnet Launch of pNetwork v2
2022 Oct 18th
Whitelist got removed, there are no restrictions on who can transact with the network.Learn more
pBTC token on BSC exploit
2021 Sep 21st
Due to the the bug in the validators code, unauthorized token transfers were processed on BTC.Learn more
2020 Sep 16th
Provable Things, pTokens and Eidoo gets rebranded as pNetwork.Learn more
pBTC launch on Ethereum
2020 Mar 5th
Launch of the first pToken, pBTC on Ethereum.Learn more